mississauga.ca XSS vulnerability

2017-07-23T20:09:00
ID OBB:267211
Type openbugbounty
Reporter Random_Robbie
Modified 2017-08-23T11:16:00

Description

Vulnerable URL:
http://www.mississauga.ca/portal/print;jsessionid=97A5D8C44023FF9BEC070BE0C722DDAF.node1-3?paf_gear_id=6500016&paf;_dm=shared&id;=45895&coaId;=13588&addressId;=106068"--!>"&rollNumber;=2105040154004500000&pin;=null&propDetailsTab;=yes&fireMap;=yes&action;=details&_DARGS=/gear/property/html/property/includes/top_nav.jsp_A:_D:/com/bell/ecity/portlet/maps/MapsUtilFormHandler.createUrl&_DAV=submit&_dynSessConf=3304628678790992009&mapUUID;=0&mapPin;=4589500
Details:

Description| Value
---|---
Patched:| No
Latest check for patch:| 23.08.2017
Vulnerability type:| XSS
Vulnerability status:| Publicly disclosed
Alexa Rank| 72462
VIP website status:| No
Check mississauga.ca SSL connection:| (Grade: A-)

Coordinated Disclosure Timeline:

Description| Value
---|---
Vulnerability submitted via Open Bug Bounty| 23 July, 2017 20:09 GMT
Generic security notifications sent to website owner| 24 July, 2017 11:05 GMT
Vulnerability details disclosed by researcher| 23 August, 2017 11:16 GMT