physicianreports.cardiooptions.com XSS vulnerability

2017-10-08T16:52:00
ID OBB:328547
Type openbugbounty
Reporter mcurietribute
Modified 2018-01-06T17:25:00

Description

Vulnerable URL:
https://physicianreports.cardiooptions.com/pass/pass_check.php?studyid=&username.op;=eq&username;=![](x)&password.op;=eq&password;=boi&Enter;=Enter Name
Details:

Description| Value
---|---
Patched:| No
Latest check for patch:| 06.01.2018
Vulnerability type:| XSS
Vulnerability status:| Publicly disclosed
Alexa Rank| Unknown / Not calculated
VIP website status:| No

Coordinated Disclosure Timeline:

Description| Value
---|---
Vulnerability submitted via Open Bug Bounty| 8 October, 2017 16:52 GMT
Generic security notifications sent to website owner| 8 October, 2017 16:53 GMT
Notification sent to subscribers (without technical details)| 8 October, 2017 18:17 GMT
Vulnerability details disclosed by researcher| 6 January, 2018 17:25 GMT