Lucene search

K
openbugbountyRiceNinja248OBB:484086
HistoryJan 03, 2018 - 11:28 p.m.

corefit.co.kr XSS vulnerability

2018-01-0323:28:00
RiceNinja248
www.openbugbounty.org
10
Open Bug Bounty ID: OBB-484086
Description Value
Affected Website: corefit.co.kr
Vulnerable Application: Custom Code
Vulnerability Type: XSS (Cross Site Scripting) / CWE-79
CVSSv3 Score: 6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N]
Disclosure Standard: Coordinated Disclosure based on ISO 29147 guidelines
Remediation Guide: OWASP XSS Prevention Cheat Sheet
Vulnerable URL:
http://www.corefit.co.kr/shop/goods/goods_search.php?searched=Y&log;=1&skey;=all&hid;_pr_text=&hid;_link_url=&edit;=&sword;=%EC%8A%A4%ED%83%80%ED%82%B9%22%20autofocus%20onfocus=confirm(/OPENBUGBOUNTY/)%3E&x;=0&y;=0
Coordinated Disclosure Timeline
Description Value
Vulnerability Reported: 3 January, 2018 23:28 GMT
Vulnerability Verified: 3 January, 2018 23:32 GMT
Website Operator Notified: 3 January, 2018 23:32 GMT
Vulnerability Published: 3 January, 2018 23:32 GMT[without any technical details]
Vulnerability Fixed: 13 February, 2018 01:42 GMT
Public Disclosure: 13 February, 2018 01:42 GMT