NS International Train Tickets v7.31.4 Reflected XSS Vulnerability

Title: NS International Train Tickets v7.31.4 Reflected XSS Vulnerability
Advisory ID: ZSL-2017-5441
Type: Local/Remote
Impact: Cross-Site Scripting
Risk: (3/5)
Release Date: 24.12.2017
Summary
NS International Train Tickets is a web application that is used by NS International (Dutch railways) to manage (search, book, plan, buy) train tickets for international travels from the Netherlands.
Description
NS International Train Tickets confirmation page 'bookingConfirm' is vulnerable to a Reflected XSS. The input provided to the 'dnr' query string parameter is reflected to the validationMismatch.html page. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
Vendor
NS International BV - https://www.nsinternational.nl
Affected Version
7.31.4
Tested On
Opera 49.0.2725.39
Google Chrome 60.0.3112.90
Firefox Quantum 57.0.1
Vendor Status
[15.10.2017] Vulnerability discovered.
[16.10.2017] Vendor communicated via Twitter.
[17.10.2017] Vendor replied back. Details about the vulnerability sent.
[15.11.2017] Vulnerability fixed by the vendor.
[24.12.2017] Public security advisory released.
PoC
nsint_poc.txt
Credits
Vulnerability discovered by Stefan Petrushevski - <stefan@zeroscience.mk>
References
N/A
Changelog
[24.12.2017] - Initial release
Contact
Zero Science Lab

Web: http://www.zeroscience.mk
e-mail: lab@zeroscience.mk