Lucene search

K
openbugbountyRiceNinja248OBB:478344
HistoryJan 02, 2018 - 2:58 a.m.

store.pyeongchang2018.com XSS vulnerability

2018-01-0202:58:00
RiceNinja248
www.openbugbounty.org
14
Open Bug Bounty ID: OBB-478344
Description Value
Affected Website: store.pyeongchang2018.com
Vulnerable Application: Custom Code
Vulnerability Type: XSS (Cross Site Scripting) / CWE-79
CVSSv3 Score: 6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N]
Disclosure Standard: Coordinated Disclosure based on ISO 29147 guidelines
Remediation Guide: OWASP XSS Prevention Cheat Sheet
Vulnerable URL:
http://store.pyeongchang2018.com/m/search.html?search_viewtype=&s;=%22%3E%3Cimg%20src=%22%22%20onerror=alert(/OPENBUGBOUNTY/)%3E
Coordinated Disclosure Timeline
Description Value
Vulnerability Reported: 2 January, 2018 02:58 GMT
Vulnerability Verified: 2 January, 2018 03:01 GMT
Website Operator Notified: 2 January, 2018 03:01 GMT
Vulnerability Published: 2 January, 2018 03:01 GMT[without any technical details]
Public Disclosure: 2 April, 2018 02:58 GMT