searchinquire.com XSS vulnerability

2017-09-11T04:03:00
ID OBB:292945
Type openbugbounty
Reporter OmniGooch
Modified 2017-11-28T10:48:00

Description

Vulnerable URL:
http://www.searchinquire.com/Alarm_Systems_Solutions.cfm?domain=keruistore.com&fp;=8TN%2FtiWJGLrH6eejS9gnLFCZqMmk63oPcMWx0L7GWQRjMUJoq4YHX2Kn7ez8Vnh6CWHbh9mmhGanFCzZYTjMxaX8qwlTDFz0vYse%2Fpfuqt6QKJC0j3eMGJOZItXPFJPiwvwFts3yeNhBUaOmZu4YJO3Afuzhy9m7SbEkCFu2o9LsM5FlTOOmxzlXNeEiIzIwmKzGhpPDqAYOTTb14IizFA%3D%3D&yep;=u4bOjymZr%2BxCFIjsxxrtg8U22MpIphsJFB4exiL5KWpOq%2B2UbIOVmnmc%2F7kzuCKf3BxF2nZvP3ZKrY4P7sch4CQAgsRITektPPkrXvfhUYjkQ7Pad6%2BjLcLExa98qqFNd0EHwHMF8DSroTkSqh%2BS7gFwu%2BnzaC0foYko0SWB5mg3BjZgZ4tZrXKBT%2B1OMSJBTBAiJX3FE8mPDGVNw5bai1LPoBLilJrCMgVmEDCVTiwLBZoAOoC6cNci5yCi4m7AjxcrBNtarz%2BpDXvpYemdf3lziaj8%2Fr5TsFrdVpUNlPJmGuG9chNtBS22cTxiEJibfVOlTdtomjvCXBntchQ2VpoxwZsbNKw4hRDpYG7g4%2F5lTZHsplZIudx6AO1K1wRonbKPvLH%2BeXd9epnD49OAaDapGy6y0CbX00qriYpPBW046XHXZXTKgSkLhedtr8CTHw5I4UpkK1AzPd7psBDKqTyckdCPdvmB2f3rO7%2F%2Bsq7icXUcssoALto9LRxM5ffcMsq7zfjqkaHyCsA2HiUfJus9uzglJ%2FKp8axI3x2Qesk9gYWhRSXi9HA3SXvhKkWBKD5OscQ6IFC9SJAmnyc9zTf%2F%2Bbb6fRj2RSbgxZJ%2FM1bao8g5JEy1dX255gB5le2a&gtnp;=0&gtpp;=0&maxads;=0&kld;=1061&prvtof;=8LNcbMEp6wsDYvFHmghf9aL641FS9oalxeQodO69dy4K%2FzDumH8zwWSwNSIwPHzSwNa5PunqHL5VRj2zKRZ%2Bi0SVJQRrXAYjMKSh4msgyh59e8dejkeyo4ZgaH%2Bhr2Xt&&gtnp;=0&gtpp;=0&kt;=271&&kbc;=33432&ki;=1324519&ktd;=256&kld;=1061&kp;=4&bd;=-7%23900%231440%231%230%23692%23322
Details:

Description| Value
---|---
Patched:| Yes, at 28.11.2017
Latest check for patch:| 28.11.2017 10:48 GMT
Vulnerability type:| XSS
Vulnerability status:| Publicly disclosed
Alexa Rank| 27088
VIP website status:| Yes

Coordinated Disclosure Timeline:

Description| Value
---|---
Vulnerability submitted via Open Bug Bounty| 11 September, 2017 04:03 GMT
Generic security notifications sent to website owner| 11 September, 2017 04:05 GMT
Notification sent to subscribers (without technical details)| 11 September, 2017 06:17 GMT
Vulnerability details disclosed by researcher| 12 October, 2017 18:38 GMT
Vulnerability patched by the website owner| 28 November, 2017 10:48 GMT