russhair.com XSS vulnerability

2017-09-08T12:57:00
ID OBB:291190
Type openbugbounty
Reporter M0r3h4x
Modified 2017-12-07T13:38:00

Description

Vulnerable URL:
https://russhair.com/catalog/view/theme/_ajax_view-product.php?product_href=https://russhair.com/index.php?route=product/product&path;=34_41_106&product;_id=167&view;_details=Подробнееℑ_main=xss">ℑ_popup=https://russhair.com/image/cache/catalog/Brashes/Sibel_11row-888x1080.jpg&product;_name=Щетка%20дерево%20Classic%2011&product;_price=600&product;_rating=0&array;_images=s:199:"a:1:%7Bi:0;a:2:%7Bs:5:"small";s:72:"https://russhair.com/image/cache/catalog/Brashes/Sibel_11row-593x722.jpg";s:3:"big";s:73:"https://russhair.com/image/cache/catalog/Brashes/Sibel_11row-888x1080.jpg";%7D%7D";&product;_description_short=Щетка%20для%20наращенных%20волос%20Classic.%20Материал%20-%20натуральная%20щетина,%20нейлоновые%20вставки%20на%20пневматической%20подушке.%20Ручка%20из%20дерева%20с%20прорезиненным%20 покрытием. Щетка%20с%2011%20рядами%20натуральной%20щетины. Сделано%20в%20Бельгии.
Details:

Description| Value
---|---
Patched:| No
Latest check for patch:| 07.12.2017
Vulnerability type:| XSS
Vulnerability status:| Publicly disclosed
Alexa Rank| 10024516
VIP website status:| No

Coordinated Disclosure Timeline:

Description| Value
---|---
Vulnerability submitted via Open Bug Bounty| 8 September, 2017 12:57 GMT
Generic security notifications sent to website owner| 8 September, 2017 13:00 GMT
Notification sent to subscribers (without technical details)| 8 September, 2017 14:17 GMT
Vulnerability details disclosed by researcher| 7 December, 2017 13:38 GMT