citsci.org XSS vulnerability

2015-07-16T02:32:00
ID OBB:73068
Type openbugbounty
Reporter crashdemons
Modified 2015-07-16T02:34:00

Description

Vulnerable URL:
http://www.citsci.org/cwis438/Webservices/GetProjectList.php?WebSiteID=7&UserID;=0&sEcho;=14&iColumns;=8&sColumns;=%2C%2C%2C%2C%2C%2C%2C&iDisplayStart;=0&iDisplayLength;=10&mDataProp;_0=0&sSearch;_0=&bRegex;_0=false&bSearchable;_0=true&bSortable;_0=true&mDataProp;_1=1&sSearch;_1=&bRegex;_1=false&bSearchable;_1=true&bSortable;_1=true&mDataProp;_2=2&sSearch;_2=&bRegex;_2=false&bSearchable;_2=true&bSortable;_2=true&mDataProp;_3=3&sSearch;_3=&bRegex;_3=false&bSearchable;_3=true&bSortable;_3=true&mDataProp;_4=4&sSearch;_4=&bRegex;_4=false&bSearchable;_4=true&bSortable;_4=true&mDataProp;_5=5&sSearch;_5=&bRegex;_5=false&bSearchable;_5=true&bSortable;_5=true&mDataProp;_6=6&sSearch;_6=&bRegex;_6=false&bSearchable;_6=true&bSortable;_6=true&mDataProp;_7=7&sSearch;_7=&bRegex;_7=false&bSearchable;_7=true&bSortable;_7=false&sSearch;=%27%3Cscript%3Ealert(%2FXSSPOSED%2F)%3C%2Fscript%3E&bRegex;=false&iSortCol;_0=5&sSortDir;_0=desc&iSortingCols;=1&_=1437013422243
Details:

Description| Value
---|---
Patched:| No
Latest check for patch:| 25.07.2017
Vulnerability type:| XSS
Vulnerability status:| Publicly disclosed
Alexa Rank| 8225612
Google Pagerank| 5
VIP website status:| No
Check citsci.org SSL connection:| (Grade: F)

Coordinated Disclosure Timeline:

Description| Value
---|---
Vulnerability reported| 16 July, 2015 02:32 GMT
Vulnerability existence verified and confirmed| 16 July, 2015 02:34 GMT