Report Email Alerts Open Bug Bounty: 111312 coordinated disclosures
Full Disclosure: 32415 vulnerabilities
Total Vulnerabilities Fixed: 37694
119322 vulnerable websites, 12879 VIP websites
2908 security researchers, 3925 notification subscribers

postoffice.co.uk Security Vulnerability

On the 06.01.2017 security researcher bananascript Twitter: @bananascript
Approved XSS vulnerabilities: 73
Approved XSS vulnerabilities on VIP websites: 18
disclosed XSS vulnerability affecting postoffice.co.uk website.

On the 09.01.2017 security researcher bananascript discovered and reported XSS vulnerability affecting postoffice.co.uk

On our side, we have notified website owner via all reasonable communication channels about the vulnerability, so it can be patched as quickly as possible.

You can check if the vulnerability is patched by clicking on the verification link below. If you have any contacts with the website administrator or a person in charge of its security - please send him, or her, this link as soon as possible.

Vulnerability Details

Open Bug Bounty ID:

OBB-203786

postoffice.co.uk Description

Post Office® - Helping You Get Life’s Important Things Done. Find great deals on travel insurance, travel money, car insurance, savings accounts, financial services and more here at PostOffice.co.uk.

Vulnerable URL:

http://www.postoffice.co.uk/search-results?query=]'};window['ale'+'rt' ]('OPENBUGBOUNTY');x={'a':'

Other details:

Patched:No
Check for patch: Verify now



Latest check for patch:19.04.2017
Vulnerability type:XSS
Vulnerability status:Publicly disclosed
Alexa Rank19127
VIP website status:Yes
Check postoffice.co.uk for malware:Click here
Check postoffice.co.uk SSL connection:Click here (Grade: A) Refresh Results

Mirror: Click here to view the mirror


Notification & Disclosure Timeline

6 January, 2017 at 19:59 GMTVulnerability reported via Open Bug Bounty
9 January, 2017 at 06:07 GMTNotification sent to generic security emails
9 January, 2017 at 06:07 GMTVulnerability verified and confirmed
9 January, 2017 at 10:17 GMTNotification sent to subscribers (without technical details)
6 February, 2017 at 06:14 GMTVulnerability details publicly disclosed

Comments:

Please login via twitter to be the first one to comment.


Latest Vulnerabilities on *.postoffice.co.uk

Vulnerability Reported by Type Status Reported on
Open Bug Bounty
unpatched
06.01.2017
Open Bug Bounty
unpatched
07.06.2016
Open Bug Bounty
patched
22.01.2016
Open Bug Bounty
patched
22.01.2016
Open Bug Bounty
patched
19.09.2015
Open Bug Bounty
patched
19.09.2015
Open Bug Bounty
patched
19.09.2015

Latest Vulnerabilities Reported by bananascript

Domain Type Status Reported
Open Bug Bounty
unpatched
12.01.2017
Open Bug Bounty
unpatched
10.01.2017
Open Bug Bounty
unpatched
10.01.2017
Open Bug Bounty
unpatched
10.01.2017
Open Bug Bounty
unpatched
10.01.2017
Open Bug Bounty
unpatched
09.01.2017
Open Bug Bounty
unpatched
08.01.2017
Open Bug Bounty
unpatched
08.01.2017
Open Bug Bounty
unpatched
08.01.2017
Open Bug Bounty
unpatched
07.01.2017
Open Bug Bounty
unpatched
07.01.2017
Open Bug Bounty
unpatched
06.01.2017
Open Bug Bounty
unpatched
06.01.2017
Open Bug Bounty
unpatched
06.01.2017
Open Bug Bounty
unpatched
06.01.2017
Open Bug Bounty
unpatched
06.01.2017
Open Bug Bounty
unpatched
06.01.2017
Open Bug Bounty
unpatched
06.01.2017
Open Bug Bounty
unpatched
06.01.2017
Open Bug Bounty
unpatched
06.01.2017

