dspace.ipen.gob.pe XSS vulnerability

2017-10-28T17:53:00
ID OBB:375850
Type openbugbounty
Reporter Y4r4G_
Modified 2018-01-26T17:53:00

Description

Open Bug Bounty ID: OBB-375850

Description| Value
---|---
Affected Website:| dspace.ipen.gob.pe
Vulnerable Application:| Custom Code
Vulnerability Type:| XSS (Cross Site Scripting) / CWE-79
CVSSv3 Score:| 6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N]
Remediation Guide:| OWASP XSS Prevention Cheat Sheet

Vulnerable URL:
http://dspace.ipen.gob.pe/simple-search?query=&sort;_by=scoreℴ=desc&rpp;=10&filter;_field_1=author&filter;_type_1=equals&filter;_value_1=Olivera,+Paula&etal;=0&filtername;=author&filterquery;=Greenwich,+Raúl&filtertype;=equals"'--!>