sshowads.pubmatic.com XSS vulnerability

2018-03-12T12:06:00
ID OBB:578831
Type openbugbounty
Reporter newp_th
Modified 2018-04-11T18:27:00

Description

Open Bug Bounty ID: OBB-578831

Description| Value
---|---
Affected Website:| sshowads.pubmatic.com
Open Bug Bounty Program:| Not created yet
Vulnerable Application:| Custom Code
Vulnerability Type:| XSS (Cross Site Scripting) / CWE-79
CVSSv3 Score:| 6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N]
Disclosure Standard:| Coordinated Disclosure based on ISO 29147 guidelines
Remediation Guide:| OWASP XSS Prevention Cheat Sheet

Vulnerable URL:
https://sshowads.pubmatic.com/AdServer/AdServerServlet?pubId=156016&siteId;=271284&adId;=1322860&kadwidth;=728&kadheight;=90&SAVersion;=2&js;=1&kdntuid;=1&pageURL;=https%3A%2F%2Fadserver.adtechus.com%2Fadiframe%2F3.0%2F5512.1%2F4775115%2F0%2F225%2FADTECH%3Btarget%3D_blank%3Bkey%3Dkey1%2Bkey2%2Bkey3%2Bkey4%3Bgrp%3D%5Bgroup%5D%3Bmisc%3D%27%2Bnew%2520Date().getTime()%2B%27%3Brdclick%3D%3Bmisc%3D8266966008852363510%3Brdclick%3Dhttps%3A%2F%2Fadclick.g.doubleclick.net%2Faclk%3Fsa%3DL%26ai%3DC1OFwvmKmWt3LIYOTkwPVzY_QDpbw_rxN6uTGo4kBwI23ARABIABg5crlg7QOggEXY2EtcHViLTEwMDQxOTk0MDIwNzQzMDjIAQmoAwGqBIwBT9AhrBFCsUe6D7Qf0tXD_Zg2hOZ6IsQeShzKIywC3ZeswxTCqHT282XdDKlAqLo_N7MnNIT4VLaxKDaT_TP1FFUA9e23kgWshJ_UXrKRV-F7zXdC90wtZ-0pqVcUaHqaDVTAtazsk2K7ENqs14bSIek0MIwUclH_2&inIframe;=1&kadpageurl;=www.awtimes.com&operId;=1&sec;=1&kltstamp;=2018-3-12%2016%3A51%3A54&timezone;=5.5-->">&screenResolution;=1366x768&ranreq;=0.2283603222146724&pmUniAdId;=0&adVisibility;=0&adPosition;=-1x-1
Coordinated Disclosure Timeline

Description| Value
---|---
Vulnerability Reported:| 12 March, 2018 12:06 GMT
Vulnerability Verified:| 12 March, 2018 12:15 GMT
Website Operator Notified:| 12 March, 2018 12:15 GMT
Vulnerability Published:| 12 March, 2018 12:15 GMT[without any technical details]
Vulnerability Fixed:| 11 April, 2018 18:27 GMT
Public Disclosure:| 11 April, 2018 18:27 GMT