Latest VIP Submissions

spelle.nl
Reported by HuyKha Twitter: @HuyKha_10
Approved XSS vulnerabilities: 573
Approved XSS vulnerabilities on VIP websites: 13
on 23.04.2017
vdict.com
Reported by OmniGooch Recommendations received: 3
Approved XSS vulnerabilities: 2807
Approved XSS vulnerabilities on VIP websites: 164
on 22.04.2017
gnc.com
Reported by MirSultan Twitter: @b_mirsultan
Approved XSS vulnerabilities: 429
Approved XSS vulnerabilities on VIP websites: 24
on 22.04.2017
luxottica.com
Reported by MirSultan Twitter: @b_mirsultan
Approved XSS vulnerabilities: 429
Approved XSS vulnerabilities on VIP websites: 24
on 22.04.2017
hhh.com.tw
Reported by porthunter Twitter: @porthunter
Recommendations received: 2
Approved XSS vulnerabilities: 396
Approved XSS vulnerabilities on VIP websites: 208
on 22.04.2017
patrioty.org.ua
Reported by porthunter Twitter: @porthunter
Recommendations received: 2
Approved XSS vulnerabilities: 396
Approved XSS vulnerabilities on VIP websites: 208
on 22.04.2017
freesexyindians.com
Reported by porthunter Twitter: @porthunter
Recommendations received: 2
Approved XSS vulnerabilities: 396
Approved XSS vulnerabilities on VIP websites: 208
on 22.04.2017
2ch-2.net
Reported by porthunter Twitter: @porthunter
Recommendations received: 2
Approved XSS vulnerabilities: 396
Approved XSS vulnerabilities on VIP websites: 208
on 22.04.2017
depedtambayanph.blogspot.com
Reported by porthunter Twitter: @porthunter
Recommendations received: 2
Approved XSS vulnerabilities: 396
Approved XSS vulnerabilities on VIP websites: 208
on 22.04.2017
shafa.ua
Reported by porthunter Twitter: @porthunter
Recommendations received: 2
Approved XSS vulnerabilities: 396
Approved XSS vulnerabilities on VIP websites: 208
on 22.04.2017

Latest Submissions

mybabysittersclub.com
Reported by Muhd_Uwais_ Twitter: @Muhd_Uwais_
Approved XSS vulnerabilities: 26
Approved XSS vulnerabilities on VIP websites: 5
on 23.04.2017
teensloveanal.com
Reported by Muhd_Uwais_ Twitter: @Muhd_Uwais_
Approved XSS vulnerabilities: 26
Approved XSS vulnerabilities on VIP websites: 5
on 23.04.2017
innocenthigh.com
Reported by Muhd_Uwais_ Twitter: @Muhd_Uwais_
Approved XSS vulnerabilities: 26
Approved XSS vulnerabilities on VIP websites: 5
on 23.04.2017
teenpies.com
Reported by Muhd_Uwais_ Twitter: @Muhd_Uwais_
Approved XSS vulnerabilities: 26
Approved XSS vulnerabilities on VIP websites: 5
on 23.04.2017
einbid.de
Reported by secuninja Recommendations received: 4
Approved XSS vulnerabilities: 479
Approved XSS vulnerabilities on VIP websites: 21
on 23.04.2017
adino.at
Reported by badmaxx Twitter: @_badmaxx_
Recommendations received: 1
Approved XSS vulnerabilities: 787
Approved XSS vulnerabilities on VIP websites: 33
on 23.04.2017
top-colo.de
Reported by badmaxx Twitter: @_badmaxx_
Recommendations received: 1
Approved XSS vulnerabilities: 787
Approved XSS vulnerabilities on VIP websites: 33
on 23.04.2017
shop.pewatron.com
Reported by secuninja Recommendations received: 4
Approved XSS vulnerabilities: 479
Approved XSS vulnerabilities on VIP websites: 21
on 23.04.2017
shop.linmot.com
Reported by secuninja Recommendations received: 4
Approved XSS vulnerabilities: 479
Approved XSS vulnerabilities on VIP websites: 21
on 23.04.2017
pitstraat.com
Reported by Aeolus Twitter: @Aeolus_OBB
Approved XSS vulnerabilities: 21
on 23.04.2017