assetform.itbusinessedge.com XSS vulnerability

2015-09-21T17:42:00
ID OBB:88189
Type openbugbounty
Reporter WhitePacket
Modified 2016-01-30T22:53:00

Description

Vulnerable URL:
http://assetform.itbusinessedge.com/acl/accountController.jsp?css=itbusinessedge/itbusinessedgeArticleRegistrationForm.css&sdn;=ITBusinessEdge&w;=http://www.itbusinessedge.com&u;=/index.php/accountManagement?formType=loginForm&isIframed;=yes&rand;=5569&newuserregistration;=y&formType;=loginForm&CCID;=20250540204387906&QTR;=ZZf201306031133220Za20250540Zg27Zw1Zm16Zc204387906Zs15939ZZ&CLK;=184150921104200174&WT.qs;_dlk=VgBAfgrIZ7kAAD6gHhkAAAAm&&exp;=y
Details:

Description| Value
---|---
Patched:| Yes, at 30.01.2016
Latest check for patch:| 30.01.2016 22:53 GMT
Vulnerability type:| XSS
Vulnerability status:| Publicly disclosed
Alexa Rank| 32648
Google Pagerank| 0
VIP website status:| Yes
Check assetform.itbusinessedge.com SSL connection:| (Grade: C+)

Coordinated Disclosure Timeline:

Description| Value
---|---
Vulnerability reported| 21 September, 2015 17:42 GMT
Vulnerability existence verified and confirmed| 21 September, 2015 17:44 GMT
Vulnerability patched by the website owner| 30 January, 2016 22:53 GMT