s.pubmine.com XSS vulnerability

2018-02-22T11:02:00
ID OBB:565674
Type openbugbounty
Reporter newp_th
Modified 2018-03-31T15:42:00

Description

Open Bug Bounty ID: OBB-565674

Description| Value
---|---
Affected Website:| s.pubmine.com
Vulnerable Application:| Custom Code
Vulnerability Type:| XSS (Cross Site Scripting) / CWE-79
CVSSv3 Score:| 6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N]
Disclosure Standard:| Coordinated Disclosure based on ISO 29147 guidelines
Remediation Guide:| OWASP XSS Prevention Cheat Sheet

Vulnerable URL:
https://s.pubmine.com/adj/114160/300/250/?pos=btf&hb;=%7B%7D&imp;_delay=9530&pp;=%7B%22pt%22%3A1%2C%22ht%22%3A0%2C%22tn%22%3A%22hexa%22%2C%22amp%22%3Afalse%2C%22siteid%22%3A2694%7D&pvid;=13b15dae-37e4-483b-84ff-82de6883225f&tuuid;=5befe8a5-8d7a-4fd5-b464-1d8979b42c1e⩝=6957269605385&v;=1.30.0&callbackPubmine;=
Coordinated Disclosure Timeline

Description| Value
---|---
Vulnerability Reported:| 22 February, 2018 11:02 GMT
Vulnerability Verified:| 22 February, 2018 11:11 GMT
Website Operator Notified:| 22 February, 2018 11:11 GMT
Vulnerability Published:| 22 February, 2018 11:11 GMT[without any technical details]
Vulnerability Fixed:| 31 March, 2018 15:42 GMT
Public Disclosure:| 31 March, 2018 15:42 GMT