Lucene search

K
openbugbountySecuninjaOBB:264879
HistoryJul 16, 2017 - 9:46 a.m.

taag.com XSS vulnerability

2017-07-1609:46:00
secuninja
www.openbugbounty.org
7
Vulnerable URL:
http://www.taag.com/en/Search-results?Search=%22/%3E%27%3E%22%3EI%3Ci%3EI%3Csvg/onload=alert(/openbugbounty/)%3E
Details:
Description Value
Patched: No
Latest check for patch: 27.08.2017
Vulnerability type: XSS
Vulnerability status: Publicly disclosed
Alexa Rank 42071
VIP website status: Yes
Check taag.com SSL connection: (Grade: F)
Coordinated Disclosure Timeline:
Description Value
Vulnerability submitted via Open Bug Bounty 16 July, 2017 09:46 GMT
Generic security notifications sent to website owner 16 July, 2017 09:49 GMT
Notification sent to subscribers (without technical details) 16 July, 2017 10:17 GMT
Vulnerability details disclosed by researcher 27 August, 2017 10:15 GMT