Open Bug Bounty ID: OBB-1104545
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:
      a. verified the vulnerability and confirmed its existence;
      b. notified the website operator about its existence.
Affected Website: |
element1.ir |
Open Bug Bounty Program: |
Create your bounty program now. It’s open and free. |
Vulnerable Application: |
Custom Code |
Vulnerability Type: |
XSS (Cross Site Scripting) / CWE-79 |
CVSSv3 Score: |
6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N] |
Disclosure Standard: |
Coordinated Disclosure based on ISO 29147 guidelines |
Discovered and Reported by: |
geeknik |
Remediation Guide: |
OWASP XSS Prevention Cheat Sheet |
Export Vulnerability Data: |
Bugzilla Vulnerability Data |
JIRA Vulnerability Data [ Configuration ] |
|
Mantis Vulnerability Data |
|
Splunk Vulnerability Data |
|
XML Vulnerability Data [ XSD ] |
|
Vulnerable URL:
![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAAA3CAIAAABVZQ1/AAAACXBIWXMAAA7EAAAOxAGVKw4bAAAQIUlEQVR4nO2db0xT1xvHr4Cs0FuFQgFpDRQNEkKQGMLYwjKnRhlrCENEt3UTN8IIwaUjzikmrKsGHYJuhG1m2RLkjb4wxhCyOEI06UjHBLGrFQGBQfnXsJY/7qqlVu7vxc1u7u/+621pLcrzecU599znPs85Rx/u0/I9a3AcRwAAAADADwQF2gEAAADgpQVyDAAAAOAvIMcAAAAA/gJyDAAAAOAvIMcAAAAA/gJyDAAAAOAvVkSOUSqVf/31F1fz5WZVBQsAwGoj8Dnm7t27S0tLW7duZW2+3KyqYAEAWIW4yTFjY2MSiYT10sLCwunTp7mawmltbc3Pz+dqCvfH3zADXFxcfO+997j8EeIqf7B+gsexubm5Q4cOyWQyuVz+5ZdfPn361Av7n3/+eVhY2MWLF73zamxsLDIy0ovnLgchi+X1DgeA1Yz37zHz8/O1tbVcTeF4lGMCCC3AxcXF3Nxcl8vFNT4hIcFms/HbXGnBlpSUOJ1Oo9F448YNg8FQU1PjqQW73d7Y2NjV1aVWq/3hoZ8Qslhe73AAWM0EuFY2PT09ODi4fft21uZKxmq17tq1q76+nmfMK6+8wnN1pQX75MmT3t7en376SS6Xb9my5dy5c1euXPHUCIZh4eHhW7duDQ4O9ujGkJCQ5ORk6g/PGf7FAgDAOwTlmO+++06pVEZFRX344YcLCwsIgiwsLCQmJmIYtmbNmosXL1Kb586dk0gkZ8+ejY2NjYyMPHjw4JMnT7gst7a27t69e+3atczm4uLiJ598IpFIEhISvvrqq2fPnjFvZ44hih4NDQ1KpVIsFu/fv99ut3/xxRcymSwqKurQoUOPHj3iuhf5r2ZC3B4ZGfnBBx+wxosgSEJCwokTJ3gmjVr8kUgkp0+flslkGzZs+OWXX1hj7+7ufuONNyQSiVwu37t37/3793kmobu7+7XXXgsLC5PJZPv27ZucnGR9yrNnz44fPx4bGysWi/ft22e323nWNCwsbHx8XCwWEwOGhobi4+MRBJmcnNyzZ49YLN60adP58+d5Cll2u502S48ePfr0009lMtnGjRu//vpr0n9mv1wuv337NoIgcrn8zz//JIb99ttvPDNMG8M6gawzwJwr2mIxdy9zAwAAIAT3OQbDMKPRaDAYbt26NTU1dezYMQRB1q9f39/fj6Kow+FQq9XU5rvvvoth2K1bt3p6enp6enp7e+vq6riM8xTKdDrd48ePTSbT9evX9Xr9hQsXmLezjiEc7uzsNBqNU1NTKSkpNpvNZDJ1dXWNjo5WV1fz28cwzGQyEfFaLBZiPC1egZNLncP+/n6z2dzc3JyTk8Mau0qlKikpsVgsnZ2dOTk5IpGIx8ne3t6ysjKr1Wo2mxUKRWVlJetT6urqOjo6Ojo6BgcH4+Pj+/r6eNaUysDAwJEjR4i3tMrKynXr1vX397e3tzc3N5NjZAyioqJos/TZZ59NTU319vZev369tbX1hx9+IO7l6qdRUlKyc+dOIvcw6e7u3rlzZ0lJCc8E8swAc0XIS8zdu8wNAACrF5yX0dFRBEEePnxINA0GQ1JSEnkJRVHqSKJJ3GKxWIj+q1evZmZmEj9bLJbExETyFgzDUBSdnZ1lbUZHR2MYRvxsNBqzsrKYD2WOIZ4+Pz9PdHZ2dgYFBT1+/Jj0f/Pmzfz2qfF2dnZyxcvTyTohZFyswc7OzoaEhDgcDpoRVidpDA0NxcXFsT4lJiamt7eX6RjXmhJMTEwkJSVdvnwZx3GXyyUSiairGRERQQ6jQZsQl8uFoujIyAjRbG1tzc7O5ulngmFYbW2tVCotLi4eHBwk+wcHB4uLi6VSaW1tLTE/XBPIMwPUuRKye3nWGgAALkLcJiEURcmv3MTHx8/Ozrq9RSQSbdy4kfg5JSXFYrGQtxsMBnJYe3t7VlYWWXuhNufm5mw2W2JiInFpaWkpJITuKtcYFEXXr19PdCoUinXr1oWFhZEOEB/t8tinxqtQKITE6xYURWklJlrskZGRRUVF2dnZO3bsiI+Pz8zMfPPNN3mcvHPnztGjR/v6+pxO59LS0tLSEvMpCwsLs7Oz6enprP7wrGlRUZFGo9m/fz+CIDMzMwiCUFeTHCaXy/mjnpmZcTqdSqWSvJf4H5yrn4lYLD5+/Hh5efnHH3+cmppKfs8tNTVVpVKNjIyQC806gfwzwFX049q9AAB4gfsc40OCg4M3bNhANnkKZQ6HIygoqKenh/xfNSiIXtZjHeN0OoV4IsS+X2F+o+zSpUu3b982m81TU1NVVVWvv/56dXU1l5MFBQWlpaUXLlwQiUQTExO5ublcD/L0s/fp6WmTyfTHH3+4HSmTyWg9//zzj0fPEsLw8HBNTY1er9fpdGSnTqerr6+vqKjQ6XSbNm0iOpkTeOrUKcTzGQAAwJfwv+YwC2JkqURgrezatWtktYGKy+WKjo4mCya0Jo7jKIqyVjmoD2WO4XGY1hRinydenk7aJeYYZrA0jEajQqHgcnJmZiYkJIQ6OCIigtWTmJgYo9EoPEbCN6pjtFrZtWvXnmetrLy8HEXRqqoqm81Gu2Sz2TQaDYqi5eXlzBvJCRQyA7iw3Qu1MgDwAu9/eY+OjnY4HA8ePGBtVlVVTU5O3rt3T6vVqlQq8q7FxUXiB4PBEBcXRxZMaE0EQdRqdUVFxb1796anp8+ePXvy5EkEQaRSqcPhGBgYIL6hxDpGIJ7eSwuQCzJAHpjB3r9//+23375586bdbh8fH29qasrIyOByUiaTSaXSH3/8cWFh4cGDB1qtlutBGo2mrKzs7t27k5OThw8f/v333936FhwcTHydjGzm5uZSV5O8JGfANHXgwAGNRjM+Pk7c+/777/P0M8EwzGw2NzQ0REVF0S5FRUWdP3/ebDZjGMYzgV7MAMKxewVuAAAA/g/+FMT/O69Wqw0PD29ubqY2GxoaUBQ9c+ZMTExMRETERx99RH7kTrV25MiR6upq0hStieO4w+HQaDQKhSI8PDwvL4/8tffYsWPkQ5ljhL/HsNr3KF7W8WST5z2GGazT6dRqtcnJyaGhoTExMWq12mq18kyCXq/PzMwUiURxcXFVVVVc7zEul+vo0aPR0dEikaigoIB4GxA+RQQTExO7d+8ODw9PSkqqr6+nXaVBM45hWFlZWXR0tEKh0Gq1LpeLv99ruCZQyAzgjMVi3b042wYAAICfNTiO+zZpjY2NpaWl/fvvv/zDtmzZ0tLS8uqrr7I2X25e3GDHxsYyMjLm5uYC7Yi/ELh7AQAQyHP9zJ/KwMAAT/PlZlUFCwDAaibAWjKrWdV/xRLwVQi4AwAA+IpA5pjVrOq/Ygn4KgTcAQAAfIjvc0xCQoLAcnZAFJd9dTrAczhlICBi8tRVYB5ekJCQQP0wxh+T4JNt4LVWv/Dd65EbATmwAABWAoF8j3lRVP0DRUDE5MlVcHt4ASJMEt9rB5YDaPUDwAohYDnmxVX1f4mhroKQwwsQX0vi+3AbrASt/oAfWAAAAcd9jmFKpnsqI88Kj6o/qyA8l+g64k7hnyrRT/LNN9/Q7NCqK9TixvT09DvvvCORSJRKZUNDA7XowbTD7z/TvsDTBL7//vs9e/aQt584ceLgwYO0KWU+l3WleMKhroLbwwtoQbFK67sV56cNoDogUKufNUYvtPqFu/r333+LxeI7d+4gCGK32yMjI2/evMl6C+uBBQCwqnCfY1gl0wXKyDPl30mzPIUyLuF3riMDuBT+mRL9pJ2e/+A/eoCgsrIyNDR0aGioo6OjpaXFrR2BwvVUO25PEygoKNDr9eRHBa2trYWFhTQ7rM9lrhRXOMxF8QjWfcIjzk9T5mc6IFyrn0eoHxGs1S/cVaVSWV1drdFoEASpqanJy8t76623EN7dDgCrF/4/0WSVTBcuI88qaYXzqvpziVnxiK5zKfxzSfSz2uH663dCsIv0hxS357LD4z+rfeGnCWRnZ1+5coXspy0K63OZK8UVDnNRWH2gQV7lktZnFednKvMzHRCu1c+6G73Q6vfIVafTmZKSotVqo6OjCUEBnHu3A8Bqxs3fYLJKpiOCZeS55N95VP15hN9ZRdd5FP65JPo9Em+fmZlZWlqi+sNvR7hwPYnA0wQKCgra2tr27t3b1taWl5dH+7yB67m0leIJh7YoHsG1T1jF+ZnK/EwHPNLq5xHqRwQvt0eurl27tqmpadeuXY2NjbGxsUSn28MOAGAV4r5WdunSpZ9//jk9Pd3pdFZVVR0+fJhrJFNEnat64MNvlJEq/Uaj0Wg0mkwmo9HonakVTmFh4a+//oogSFtbG7NQtnyW+YUurn0yPDxcWVlJFefX6XR6vb6iomJ4eJjHAS6D/tPqF+4qgiBWqzUoKMhqtZI9UCsDABY8eushJNOFy8izVg/4Vf0F1sqoouseKfxz2Xn48GFQUBC1ZkWtlY2OjhL9XLUy0g6X/1z2PTpNIC0traOjIyIigrRDwlUrYx4rwBoO13EDAmtlNEhpfS5xfqYyP/95Bzxa/fxnLgjX6hfuKo7j8/PzcXFxly9flkqlfX19RCfUygCAiZsc09fXl5ube+PGDZvNZrFYSktLVSoV67/q2trarKwsk8k0MTFB/DLIZVOv16elpXE1cRwvLS3Nz8+3WCxms3nbtm2NjY34f/9ZFBUVTUxMmM3mjIwMrVZLjC8vL8/OziYOp6qrq9PpdG5zDKudrKys0tJSq9U6ODiYk5ND3lJUVFRQUDA6Omo2m9PT06k5htUOq/9c9nlcxTAsJCSEesZwTU1Nenq6SqUie6ifWDCfy7pSrOEwV4H0h2aB+kTyKus+wXFcrVaT+YzVuFqtJn6mOcBlkLnNhOQY1mWiTa9wV3Ecr6ioKC4uxnH81KlT27dv57oLAAA3OYZVMl24jDwrblX9WYXfeUTXPVL4Jy7V1dUx7QwNDe3YsQNF0dTU1MbGRvIWq9WqUqlQFE1MTDxz5gw1N7Da4RKuZ7Xv0WkCRBmQbLoV0mddKdZwmKvA+giuJpe0vnBoDgjX6nebY3yu1d/T04OiKPFu5HA4EhMTW1paPLIAAKsHz2plPiE5Obmrq4urycUKOYWwv78/JiYmUE/HMEwkEtG+Q7UcyHAErgINHy6Kdw64ZYVsGwBYtQRA2/+FVvU3Go1JSUmBenp7e3tOTo4Pla/IcAK+CgF3AAAAfxCw82NeIE6ePBkfH5+fnz8yMlJdXV1TUxMQNxYWFpqamg4cOLBMO74K5+nTpwaDQaFQLNMfAABeZgL9IiWUABY99Hr9tm3bQkNDN2/e/O233wbEBxzHQ0NDCwsLmX+W6Cm+CqekpEQqlV69enWZ/vgVqJUBQGDx/VnLAAAAAEAQ4HMwAQAAgJcYyDEAAACAv4AcAwAAAPgLyDEAAACAv4AcAwAAAPgLyDEAAACAv4AcAwAAAPgLyDEAAACAv4AcAwAAAPgLyDEAAACAv4AcAwAAAPgLyDEAAACAv4AcAwAAAPgLyDEAAACAv4AcAwAAAPiL/wGXM+peVIMEagAAAABJRU5ErkJggg==)
Screenshot: ![element1.ir vulnerability](/twimages/screen-1104545.jpg)
Mirror: Click here to view the mirror
Coordinated Disclosure Timeline
Vulnerability Reported: |
26 February, 2020 15:03 GMT |
Vulnerability Verified: |
26 February, 2020 15:19 GMT |
Website Operator Notified: |
26 February, 2020 15:19 GMT |
a. Using the ISO 29147 guidelines |
![](/images/done.png) |
— |
— |
b. Using publicly available security contacts |
![](/images/done.png) |
c. Using Open Bug Bounty notification framework |
![](/images/done.png) |
d. Using security contacts provided by the researcher |
![](/images/done.png) |
Public Report Published |
|
[without any technical details]: |
26 February, 2020 15:19 GMT |