trabajo.pr.gov XSS vulnerability

2017-10-17T15:25:00
ID OBB:341036
Type openbugbounty
Reporter c0rtePentest
Modified 2018-04-17T06:08:00

Description

Open Bug Bounty ID: OBB-341036

Description| Value
---|---
Affected Website:| trabajo.pr.gov
Open Bug Bounty Program:| Create your bounty program now. It's open and free.
Vulnerable Application:| Custom Code
Vulnerability Type:| XSS (Cross Site Scripting) / CWE-79
CVSSv3 Score:| 6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N]
Remediation Guide:| OWASP XSS Prevention Cheat Sheet

Vulnerable URL:
http://www.trabajo.pr.gov/doc/pdfs/PROSHA/CD%20OSHA%20Junio-2-2015/INDUSTRIA%20EN%20GENERAL/2_An%C3%A1lisis%20de%20Riesgos%20por%20Tareas/bookContent.swf?currentHTMLURL=data:text/html;base64,PHNjcmlwdD5hbGVydCgnT1BFTiBCVUdCT1VOVFknKTwvc2NyaXB0Pg==
Coordinated Disclosure Timeline

Description| Value
---|---
Vulnerability Reported:| 17 October, 2017 15:25 GMT
Vulnerability Verified:| 18 October, 2017 06:01 GMT
Website Operator Notified:| 18 October, 2017 06:01 GMT
Vulnerability Published [without any technical details]:| 18 October, 2017 06:01 GMT
Vulnerability Fixed:| 17 April, 2018 06:08 GMT
Public Disclosure:| 17 April, 2018 06:08 GMT