Open Bug Bounty ID: OBB-1027468
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:
      a. verified the vulnerability and confirmed its existence;
      b. notified the website operator about its existence.
Affected Website: |
szvszinvonal.hu |
Open Bug Bounty Program: |
Create your bounty program now. It’s open and free. |
Vulnerable Application: |
Custom Code |
Vulnerability Type: |
XSS (Cross Site Scripting) / CWE-79 |
CVSSv3 Score: |
6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N] |
Disclosure Standard: |
Coordinated Disclosure based on ISO 29147 guidelines |
Discovered and Reported by: |
g0bl1nsec |
Remediation Guide: |
OWASP XSS Prevention Cheat Sheet |
Export Vulnerability Data: |
Bugzilla Vulnerability Data |
JIRA Vulnerability Data [ Configuration ] |
|
Mantis Vulnerability Data |
|
Splunk Vulnerability Data |
|
XML Vulnerability Data [ XSD ] |
|
Vulnerable URL:
![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAAAjCAIAAADNIk3yAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAJDUlEQVR4nO3dX0hT7xsA8KMtm3KmLqepzdy8KAmxCLEZ08SLkjXWmmZRK4WGRSwJCZEJtoxSDKNMhxcF6k0RMmR4ISJdLPFCbS1bNofIHDaXDHM21xpz53tx+B3Ob3+Om9/m4vd7Pld7Xp/3fc/7CD7snVYchmEIAAAAEAXxsX4AAAAA/7OgxwAAAIgW6DEAAACiBXoMAACAaIEeAwAAIFqgxwAAAIiWv6LHcLncT58+hQpBpKCAAIC/ROx7zOfPn30+37Fjx4KGIFJQQADA32ObHrO0tMRgMIJ+yeFwtLe3hwrDp9FoRCJRqDDaKA4Yw93/zVPtcgGRWNcQAPA32/n7mPX19cePH4cKwxfbHpObm2u323dtu12w+z0GAABCifFd2crKislkKi8vDxrujn379u3mdlEVkwICAEAoYfWY58+fc7nctLS0a9euORwOBEEcDgeHw3E6nXFxcQMDA+Tw6dOnDAbjyZMnBw4cYDKZtbW1v379CrWyRqM5c+bM3r17A8Pp6enS0lIGg3Hw4MGqqqqvX78iCBL33xAEuXTp0qNHj4gFS0pKBgYGwp9O3PPgL7q6urhcLpPJvHr1Kn7SUFtsbm7evHkzPT09JyfnwYMHW1tb1ItMT0+XlJQkJiamp6dfvHjx27dvOyi7363U0tISk8kMVc+VlZVz584xGAwul9vV1YVn9vb2nj17lshvaWmpra2lOEt7e3t6enpWVtarV69CVZXsy5cvaWlp79+/x8Pfv3/fuHGDwWDk5ubev39/a2sr6LKBaUTRAreLKBkAEFvb9xin06nX6ycnJ6empqxWa3NzM4IgKSkpRqMRRVG32y2VSsnhhQsXnE7n1NTUzMzMzMyMTqfr7OwMtTjFRZlQKKyrq7NYLBMTE3w+n06nIwji/o+mpqbLly8jCFJTUzM8PIxPWVlZ0ev1YrE4/Ol+J52dncVParFYFAoFPh50i4aGBqvVqtPpRkdHNRqNSqWiXkSn09XX19tsNoPBwGaz5XL5Dsq+LXIB5XJ5QkLCwsLC+Pj44OAgPigWi7Va7c+fP4l8iURCcRaj0WgwGPr7+