Open Bug Bounty ID: OBB-1083406
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:
      a. verified the vulnerability and confirmed its existence;
      b. notified the website operator about its existence.
Affected Website: |
trungmy.com |
Open Bug Bounty Program: |
Create your bounty program now. It’s open and free. |
Vulnerable Application: |
Custom Code |
Vulnerability Type: |
XSS (Cross Site Scripting) / CWE-79 |
CVSSv3 Score: |
6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N] |
Disclosure Standard: |
Coordinated Disclosure based on ISO 29147 guidelines |
Discovered and Reported by: |
geeknik |
Remediation Guide: |
OWASP XSS Prevention Cheat Sheet |
Export Vulnerability Data: |
Bugzilla Vulnerability Data |
JIRA Vulnerability Data [ Configuration ] |
|
Mantis Vulnerability Data |
|
Splunk Vulnerability Data |
|
XML Vulnerability Data [ XSD ] |
|
Vulnerable URL:
![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAAA3CAIAAABVZQ1/AAAACXBIWXMAAA7EAAAOxAGVKw4bAAAQNklEQVR4nO2df0xT1/vHrwVZgdsBpRQsOH7EoSEEiSOMP+rG0GyONYQgQ+c6QUccEmUd2Q/BhHW4oGPDbYSZZdFFyZL5hyOEkIURNpPOEEVkDDvEihVKheoKgrtgwcL9/nHzPenn3nNvW+kP1Of1V8+55z7nfX7IY8+9fZ5VNE0TAAAAAOAFRP4WAAAAADyxgI8BAAAAvAX4GAAAAMBbgI8BAAAAvAX4GAAAAMBbgI8BAAAAvMWK8DGJiYl///03XxEgYE4AAHg88b+PuXr16tLS0saNG7FFgIA5AQDgscWJjxkdHZVIJNhLMzMzR48e5Su6TltbW15eHrf4yAafPNCc3Lt3b8+ePVFRUbGxsZ988snDhw8fwdoHH3wQHBx85swZt+5CO2F0dDQiIuIR+l0OAvsQARsGAFYitCAjIyMkSbpySaClMJmZmZ2dndziIxt88kBzkpeXt2vXLrPZPDQ0pFQqDx065K4pq9UqEon6+/vtdrtbN6LlGBkZCQ8Pd7ff5WOz2YQbwIYBgBWIn8/KJiYmDAZDdnY2tggQDnPy4MGDvr6+H374ITY2dv369cePHz937py71iiKCgkJ2bhxY0BAgFs3BgYGJicnO37wMc8884zvOwUAYJm45GO+/fbbxMTEyMjId955Z2ZmhiCImZmZhIQEiqJWrVp15swZx+Lx48clEsmXX34ZHR0dERFRXFz84MEDPsttbW2vvvrq6tWrWUWWfeao5OjRo1FRUWvWrDl16hTr8AQd4DD1DQ0NiYmJERERb7/9NiOYIIiJiYk33nhDIpEkJiY2NDRw24eGhu7YsWNycvKjjz6KioqKjIzcs2fP7OwsQRDffffda6+9hro7fPhwcXExayyLi4tVVVXR0dGhoaFvvvnm5OQkQRCzs7PvvfdeVFTU2rVrP/vss8XFRdc7Zc1JcHDw2NhYaGgoUz88PKxQKAiCuHz58ubNmyUSSWxs7Pbt269du8Y325OTk46zyicPWxkbG3vlyhXmw6VLlxiDv/32G++m4TTA6uROGnetif89qcPuLtaGEVYFAIDvEP6aMzIyQhBESUnJ+Pj48PBwTk5OWVkZc2loaIgkSZvNxpy6oKLRaCQIorCw0GQyDQ8Pp6amarVaPvu5ubk//fQTtuhon5Gxe/dui8XS0dExNDTEPaljDnBQy/HxcYPBoFQqy8vLmTYFBQX5+fkWi2V4eDgtLc2xvVqtNpvNTHuZTMaMl/n2UFFRQdO02WwWi8X3799nTKWmpra2trLGUldXl5GRMTAwYDabKyoqdDodTdN79+5VqVQmk0mv12/atKmxsdH1TrFThCZHoVD09PTQNC2Xy0+ePDk1NWU0Go8fP240Gpk2Mg7cVcPKw1ZiiYmJycnJ6e3t5V7q6enJycmJiYlBNVid3EnjrjX9vyd1fLuLNTQAAFYCLvkY9Le1u7s7KSkJXcI+j2FuMZlMTH1LS0tGRgbz2WQyJSQkoFsoiiJJcmpqClt0tM/YRJewvTv6DCT4woULjGC73S4Wi9Hf35aWFsf209PTqL1IJJqbm0PjXbduHfM5Kyvr3LlzqGvu4wG5XN7X1+dYY7fbSZJEnba1tWVlZbnVKWtOGMxmc1JS0tmzZ2manpqaCgwMxD6rMHNgzRtWHp9mLBRF1dXVSaXSoqIig8HAVBoMhqKiIqlUWldXR1EUU8mnkztp3LWmXdtd8DwGAFYggU6/6JAkiU6lFArF1NSU01vEYvHatWuZzxs2bDCZTOj27u5u1KyzszMzMxO9pMQqcmW4+DqTo+C4uDhG8N27d5eWlhITE5Eqx/ZhYWGo/bPPPhscHIwEW61W5nN+fn57e/v27dvb29tzc3NZjwdmZmampqbS0tIcK+/evbuwsODYKfMn0vVOsXNSWFio0Wh27NhBEERERERhYWFWVlZOTo5CocjIyHj55ZeZZrGxscIThZUnoJlLaGhoVVVVWVnZ3r17U1JSmPfcUlJSVCqV0WhEA+TTiZ00wtla8+0uAABWID595h8QELBmzRpU5HtreWVSUFDw66+/EgTR3t5eUFCAbePug3SncOdkYmJiYGDg4MGDqObnn38+efJkWlrawsJCZWUluhTFwbPaGG7evHngwAGdTldbW8vU1NbW6nS68vLymzdvOrbk0+nxSQMAYOXgFR9js9nGxsaYzwaD4bnnnuO2WVxcbG9vR39AWUWnSKXSubm5//77jymazWbh9nK5XCQSjY6OMsWhoSEXO0I8//zzcrn8999/v3jxYm5uLutqWFiYVCpl/RRfLpcHBQXdunULdZqQkOB6j9g5kcvler2e1fKFF14oLi6uqqr68ccfW1tbmcp+Dqy7sPLc0rx///709PSYmBiDwVBVVcVUVlVVGQwGuVyenp6+f/9+AZ3YSXOKK7sLAIAVwqP7GJlMZrPZbty4gS1WVlbevn37n3/+0Wq1KpUK3TU/P8986O7ujomJQWcyrCLXIAuJRJKRkVFZWXnnzp0bN24cOnRIWG1AQIBKpdJoNKOjo4yqRxhyQUFBZWWlUqlEZ3FoOARBaDSaffv2Xb169fbt2wcPHvzzzz8DAgJ27typ0WjGxsaYTnft2uV6d9w5YQbCvE7GcO3atddff/38+fOTk5NjY2NNTU3p6enMpVgOLPtYeW5ppihKr9c3NDRERkY61kdGRn799dd6vZ6iKGGd3ElzZWawu0t4wwAA4B+EH9fwPVpn0Gq1ISEhp0+fdiw2NDSQJHns2DG5XB4eHr579270NNvR2ocfflhdXY1MsYos+9jHucx7biRJpqSkNDY2omf4fIItFotKpSJJMiEh4dixY07bc4vMVwE0Xta9drv9448/lslkYrE4Pz/farXSNE1R1L59+2QyWVxcnFarZV55crFT7JywGi8sLGi12uTk5KCgILlcrlarLRYLzQ+ra6w8bOUy4dPJnTTsWjs+8+fbXTRnQwIA4HdW0TTtWac1OjqampqKTrH4WL9+fXNz84svvogtepvr16+/9NJLd+7cceuu2dlZmUw2Pj7um2AqPp6TxwIXdxcAACsE5++VeYnr168LFL1Nf39/UlKSu3d1dnYqlUqfRevy8ZwAAAB4HD/HkvFlVP8jR46cOnXq33//vXTpUnV1dVlZmVu3z8zMNDU1FRUVeUneysHveQT8LgAAAE/hTx/j46j+2dnZJ06ciIuLU6vVFRUV3GAwwqAHAF6St0Lwex4BvwsAAMCDeN7HxMfHu3hc7uPfx2zevPnKlSsGg8Fisbz//vvu3j4/P//LL7+gn166Em1+mfglWL3jKszPz7/11lsCw/TGJAhvAxd31wrJBeDfhAgAsBLw5/eYx+s3mL5nenq6rq7Ox52iVZifn9+2bZvdbhdoHB8fj0ISeFzAcnBFmF+mFwCeNvzmYyCq/wrEcRUsFsvWrVu/+uor4Vs8G3Lfg9tgJeQC8HtCBADwO859DDckOzb6OjayvQB8Uf0JwXj42JQB8/Pz7777rkQiiY+P//TTTxcXFwUi/DN88cUXLDt8yQIInqQAfHaE9XPt80llBat3JbkAt1/sSgkMx3EV4uPjDx8+LLyIjoPChu53K/g/S4CPcwG4LvXWrVuhoaF//fUXQRCTk5MRERHnz5/H3oJNiAAATxXOfYxKpSopKTGZTBcuXFAqlWKxmCAIiqKGhob0ev3p06eVSiVBEPX19V1dXV1dXQaDQaFQDA4OEoIhswQOyioqKsbHx/v6+jo6Otra2k6cOMHUUxTV09PT29vb29vb19dXX1/P1NfW1s7NzQ0MDHR0dOh0uu+//55pPDAw0N3d3dPTYzKZqqurUV8URfX+P452+Dhw4EBQUNDw8HBXV1dzc7NTO3z6+cBKDQsLQ8Hq1Wp1fn6+TqdDjyLa2tq4MdOw/XJXim843EVxC+w+KSkp2bJlC/N3lsXly5e3bNlSUlLCJwBrELvNuGN0BLttWNPrltTExMTq6mqNRkMQRE1NTW5u7iuvvEL4KkAcADxmCP9EExuSHRt9nRukneYJL08LRvUXjoePDeouk8lQDPn+/v7MzEy+CP8Cdvh+ey+cFIBrR0C/W8kIuLcIJxfA9stdKb7hcBcFq4EFusoXut/14P8sAb7PBeCW1IWFhQ0bNmi1WplMhgIr8O12AHiacfIbTL7Q8azo63xB2vnCywtE9ReILY8N6n7v3j2r1YriNi4tLQUGBhI8Ef4F7PAhkBQAa8et2PgMAlIdEU4uwNcva6UEhiOcW0EYvn3ievB/lgDf5wJwS+rq1aubmpq2bt3a2NgYHR3NVDpNpgAATyHOz8r4QrJz4QZp5zs98OAbZTabTSQS9fb2MqGFBwYGuAGGnwxcSS6wHJb5QhffPnE9+D9LgO9zAbgulSAIi8UiEoksFguqgbMyAMDg1ree/v7+uLg47PmJXC7v7+9nVWJPD+x2u0wmQ8c13KIrZ2Wtra3o0IMkSe75CV/QST479+/fF4lEjmdWjmdlIyMjTD3fWRmyw6efz76wVNY8p6amdnV1hYeHIzsIvrMylgW+4bBWgW8mXbzK7BOapsvKykiSrKysZCKEIqxWq0ajIUkSpe7mE8AyyN1mTmNo8m0b1o2uS6Vpenp6OiYm5uzZs1KpdHBwkKmEszIA4OLExwwODm7btu2PP/6wWq0mk6m0tFSlUmH/VdfV1WVmZjKJ2Zn/DPLZ1Ol0qampfEWapktLS/Py8lj55FEid7PZrNfr09PTUSL3srKyrKwsvV4/Pj5eX19fW1vr1Mdg7WRmZpaWllosFoPBoFQq0S2FhYX5+fkjIyN6vT4tLc3Rx2DtYPXz2ReQSlFUYGAgejZA03RNTU1aWppKpUI1jk8suP1iVwo7HO4qID0sC449oqvYfULTtFqtRv4Ma1ytVjOfWQL4DHK3mSs+BrtMrOl1XSpN0+Xl5UVFRTRNf/7559nZ2Xx3AQDgxMdgQ7Jj/1VjI9tjcRrVXyAePjaou81m02g0cXFxISEhubm5RqPR6ZeD+vp6rh1ssgBaMCkA1g5fbHx3kxHQnGD1wskFuP1iVwo7HGweAaw8bNHdFANcWAJWci6A3t5ekiSZ70Y2my0hIaG5udktCwDw9ODeWZlHSE5OvnjxIl+RD+FDG58xNDQkl8v91TtFUWKxmPUO1XJAw3FxFVh4cFEeTYBTVsi2AYCnFj/E9vdvVP9l8mhJATyFx5MLoOH4fRX8LgAAAG/gt/wxjxFHjhxRKBR5eXlGo7G6urqmpsYvMpjkAjt37lymHU8N5+HDh93d3XFxccvUAwDAk4y/v0i5ih8PPXQ63aZNm4KCgtatW/fNN9/4RQNN00FBQQUFBdyfJbqLp4ZTUlIilUpbWlqWqcerwFkZAPgXz+daBgAAAAAGP+fBBAAAAJ5gwMcAAAAA3gJ8DAAAAOAtwMcAAAAA3gJ8DAAAAOAtwMcAAAAA3gJ8DAAAAOAtwMcAAAAA3gJ8DAAAAOAtwMcAAAAA3gJ8DAAAAOAtwMcAAAAA3gJ8DAAAAOAtwMcAAAAA3gJ8DAAAAOAt/g9V5KtwOYiSKgAAAABJRU5ErkJggg==)
Mirror: Click here to view the mirror
Coordinated Disclosure Timeline
Vulnerability Reported: |
3 February, 2020 16:41 GMT |
Vulnerability Verified: |
4 February, 2020 08:18 GMT |
Website Operator Notified: |
4 February, 2020 08:18 GMT |
a. Using the ISO 29147 guidelines |
![](/images/done.png) |
— |
— |
b. Using publicly available security contacts |
![](/images/done.png) |
c. Using Open Bug Bounty notification framework |
![](/images/done.png) |
d. Using security contacts provided by the researcher |
![](/images/done.png) |
Public Report Published |
|
[without any technical details]: |
4 February, 2020 08:18 GMT |