medschool.duke.edu XSS vulnerability

2017-09-27T23:02:00
ID OBB:317068
Type openbugbounty
Reporter fV
Modified 2017-12-27T09:55:00

Description

Vulnerable URL:
https://medschool.duke.edu/search-results?as_q=%27%22%2F%3E%3E%3C%2Fscript%3E%3Cscript%3Ealert(%2FOPENBUGBOUNTY%2F)%3C%2Fscript%3E
Details:

Description| Value
---|---
Patched:| No
Latest check for patch:| 27.12.2017
Vulnerability type:| XSS
Vulnerability status:| Publicly disclosed
Alexa Rank| 3730
VIP website status:| Yes

Coordinated Disclosure Timeline:

Description| Value
---|---
Vulnerability submitted via Open Bug Bounty| 27 September, 2017 23:02 GMT
Vulnerability existence verified and confirmed| 28 September, 2017 08:30 GMT
Generic security notifications sent to website owner| 28 September, 2017 08:30 GMT
Vulnerability details disclosed by researcher| 27 December, 2017 09:55 GMT