Open Bug Bounty ID: OBB-1045055
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:
      a. verified the vulnerability and confirmed its existence;
      b. notified the website operator about its existence.
Affected Website: |
fassen.net |
Open Bug Bounty Program: |
Create your bounty program now. It’s open and free. |
Vulnerable Application: |
Custom Code |
Vulnerability Type: |
XSS (Cross Site Scripting) / CWE-79 |
CVSSv3 Score: |
6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N] |
Disclosure Standard: |
Coordinated Disclosure based on ISO 29147 guidelines |
Discovered and Reported by: |
g0bl1nsec |
Remediation Guide: |
OWASP XSS Prevention Cheat Sheet |
Export Vulnerability Data: |
Bugzilla Vulnerability Data |
JIRA Vulnerability Data [ Configuration ] |
|
Mantis Vulnerability Data |
|
Splunk Vulnerability Data |
|
XML Vulnerability Data [ XSD ] |
|
Vulnerable URL:
![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAAA3CAIAAABVZQ1/AAAACXBIWXMAAA7EAAAOxAGVKw4bAAAPY0lEQVR4nO2dfUxb1f/H71iBAmU8la4DJg8hYAxhzay1xroQXJiShlRkuCEOpsvGlo3UuuFgRpEoWxgsUZGYpZJNF90fhBBCFiUNakeIIpLCGKu1I1BKV02prXZbx4r3+8fN7+bmPvVSKJT+Pq+/es499573+5xz+fSec3vYgqIoAgAAAABBIGKjBQAAAABhC8QYAAAAIFhAjAEAAACCBcQYAAAAIFhAjAEAAACCBcQYAAAAIFiEbozJzs6emJhgSoYTYWxtswNdE8ZMTEwcP36cpcDjx48PHjz4559/rpuksCREY8ytW7f++++/Xbt20SbDiTC2ttmBrglvamtrs7KyWApERkZGRUWdPn16vRSFJ35izNzcXHx8PO0ht9t9/vx5puQq6e/vLysro02+/fbbMTExV69eXau61g3aJiI5XQdY+vTvv/8+fPhwampqenr6u++++/jxY5bCG87c3FxSUhLL0VUqX5Ou4SLD772DX4TdcpBYEwuhAFHk4uLi5OSkWq3Gjz569OjgwYMkp2q1WqfTravK8ANlZXZ2ViAQcDnEUjIAZDLZ4OAgNelwOCIiIgwGg8/nW6u61g3aJiI53SgZGGVlZVVVVVar1Wg0KhSKs2fPrm23ri2zs7OJiYksR1epfK26xuv1shfwKxUvwG45eKzeQihAFEkS7PV6i4qKKioqSC42ha8QJxTnyu7du2cymYqKiqhJj8cTGxu7a9eurVu3bqDCtYLkdGN5+PDh+Pj45cuX09PT8/PzL1261NPTs9GiAofH4+Xl5QV8+hp2TXR09CqvgHtZpamAWb2FEMdut+/du7e9vX2jhYQhnGLMJ598kp2dnZKS8sYbb7jdbgRB3G53VlaWx+PZsmXL1atXiclLly7Fx8dfvHhx+/btSUlJNTU1Dx8+xK7z66+/vvDCC/Hx8enp6a+++uqdO3doq+vv7y8pKYmMjCQlFxcXiZViF3zuuediYmJSU1P379+/sLDAUgtt/qNHj9566634+PjMzMwPPvhgeXkZ+b/JgY6Ojuzs7KSkpNdffx1zTYSlDO01SS1GdcpdHpNxTNL58+dTU1N37Njx5ZdfIgiyvLzc2Ni4ffv2uLi4/fv3Ly4uMvVpTEzM/Px8XFwcVsBsNqelpREt3759OyUl5ebNmyw2P//883379uGnnDt3rqam5pVXXrl48SKWMzExER0djbfVsWPHzpw5c//+/WPHjqWmpu7cufPDDz8k9gLJzsLCwr59++Lj4/Pz87/55huGAYsgCJKenv7bb7/hye+//56lMLWA366hbViqZuI0F+19QR0YVKm4l/T09F