hyatt.com XSS vulnerability

2015-11-02T06:31:00
ID OBB:99548
Type openbugbounty
Reporter dim0k
Modified 2016-09-01T01:01:00

Description

Vulnerable URL:
http://www.hyatt.com/ws/typeahead-json-latin?citylimit=2&citydimension;=501&statelimit;=3&statedimension;=515&countrylimit;=3&countrydimension;=508&hotellimit;=&hoteldimension;=496">&callback;=jQuery17209384126469338339_1446414273511&featureClass;=P&style;=full&maxRows;=12&q;=2+x&_=1446414354203
Details:

Description| Value
---|---
Patched:| Yes, at 31.08.2016
Latest check for patch:| 31.08.2016 09:48 GMT
Vulnerability type:| XSS
Vulnerability status:| Publicly disclosed
Alexa Rank| 2864
Google Pagerank| 0
VIP website status:| Yes
Check hyatt.com SSL connection:| (Grade: A)

Coordinated Disclosure Timeline:

Description| Value
---|---
Vulnerability reported| 2 November, 2015 06:31 GMT
Vulnerability existence verified and confirmed| 2 November, 2015 06:33 GMT
Vulnerability patched by the website owner| 1 September, 2016 01:01 GMT