ID OBB:274811
Type openbugbounty
Reporter Random_Robbie
Modified 2018-02-11T09:15:00
Description
Open Bug Bounty ID: OBB-274811
Description| Value
---|---
Affected Website:| gammon.com.au
Vulnerable Application:| Custom Code
Vulnerability Type:| XSS (Cross Site Scripting) / CWE-79
CVSSv3 Score:| 6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N]
Remediation Guide:| OWASP XSS Prevention Cheat Sheet
Vulnerable URL:
https://www.gammon.com.au/forum/bbshowpost.php/
Coordinated Disclosure Timeline
Description| Value
---|---
Vulnerability Reported:| 4 August, 2017 09:20 GMT
Vulnerability Verified:| 4 August, 2017 14:28 GMT
Website Operator Notified:| 4 August, 2017 14:28 GMT
Vulnerability Published:| 4 August, 2017 14:28 GMT[without any technical details]
Vulnerability Fixed:| 11 February, 2018 09:15 GMT
Public Disclosure:| 11 February, 2018 09:15 GMT
{"published": "2017-08-04T09:20:00", "_object_types": ["robots.models.base.Bulletin", "robots.models.openbugbounty.OpenbugbountyBulletin"], "enchantments": {"score": {"value": 4.3, "vector": "NONE"}, "vulnersScore": 4.3}, "id": "OBB:274811", "objectVersion": "1.4", "title": "gammon.com.au XSS vulnerability ", "bulletinFamily": "bugbounty", "viewCount": 0, "openbugbounty": {"patchStatus": "patched", "mirror": "http://274811.openbounty.org/mirror/"}, "reporter": "Random_Robbie", "references": [], "type": "openbugbounty", "_object_type": "robots.models.openbugbounty.OpenbugbountyBulletin", "history": [{"differentElements": ["description", "modified", "openbugbounty", "title"], "bulletin": {"openbugbounty": {"patchStatus": "on hold", "mirror": ""}, "published": "2017-08-04T09:20:00", "enchantments": {}, "id": "OBB:274811", "objectVersion": "1.4", "title": "gammon.com.au XSS vulnerability", "bulletinFamily": "bugbounty", "viewCount": 0, "reporter": "Random_Robbie", "references": [], "type": "openbugbounty", "history": [], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "On the 04.08.2017 security researcher reported a XSS vulnerability affecting the gammon.com.au website via the Open Bug Bounty coordinated vulnerability disclosure program.\n\n##### Coordinated Disclosure Timeline:\n\nDescription| Value \n---|--- \nVulnerability submitted via Open Bug Bounty| 4 August, 2017 09:20 GMT \nNotification sent to subscribers (without technical details)| 4 August, 2017 18:17 GMT \nGeneric security notifications sent to website owner| 7 August, 2017 15:02 GMT \n \nIf you are the website owner or administrator please [contact the researcher](<https://www.openbugbounty.org/researchers/Random_Robbie/>) directly to get vulnerability details and proceed to coordinated disclosure.\n", "cvelist": [], "href": "https://www.openbugbounty.org/reports/274811/", "modified": "2017-08-07T15:02:00", "lastseen": "2017-10-16T21:31:43"}, "lastseen": "2017-10-16T21:31:43", "edition": 1}, {"differentElements": ["description", "modified", "openbugbounty"], "bulletin": {"openbugbounty": {"patchStatus": "unpatched", "mirror": ""}, "published": "2017-08-04T09:20:00", "enchantments": {"score": {"value": 3.5, "modified": "2017-11-02T21:11:45"}}, "id": "OBB:274811", "objectVersion": "1.4", "title": "gammon.com.au XSS vulnerability ", "bulletinFamily": "bugbounty", "viewCount": 0, "reporter": "Random_Robbie", "references": [], "type": "openbugbounty", "history": [], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "##### Vulnerable URL:\n \n \n https://www.gammon.com.au/forum/bbshowpost.php/\n \n\n##### Details:\n\nDescription| Value \n---|--- \nPatched:| No \nLatest check for patch:| 02.11.2017 \nVulnerability type:| XSS \nVulnerability status:| Publicly disclosed \nAlexa Rank| 226569 \nVIP website status:| No \nCheck gammon.com.au SSL connection:| (Grade: C+) \n \n##### Coordinated Disclosure Timeline:\n\nDescription| Value \n---|--- \nVulnerability submitted via Open Bug Bounty| 4 August, 2017 09:20 GMT \nNotification sent to subscribers (without technical details)| 4 August, 2017 18:17 GMT \nGeneric security notifications sent to website owner| 7 August, 2017 15:02 GMT \nVulnerability details disclosed by researcher| 2 November, 2017 15:21 GMT\n", "cvelist": [], "href": "https://www.openbugbounty.org/reports/274811/", "modified": "2017-11-02T15:21:00", "lastseen": "2017-11-02T21:11:45"}, "lastseen": "2017-11-02T21:11:45", "edition": 2}], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "##### Open Bug Bounty ID: OBB-274811\n\nDescription| Value \n---|--- \nAffected Website:| gammon.com.au \nVulnerable Application:| Custom Code \nVulnerability Type:| XSS (Cross Site Scripting) / CWE-79 \nCVSSv3 Score:| 6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N] \nRemediation Guide:| OWASP XSS Prevention Cheat Sheet \n \n##### Vulnerable URL:\n \n \n https://www.gammon.com.au/forum/bbshowpost.php/\n \n\n##### Coordinated Disclosure Timeline\n\nDescription| Value \n---|--- \nVulnerability Reported:| 4 August, 2017 09:20 GMT \nVulnerability Verified:| 4 August, 2017 14:28 GMT \nWebsite Operator Notified:| 4 August, 2017 14:28 GMT \nVulnerability Published:| 4 August, 2017 14:28 GMT[without any technical details] \nVulnerability Fixed:| 11 February, 2018 09:15 GMT \nPublic Disclosure:| 11 February, 2018 09:15 GMT\n", "cvelist": [], "href": "https://www.openbugbounty.org/reports/274811/", "modified": "2018-02-11T09:15:00", "lastseen": "2018-03-15T01:25:19"}
{}