9++YWjI2KZDbfAcjptR1OHBPGOi4uLe+211xYXF8+cOZOampqSknL48OH79++vSCSRzMzMc+fO+W1P2rYF/MD+mDM7O4sgSG1trc1mM5vNxcXFdXV12CGj0SgQCLxeLzZthSdnZmYQBKmoqLBYLGazuaCgoLm5GTtFJBJptVqn0zkzM3Pp0qWZmRnaSktLS69du0abJFX6xRdfdHd3u1wuu92uVqtVKhVLLbT5TU1NBw4cmJmZmZ6eLioq6uzsxF0fOnTIZrOZTCaFQnHixAnalqEtQ3tNqniSNe7ymIzjkux2+3fffWc0GlEUbW1tlUqlk5OTVqu1vr5er9ez9CmO0WhMS0sbHR3F5wpcLldeXt7ly5fxMrTarFYrn8//559/sDIFBQV9fX1arbakpATL+eijj3g83vXr17FkTk7O0NDQm2++qVQqLRbL1NTU7t27P/30UyY7KpWKOLTwiSMhBZIjsVhcXFw8NjZGHW+jo6PFxcVisZiY6bdrqA1Lq5k4zcV0X5AGBotUjo6opkLBAtPptB1NHRJYserqaqvVit1xQqEQG8bYE2d9fT13kbSTYNRM2mK0AwZgglOMwf9kjIyM5OTk4Ido12OwUywWC5bf29srlUpRFHU6nTwej3Zi12KxZGVlYZ89Ho9AIHA6nbRJlulRs9ksFouZamHKFwqFHo8H+2wwGGQyGdX18PAw7pqpZYhlaK9JFU+0tiJ5tMZxSXhbYYhEovHxcRblxD7FsFqtOTk5WBjANZeWlpICLZM2uVze09ODn+v1em02W2xsLOZOJpNpNJqqqiqswLZt27xer0AgwL8K9Pf3y+VyWjs+n4/P5xOHFh5jrBRIreTxeFpbW5OTkysrK00mE5ZpMpkqKyuTk5NbW1txLyi3rqE2LK1mv/cFSjcwqFKpMBWjmgoRC0yn03Y0dUhgxVwuF5Y5PDwcERHx4MEDLDkyMpKbm8tdZGAxhmnAACysbM2fuOTIEmP4fD6ePz09LRKJsM8HDhyQSCQajaa9vf3HH3/Ey/h8PpvNhn3u7e0tLi7GD5GSpErHx8f37t2blpYmFAqTk5MxbUy1UPOdTieCIPg33+TkZEwqi2u/LcN0TeopJGvc5TEZp94hLpeLx+OR3o/w604ul2NPEnjhpqamiIiI7u5uvAyLtgsXLtTW1qIo2tnZWVlZiWVKJJKhoSG73Z6RkeFyuUQikc/n02q15eXlNpstKioKv7LJZMJDJsmOzWYjDa2VLoA7nU6VSsXj8bAkj8dTqVT4ny0cv11D27C0mrncF7R/70hSOTpiMhUKFphOp+1o6pBgH7d4kqPIwGIM04ABWFjXNf9vv/1Wq9UWFhYuLS1pNJpTp05h+Vu3bt2xYwf2meWtZSoqlWrPnj16vd5gMNy4cYO9Fmq+1+uNiIgYGxszGAwGg2FyctJgMKzSI/drkqytSB6tcSZW9H7EvXv3Jicn8UZDEOTBgwe9vb3Xr18/e/Ysvo7Coq28vByTNDAwUF5ejmWWlpbqdLqBgQGlUpmQkCCRSPR6vU6nKy0t5a6NhVQK1DJ37949efKkXq9vaWnBclpaWvR6/YkTJ+7evUss6bdrsPzgvXhClcq9GK2pkLWwuWAaMAAb7CEosOcYhPCs2tfXhz+rEjEYDBkZGaRMn88nFArxZ2RSklTpX3/9Rfz6ZjAYqN9qaWsh5gsEAtrpgoCfY5iuSTqFao27PCbjtF/NRCKRwWDg7s7n85EanMfjTU9PoyiqVCpPnjyJH2KyiaJoQUGBTqdLTEwkzsjJZLKysrIbN26gKNrV1VVfXy8Wi202G+3ECK0d0lxZX18f97myuro6gUCg0WgcDgcx3+FwqNVqgUCAL0px7Bpqw9Jq5nJfkM5iksrREa2pULDAdDptR9POlXF8juEiMuD1GPa2BagEHmM8Hg+Px8MnW/EkvuZmtVqnpqYkEgm25jY9Pf3SSy8NDQ05HA6LxXLkyBGlUolfGZss1uv1BQUFeCYpSdUjEom6urpcLpfJZFKpVImJiUy1MOXX1dXJ5fKpqSmbzdbW1tbS0sLuGp/UZilDe01Si5GsrUgerXGqJIzW1laZTIat62LfK/1GUOLEPbGw0Wjk8/mTk5PsNlEUff/99wsLC4n9i2kWiUTYxa1W67Zt2yQSCXboyJEjZWVl1DV/qh1szR8fWtznyqqrq2dnZ5mOzs7OVldXY585dg21YWk1UxfMSfcFSrmV2KVydEQ0FSIWmE6n7WjqkFhRjPEr0mKxEKfUSE5xzGYz7RgjDhiAncBjDIqizc3NsbGxV65cISY7OjoEAsGFCxdEIlFiYuKhQ4ewdbmlpaXm5ua8vLyoqCiRSFRdXW2320m1nD59uqmpCb8+KUnVo9frpVIpn88Xi8UajSYxMZGpFqZ8r9erVqszMjJiY2NLS0uxr05Mrlm+B5HiEPWapBYjWVuRPFrjVEkYPp+voaFBKBTy+XyVSuVwODjeq7Q26+vr9+zZ49cmNm+GDwyMqqqqiooKPCmVSvEW8Hg8R48eFQqFGRkZzc3N2CIBrR2r1VpSUiIQCPLy8trb24Pxg0SOXUNtWFrNxD/QtPcFBulWWltCxALT6bQdTR0S3GMMF5Fer5fP55NeqaAq6enpKSws9NfAABt+YkwA0I4YjuTl5f38889MyXAijK2hKOrxePh8PukNt81CkLpmNfdFiLBKC+vTAtxrqa+vJ77ZQcXr9WZlZWm12jWS9v8U3rou/vjj999/Z0mGE2FsDUGQwcFBhUKx/jtrrQnh3TUATnt7O/s7PtHR0deuXXv++efXTVJYsoL3ymCfc4ALbrcbe2t5o4UAABuRkZHPPPMMexkIMKuHa4yBfc4BjuDz4BstBACAjWcLiqJcyn388cd2u/2zzz4LuKa5ubmCgoJ///2XvZjb7e7q6mpsbAy4IgAAACBE4Pocs/r/pZGZmelwOPwWc7lcra2tq6kIAAAACBE4xZi12uc87HcIBwAAAIhwijEB7HPOskM4supNwgEAAIBNAdcYg0+UKZXK2tpai8UyPDysUCj4fD6CIG1tbTqdTqfTmUymtLS06elpBEE8Ho/RaJyamrpy5YpCoSBd0+PxjI6Ojo2NjY2NjY+Pt7W1IQiSkJCA779dXV2NIEhtbe2LL75I/EcgAAAAwKbB7y9oAtvnfJZ5h3D86Brucw4AAACEIP6fYwYHB2UyGfZ7uqSkpIqKCrlc/s4773R0dPz0008IgrjdbqfTWVhYSDpRIBCw/AqPz+fv3LkT+/zkk09aLBbaYnFxcY2NjWazeWlp6amnnuIQNAEAAIBQwX+M2Sz7nAMAAAChhp8Ys7y8PDAwQHpr+emnn66pqWlsbOzu7u7r60tISEhOTl7pFgBer3d+fh77bDKZnnjiCdpix48fl0gkYrHYZDLBj2YAAAA2F35izMjIiFgszs7OxpJ37tx5+eWXf/jhh8XFxfn5+c7OTolEgiCIWq0+evTorVu3FhYWTp06dfPmTS51azSahYWF27dvNzc3K5VKLFMoFHq93j/++ANLejyeqampjo6OlJSUAC0CAAAAG4SfGEOaKMvNzZXL5XV1dWlpaVKp1Ov1arVaBEEaGhqKioqKi4tzc3OtViuXhROBQCCVSnfv3q1QKAoLCxsaGrD8uLi49957TyKRYO8uf/3115mZmYH7AwAAADYOP3vJ5Ofnf/XVV88+++za1spxXxkAAABgU+Nnb3/Y5xwAAAAImBXs7Q8AAAAAKwJiDAAAABAsuO7tDwAAAAArBZ5jAAAAgGABMQYAAAAIFhBjAAAAgGABMQYAAAAIFhBjAAAAgGABMQYAAAAIFhBjAAAAgGABMQYAAAAIFhBjAAAAgGABMQYAAAAIFhBjAAAAgGABMQYAAAAIFhBjAAAAgGABMQYAAAAIFhBjAAAAgGDxP+KJ+Dwv2EWsAAAAAElFTkSuQmCC)
Mirror: Click here to view the mirror
Coordinated Disclosure Timeline
Vulnerability Reported: |
20 December, 2019 11:03 GMT |
Vulnerability Verified: |
20 December, 2019 11:12 GMT |
Website Operator Notified: |
20 December, 2019 11:12 GMT |
a. Using the ISO 29147 guidelines |
![](/images/done.png) |
— |
— |
b. Using publicly available security contacts |
![](/images/done.png) |
c. Using Open Bug Bounty notification framework |
![](/images/done.png) |
d. Using security contacts provided by the researcher |
![](/images/done.png) |
Public Report Published |
|
[without any technical details]: |
20 December, 2019 11:12 GMT |
Vulnerability Fixed: |
13 January, 2020 16:39 GMT |
— |
— |