obrnadzor.gov.ru XSS vulnerability

2015-02-03T18:24:00
ID OBB:54326
Type openbugbounty
Reporter guest
Modified 2015-05-04T18:24:00

Description

Open Bug Bounty ID: OBB-54326

Description| Value
---|---
Affected Website:| obrnadzor.gov.ru
Vulnerable Application:| Custom Code
Vulnerability Type:| XSS (Cross Site Scripting) / CWE-79
CVSSv3 Score:| 6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N]
Remediation Guide:| OWASP XSS Prevention Cheat Sheet

Vulnerable URL:
http://www.obrnadzor.gov.ru/ru/docs/documents/index.php?docnum_4=">![](x)&doctype;_4=50&from;_date_4=&to;_date_4=&docsubj;_4=&keywords;_4=%D0%9F%D0%BB%D0%B0%D0%BD+%D0%BF%D1%80%D0%BE%D0%B2%D0%B5%D0%B4%D0%B5%D0%BD%D0%B8%D1%8F+%D0%A4%D0%B5%D0%B4%D0%B5%D1%80%D0%B0%D0%BB%D1%8C%D0%BD%D0%BE%D0%B9+%D1%81%D0%BB%D1%83%D0%B6%D0%B1%D0%BE%D0%B9+%D0%BF%D0%BE+%D0%BD%D0%B0%D0%B4%D0%B7%D0%BE%D1%80%D1%83+%D0%B2+%D1%81%D1%84%D0%B5%D1%80%D0%B5+%D0%BE%D0%B1%D1%80%D0%B0%D0%B7%D0%BE%D0%B2%D0%B0%D0%BD%D0%B8%D1%8F+%D0%B8+%D0%BD%D0%B0%D1%83%D0%BA%D0%B8+%D0%BF%D0%BB%D0%B0%D0%BD%D0%BE%D0%B2%D1%8B%D1%85+%D0%BF%D1%80%D0%BE%D0%B2%D0%B5%D1%80%D0%BE%D0%BA&search;_4=1
Coordinated Disclosure Timeline

Description| Value
---|---
Vulnerability Reported:| 3 February, 2015 18:24 GMT
Vulnerability Verified:| 3 February, 2015 18:26 GMT
Website Operator Notified:| 3 February, 2015 18:26 GMT
Vulnerability Published:| 3 February, 2015 18:26 GMT[without any technical details]
Public Disclosure:| 4 May, 2015 18:24 GMT