/l8fqiqEhwOh0Qi6ejoKC0txUfa2tpcLtfs7Ozo6KhWq+3r6wu6bNC0UNtFlAwAiDGMktlsRhBkY2MDDycnJ/Py8ogvoShKzsRDfIrFYsHH1Wp1UVER/tpisXA4HGKK0+lEUXRtbS0wXFtbo9Fobrc76FMZDIZDhw7Z7XYMw1wuV3JyMr6dSqUSiUQRTfd7bOKkExMTxEkDt/B6vSiKLi4u4gkajYbH41EvQrawsJCZmRlYQ3Ixg5Y9sOapqalB6+n1eul0OvGEarWayOTxeENDQ8RqLpeL4izEd4eiqsRTCQSC27dvk7/EYrGcTif+Wq/XFxcXBy4bNI1iu4iSAQCxRdu2CaEoStzPZGdnr62tbTuFTqfn5OTgr/Pz8y0WCzF9cnKSSBsbGysuLiZue8ghk8msrq7m8XgVFRXZ2dlFRUWnT58mJtbX13d3d6elpSEIkpiYKBAIhoeH79y5o1ar6+rqIpoe6qRsNps4aeAWq6urHo+Hy+USZ8R/dFIs8vHjx6amprm5OY/H4/P5fD4fdQ13UHZyAVdXV30+H/kJiTSxWDwyMlJVVTUyMiIQCNbX1ynOQr6Lo65qS0vL6Ojoy5cviZEfP37Y7XYOh4OHPp+PRqMFLhsqLeh2ESVvWzEAQLRt32P+oD179mRlZREh9W+UvX79+sOHDwaDwWq1NjY2njp16sWLFwiC9Pb25uXlnT9/nsisqanp6emRSqVTU1NqtTrS6eHw28LpdEZ6drFYLJPJ+vr66HT68vJyZWVlpCtsK8zfKJNIJPgN1cjICN6Swxeqqi6XS61Wv3nzRi6XSySSlJQUBEHcbnd8fPzMzAzeBhAEiY+P93g8fmsGTQu1nUKhCD8ZfzYAQCxRv82huJwJ865seHiYuCsj83q9LBaLuKLxC/3o9Xo2m41h2PLycn5+vt9Ni9vt3r9//7NnzyQSSaTTyY9NcQ3ltwXFXVnQRVZXV2k0Gvl58HGKu7Kg62xsbMTHx5Pv4oiHDKwnnU43m814SL4rwzCsoKBgfHw8NTV1Y2MjzLNQVNVsNtNotLm5OQzDhEKhXC4nclAU1el0FEcLlUaxXUTJAIDY2nmPcTqdNBrNZDL5hXiPqa6uXl5eNhgMx48fVyqVxArEjblWqy0oKCDG/cK5ubnKysp3797Z7XaLxSKTyYRCIYZhEolkaGiI+OieyL9y5UpycvLbt28jnR5mjwncQiaTiUQii8ViMBhOnDjR3d1NvUhGRoZKpVpfXzeZTGKxmOgZNBrNaDR6vV5ycSjWKS4ulslkNpvNZDLx+Xxi3K+AGIZVV1eLxWKz2WwwGAoLC8nHaW1tLSwsxGsS5lkoqkrONBqNdDp9dnYWD2/dusXj8fD3Fp2dnW1tbUF7TGAaxXYRJQMAYmvnPQbDMKVSmZSU1N/fTw67urpQFO3o6MjIyEhNTb1+/brL5Qpc7d69ewqFgljKL/R4PEql8vDhwwkJCRkZGVKp1GazYQH/LTSRPzw8jH98Hen08HuM3xZOp7O+vp7FYrHZbKVSiTcJikW0Wm1RURGdTs/MzGxsbCTGm5ub8RqS51Kss7CwUFFRgaLo0aNHu7u7iXG/AmIYZrPZhEIhiqIcDqejo4N8HL1ejyAI8Y0L5ywUVfXLbGhoKCsrw1+73e67d++y2eykpCSBQLC4uBi0xwSmUWwXUTIAILbisICfvP/S0tJSQUEB8duxoRw5cmRwcPDkyZNBQxAp6gLOz8+XlZV9//4dDzc3N1ksltVq9fvzGgAA+LN29TN/svn5eYoQRIq6gHq9Pi8vjwjHxsb4fD40GABAtMWsx4Boe/jwYXZ2tkgkWlxcVCgUra2t+LjD4ejp6Qn8E1QAAPjjYv9v+4MoKS8vV6lUbDZbKpU2NDTU1tbi48TnZLF9PADA/4M//3kMAAAAgIP3MQAAAKIFegwAAIBogR4DAAAgWqDHAAAAiBboMQAAAKIFegwAAIBogR4DAAAgWqDHAAAAiBboMQAAAKIFegwAAIBo+QcPQwwzTE40gAAAAABJRU5ErkJggg==)
HTTP POST data:
