reflora.jbrj.gov.br XSS vulnerability

2017-07-12T06:07:00
ID OBB:263216
Type openbugbounty
Reporter Random_Robbie
Modified 2017-08-23T06:15:00

Description

Vulnerable URL:
http://reflora.jbrj.gov.br/reflora/listaBrasil/ConsultaPublicaUC/BemVindoConsultaPublicaConsultar.do?invalidatePageControlCounter=1&idsFilhosAlgas;=[2]&idsFilhosFungos;=[1,11,10]&lingua;=&grupo;=5&genero;=Stemodia"'--!>&autor;=&nomeVernaculo;=&nomeCompleto;=&formaVida;=null&substrato;=null&ocorreBrasil;=QUALQUER&ocorrencia;=OCORRE&endemismo;=TODOS&origem;=TODOS&regiao;=QUALQUER&estado;=QUALQUER&ilhaOceanica;=32767&domFitogeograficos;=QUALQUER&bacia;=QUALQUER&vegetacao;=TODOS&mostrarAte;=SUBESP_VAR&opcoesBusca;=TODOS_OS_NOMES&loginUsuario;=Visitante&senhaUsuario;=&contexto;=consulta-publica
Details:

Description| Value
---|---
Patched:| No
Latest check for patch:| 23.08.2017
Vulnerability type:| XSS
Vulnerability status:| Publicly disclosed
Alexa Rank| Unknown / Not calculated
VIP website status:| No
Check reflora.jbrj.gov.br SSL connection:| (Grade: F)

Coordinated Disclosure Timeline:

Description| Value
---|---
Vulnerability submitted via Open Bug Bounty| 12 July, 2017 06:07 GMT
Generic security notifications sent to website owner| 12 July, 2017 06:09 GMT
Vulnerability details disclosed by researcher| 23 August, 2017 06:15 GMT