iyfipgun.com XSS vulnerability

2017-09-02T22:16:00
ID OBB:286820
Type openbugbounty
Reporter OmniGooch
Modified 2017-10-11T09:42:00

Description

Vulnerable URL:
http://www.iyfipgun.com/LASIK_Laser_Eye_Surgery.cfm?domain=wavefrontlabs.com&fp;=%2BwlNyAzORsMWTGeV7tiP5iqMEXqywy92JRs0Nc1vC%2Bj%2F2moBz5a7U7mH0pjeUVPQqmQg4KL1eDM1Ahfla7Y5czosaYYrGqVVsHmrhC3mrCbDRc8hbTihAlRStm5YuFzl03vULAA6Ddl3ItkHxxEkTpsYYztfJaiTmN1QF7Q2lWF5VQohhUdCB2Sv0xZ3aSV5NaiZODXyXAB%2FbHh%2Fg4e0pw%3D%3D&maxads;=0&kld;=1003&prvtof;=51l%2FvpiJ4uANr0XbdSO110McejNkRpSXZWNLmmeGOmk4eja37Q3ZxUjpXrDBG9Qp3PWWHSHTu6AsTMcrI5N21sRvb56gcmwhn26JI73iEq1EVivugB2ywC%2FHyEITU4iOkFl2m24lbHhVqKCPkdmwGg%3D%3D&&&kt;=217&&kbc;=wavefront&ki;=17113164&ktd;=0&kld;=1003&kp;=1&bd;=-7%23900%231440%231%230%23686%23226
Details:

Description| Value
---|---
Patched:| Yes, at
Vulnerability type:| XSS
Vulnerability status:| Publicly disclosed
Alexa Rank| 287590
VIP website status:| No

Coordinated Disclosure Timeline:

Description| Value
---|---
Vulnerability submitted via Open Bug Bounty| 2 September, 2017 22:16 GMT
Generic security notifications sent to website owner| 2 September, 2017 22:19 GMT
Notification sent to subscribers (without technical details)| 3 September, 2017 02:17 GMT
Vulnerability details disclosed by researcher| 10 October, 2017 19:24 GMT
Vulnerability patched by the website owner| 11 October, 2017 09:42 GMT