![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAAAjCAIAAADNIk3yAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAJ6ElEQVR4nO2cf0gTbxzHLzv1shuozXOppfbH/homYWJUIiIlNmSYioKolJSJjSESpmDLYEpZf4RFhEmBUH/IEImokIj1T6XJabbWmGMO0xVzzLhs2uy+fxwdY/djm7r88f28/to993me5/N+Pnf3ee55ju2gaRoBAAAAgDAQsdEOAAAAANsWyDEAAABAuIAcAwAAAIQLyDEAAABAuIAcAwAAAIQLyDEAAABAuIAcsxlJT08fHx/faC+AwIyPj1+4cEHE4Pfv35WVld++fQuyQQg9sM2AHLPp+Pjx458/fw4ePLjRjgCBqa2tTUtLEzGIjIyMiopqbm4OpjUIPbD92Ow5Znp6WiKRbLQXobFGn4eGhoqLi/+BDwsLC52dncE0Mj09HRcXt0aXQiXIYQyoYi2Ni3c3Pz8/MTGh0WjYs0tLS5WVlX4tazSa4eHhYBrfPKEHgPVis+eY/yHr8qBJTU11Op3iNm63W6fTrbGj8BGMBOSfq/DtjqKomJiY6Oho5nBpaamwsNDr9fpViY+PpygqmMYh9MD2A3LM+oOiqFwuX13dubk5s9mcl5e3djfYZ9+qYYWsRdFaWLuEf4nD4SgoKOju7l5d9U0VegBYLwLnmLm5uVOnTkkkkvT09Js3bzJrJnfu3Dl58iRr09bWVlNT8/Pnz/PnzyckJOzbt+/q1asrKyvI3zf3zs7OhISEvXv3PnjwAEGQkZGR48ePSySS5OTk06dPf/78ORhfP336tGfPnjdv3jCHS0tLZ8+elUgkqampV65cEemO11LIjZCMeUlOTv7w4QPz+8WLF+Ki/AyGhoZOnDgRGRkp1OPKysrly5cTExN3795dVlY2Pz/Pq9p3mUsikdy4cSMxMTEuLq6mpubXr18IgiwsLKSlpVEUtWPHjkePHvG6ygpJTk5+9+5dkIp8bYQGjatCRELwKoR8GxkZOXLkyK5duxISEsrKyr5+/cq14cad6xJ30HxJTU1ta2sLODjcUWLYVKEHgHWDDkRJSYlKpXI4HBaLJSMjIzY2lqbpmZkZDMN+/PjB2CgUisHBwTNnziiVSrvdPjk5eejQodu3b9M0bbPZEASprq52OBzPnz83mUw0TRME0dvb63K5rFbrrVu3rFarUO82mw3HcZqm3W63XC6/f/8+e6q1tbWiosJqtRqNxry8vJ6eHqHueC2F3AjJWMrBz3+ZTJafnz86OsqV9v79+/z8fJlM5ltYVFTU398v0qNOp8vKypqYmJiZmVGr1QaDgVc1O27MqdLSUrvdbrFYFAqFVqtl2jeZTDiOezwer9cr7mqQiriihALNVSEiIXgVQr7du3evr6/P7XY7HA6NRqNSqXwbZ+DGnfda8u2O2wjtc8WKlGzR0APAKgiQY7xeL4Zh7KNBr9czOYam6ZycnIGBAfrvLbS4uIjjOGs5NDSUk5ND/73QXS4X26bL5UJR1OPxBOMfe8MUFRU1NDT4npJKpRRFMb9JkszOzubtTshSyI2QjGc4+BlQFKXT6eLj48vLy81mM1NoNpvLy8vj4+N1Oh3bF2OM4zjjvFCPBEGMjY1xR8lPtd+Dxm63M+V6vT4rK8vPRsRVLkJmXFEigeaqEJEQvIpgJFgsFplMxn3uc+POey35eRVqjtnSoQeAVRAgx8zOzkZFRbGHRqORzTFdXV21tbU0Tff09JSXl/tZms1mZprGex9WVFRkZmY2NTV1d3e/fv1axAGmemtra0RERF9fH1vucrkQBGHfHuLj4wmC4O1OyJLXjZCMg8flcqlUKhRFmUMURVUqldvt9jPT6/X5+fkio+R2u1EUZeae3FHiLbHZbBiGseVGo5FVxBsaP1eDVCQkinfQeFWIP5pDUsH1bWxsrKCgICkpiYlpbGysXy3euAdMIavIMdsg9AAQEqvf8y8pKXn27BmCIE+fPi0pKQmp7uPHj3t7ezMyMpaXl5uami5evChivLi4qNfrnzx50tLSsrCwwBR6PJ6IiIjR0VGSJEmSnJiYIEmSt7qIJdeNkIwRBEngwHVgamqqsbHRYDB0dHQwJR0dHQaDoaGhYWpqytfS77MioVHauXNnoAFeJVxXgzfjFSUS6DCp4PVNpVLl5uYaDAaSJJmL1o/gL6c1stVDDwAhI56CmLUym83GHPquldE0rVAohoeHY2Njf/z44fV6hdbKuDMmX0iSTElJETprs9lQFDUajTRNK5XKxsZG9hSO47xLB9zueC2F3AjJOOBaWX19PY7jTU1NTqfTt9zpdGo0GhzH6+vrmRKv1yuVSoW2ptgeCYIgSdLvrPhkFvFZMBkcHBRaMBFyNUhFvKJ4JfCqCPgeE4wKXt++f//uOzcnSZL7HkPzxT0c7zH0Vg49AKyCwHv+paWlzB7p5OQku+fP0N7enpGRoVQqmcO6urri4mLunr/fPWA0GgsLC1+9euV0Ou12e11dHdsCF9/qJpMJw7CJiQnmsL6+PicnZ3JycnZ29vr16x0dHbzdCVkKuRGScUCqqqrYDM2rrqqqivltMBgUCkXAUdLpdNnZ2czGLzPx5FXN3fidmZmZnJzMzMxkN34pikJRlF1/F3c1SEW+okQGjasimBwTUIWQbwRB3L171+12m81mlUrFzIpQFDWZTOzqEzfuvNeSb3d2u913MYrrNoPFYvG9a/xGid46oQeAVRA4xzgcDqVSieN4WlpaV1eX793CrCc8fPiQOaQo6ty5c1KpNCUlRavVMncv9x5YXl7WarVyuTwqKoogiKqqKofDIdS7X3W1Wp2bm8v89ng8Go0mJSUlJiamqKiImQbyPhd4LYXcCMl4HWlubm5tbWUPhXr0er2XLl2SSqUYhqlUKmbiKf6gwXG8q6uLIIjY2Njq6urFxUXWTKvVxsTEsBFcX0QGjasiYI5ZiwqDwZCVlYVhmEwma2pqYq7hlpYW31rcuAu9grPdeTweDMP8Nsm5tQYGBjIyMkQGavuFHgBYAucYX0wmE7ttSNM0RVEYhvl9eAOsDrlc/vbt23VvNuBa5ZZg06pQq9W+e/VcPB5PWlpab2+viA2EHtjGoCFt3pAkeeDAAfbw5cuXx44d+/f/ZLUt+fLly0a7AIRMd3e3+NcB0dHR/f39R48eFbGB0APbmMA55tq1a0lJScXFxVartbW1tb29nSlfWFjo6empqKhYFz94v8hCEMRqtW65/8QE/j9ERkYePnxY3EY8wQDA9iZwjsnLy9NoNA0NDfv371er1TU1NUw5QRBKpbK6unpd/BCaDEKCAQAA2LrsoGl6o30AAAAAtifwv8sAAABAuIAcAwAAAIQLyDEAAABAuIAcAwAAAIQLyDEAAABAuIAcAwAAAIQLyDEAAABAuIAcAwAAAIQLyDEAAABAuIAcAwAAAISL/wC9cwMIHtC6VwAAAABJRU5ErkJggg==)
Screenshot: ![szvszinvonal.hu vulnerability](/twimages/screen-1027468.jpg)
Mirror: Click here to view the mirror
Coordinated Disclosure Timeline
Vulnerability Reported: |
30 November, 2019 22:21 GMT |
Vulnerability Verified: |
30 November, 2019 22:32 GMT |
Website Operator Notified: |
30 November, 2019 22:32 GMT |
a. Using the ISO 29147 guidelines |
![](/images/done.png) |
— |
— |
b. Using publicly available security contacts |
![](/images/done.png) |
c. Using Open Bug Bounty notification framework |
![](/images/done.png) |
d. Using security contacts provided by the researcher |
![](/images/done.png) |
Public Report Published |
|
[without any technical details]: |
30 November, 2019 22:32 GMT |