paperpk.com – XSS Vulnerability [Cyber Alert]

na.gov.pk – XSS Vulnerability [Cyber Alert]
April 12, 2017
How Wonga data breach could affect nearly 250,000 customers’ bank details
April 17, 2017

paperpk.com – XSS Vulnerability [Cyber Alert]

Website : paperpk.com

Description : Jobs in Pakistan Newspaper ads & classified careers – PaperPk.com. Paperpk jobs in Pakistan from all newspaper ads on paperpk.com with careers classified ads . Now you can post jobs as employer and apply for jobs online from paper.pk

Vulnerable URL:

http://paperpk.com/job-title-list.php?title=HR<img src=x onerror=prompt(/XSS Alert)>

Other details:

Patched: No
Latest check for patch: 27.03.2017

Vulnerability type: XSS

Vulnerability status: Publicly disclosed
Alexa Rank 6364

Notification & Disclosure Timeline

20 March, 2017 at 22:04 GMT Vulnerability reported via Open Bug Bounty
20 March, 2017 at 22:07 GMT Notification sent to emails provided by researcher
20 March, 2017 at 22:07 GMT Notification sent to generic security emails
21 March, 2017 at 02:17 GMT Notification sent to subscribers (without technical details)
27 March, 2017 at 22:14 GMT Vulnerability details publicly disclosed

Leave a Reply