secure.zwift.com XSS vulnerability

2017-11-01T21:48:00
ID OBB:385432
Type openbugbounty
Reporter badmaxx
Modified 2017-12-02T14:39:00

Description

Vulnerable URL:
https://secure.zwift.com/auth/realms/zwift/login-actions/request/login?code=QOCyySnG4MQUrfsHsjoYI4frKsXIafw9UMe3SLOyDrs.6c79606a-cb1d-4726-9d49-45cdd286c22f&redirect;_uri=https%3A%2F%2Fmy.zwift.com%2Findex.jsp
Details:

Description| Value
---|---
Patched:| Yes, at
Vulnerability type:| XSS
Vulnerability status:| Publicly disclosed
Alexa Rank| Unknown / Not calculated
VIP website status:| No

Coordinated Disclosure Timeline:

Description| Value
---|---
Vulnerability submitted via Open Bug Bounty| 1 November, 2017 21:48 GMT
Generic security notifications sent to website owner| 1 November, 2017 21:50 GMT
Notification sent to subscribers (without technical details)| 1 November, 2017 22:17 GMT
Vulnerability details disclosed by researcher| 1 December, 2017 22:19 GMT
Vulnerability patched by the website owner| 2 December, 2017 14:39 GMT