fullfact.org XSS vulnerability | Open Bug Bounty | Website Vulnerabilities

OpenBugBounty.org > Open Bug Bounty > fullfact.org

Open Bug Bounty ID

OBB-259895

fullfact.org Security Vulnerability

On the 05.07.2017 security researcher hackdemonium Helped patch 150 vulnerabilities
Received 6 Coordinated Disclosure badges
Received 8 recommendations disclosed XSS vulnerability affecting fullfact.org website.

On our side, we have notified website owner via all reasonable communication channels about the vulnerability, so it can be patched as quickly as possible.

Currently the vulnerability is patched and does not represent any security risk for the website or its visitors.

Vulnerability Details

fullfact.org Description

Full Fact. Full Fact is the UK's independent factchecking organisation.

Vulnerable URL:

https://fullfact.org/search/?q=a'aa"onfocus=prompt(/OPENBUGBOUNTY/) autofocus=x bad=--></title></script><img src=x onerror=prompt(/OPENBUGBOUNTY/)>

Other details:

Patched:	Yes, at 05.07.2017
Latest check for patch:	05.07.2017 11:24 GMT
Vulnerability type:	XSS
Vulnerability status:	Publicly disclosed
Alexa Rank	73906
VIP website status:	Yes
Check fullfact.org for malware:	Click here
Check fullfact.org SSL connection:	Click here (Grade: A+) Refresh Results

Mirror: Click here to view the mirror

Coordinated Disclosure Timeline

Vulnerability submitted via Open Bug Bounty	5 July, 2017 10:17 GMT
Generic security notifications sent to website owner	5 July, 2017 10:19 GMT
Customized security notification sent to website owner	5 July, 2017 10:19 GMT
Notification sent to subscribers (without technical details)	5 July, 2017 14:17 GMT
Vulnerability patched by the website owner	6 July, 2017 05:46 GMT
Vulnerability details disclosed by researcher	6 July, 2017 12:25 GMT

User Comments:

Please login via twitter to be the first one to comment.

Latest Vulnerabilities on *.fullfact.org

OBB-ID	Reported by	Status	Reported on
OBB-259895	hackdemonium Helped patch 150 vulnerabilities Received 6 Coordinated Disclosure badges Received 8 recommendations	patched	05.07.2017

Latest Vulnerabilities Reported by hackdemonium

OBB-ID	Vulnerability	Status	Reported
OBB-278323	XSS in builtlean.com	On Hold	11.08.2017
OBB-278322	XSS in dfir.training	On Hold	11.08.2017
OBB-267158	XSS in gigaset.com	On Hold	23.07.2017
OBB-267157	XSS in xizhi.com	On Hold	23.07.2017
OBB-267156	XSS in farmaspeed.it	On Hold	23.07.2017
OBB-267154	XSS in meilleurvendeur.com	On Hold	23.07.2017
OBB-267153	XSS in linkshe.com	On Hold	23.07.2017
OBB-267151	XSS in profit.bg	On Hold	23.07.2017
OBB-267149	XSS in fajn-brigady.cz	On Hold	23.07.2017
OBB-267148	XSS in mountainbike-magazin.de	On Hold	23.07.2017
OBB-267147	XSS in listupp.it	On Hold	23.07.2017
OBB-267146	XSS in megaeletronicos.com	On Hold	23.07.2017
OBB-267145	XSS in jagranjunction.com	On Hold	23.07.2017
OBB-267144	XSS in dream-seed.com	On Hold	23.07.2017
OBB-267142	XSS in sexloading.com	On Hold	23.07.2017
OBB-267141	XSS in praisecharts.com	On Hold	23.07.2017
OBB-267140	XSS in ichannela.com	On Hold	23.07.2017
OBB-267139	XSS in auladeanatomia.com	On Hold	23.07.2017
OBB-267138	XSS in promocode2017.com	On Hold	23.07.2017
OBB-267134	XSS in sirisara.lk	On Hold	23.07.2017