nexttry.com XSS vulnerability

2015-08-30T17:58:00
ID OBB:83427
Type openbugbounty
Reporter Outlasted
Modified 2017-07-25T16:45:00

Description

Vulnerable URL:
http://www.nexttry.com/VideoDB//trace.php?videodburl=http%3A%2F%2Fwww.lego.com%2Fen-us%2Fcity%2Fgames%2Fgreat-vehicles-0bcf332d38de4be190c827cb28106899%3Ficmp%3DCOUSGamesGLCityGreatVehicles&iframe;=2?cmp=%22%27/%3E%3E%3Cimg%20src=x%20onerror=alert%28/XSSPOSED/%29%3E
Details:

Description| Value
---|---
Patched:| Yes, at 25.07.2017
Latest check for patch:| 25.07.2017 16:45 GMT
Vulnerability type:| XSS
Vulnerability status:| Publicly disclosed
Alexa Rank| 17299626
Google Pagerank| 0
VIP website status:| No
Check nexttry.com SSL connection:| (Grade: C)

Coordinated Disclosure Timeline:

Description| Value
---|---
Vulnerability reported| 30 August, 2015 17:58 GMT
Vulnerability existence verified and confirmed| 30 August, 2015 18:00 GMT
Vulnerability patched by the website owner| 25 July, 2017 16:45 GMT