Open Bug Bounty ID: OBB-1126533
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:
      a. verified the vulnerability and confirmed its existence;
      b. notified the website operator about its existence.
Affected Website: |
clanandersonsociety.org |
Open Bug Bounty Program: |
Create your bounty program now. It’s open and free. |
Vulnerable Application: |
Custom Code |
Vulnerability Type: |
XSS (Cross Site Scripting) / CWE-79 |
CVSSv3 Score: |
6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N] |
Disclosure Standard: |
Coordinated Disclosure based on ISO 29147 guidelines |
Discovered and Reported by: |
g0bl1nsec |
Remediation Guide: |
OWASP XSS Prevention Cheat Sheet |
Export Vulnerability Data: |
Bugzilla Vulnerability Data |
JIRA Vulnerability Data [ Configuration ] |
|
Mantis Vulnerability Data |
|
Splunk Vulnerability Data |
|
XML Vulnerability Data [ XSD ] |
|
Vulnerable URL:
![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAAA3CAIAAABVZQ1/AAAACXBIWXMAAA7EAAAOxAGVKw4bAAAPn0lEQVR4nO2df0wb5RvAb1vHOjjGr3JjwORHJiwLwWZWxIiGsIVNJKQiI3PiqG7Z2OKQVERhy0RURhhgVCTGsGVzRv1jWQghiy6IWidxgHiwyrB2hJVSqgLCrFspxfv+8eZ7Oe9Xr7S3VX0+f9373nPP+zzPPW+f3nv0ZQVFURgAAAAAyMDKu20AAAAA8K8FagwAAAAgF1BjAAAAALmAGgMAAADIBdQYAAAAQC6gxgAAAAByEbg1JikpaWhoSKgJAH4hQPIqQMwAAL8ToDXm6tWrf/3113333cfbBAC/ECB5FSBmAIAceKgxN27cCA0N5T01Pz9/4sQJoaaPdHZ2FhQUCDXvFiLRuANDR0RE3JWhfUdK3PybPxKh8+r3339/9tlno6Oj4+LiXn755cXFRa/0+JgYfklviTZ4jDOt586nnL9c8FG/H0cEMF+eY+bm5urr64WaPhKYNQZYHgkJCdPT0+Iy/s0fidB5pdPpXC4XSZI9PT29vb3Hjx+/K2b4gpQgY3cpzhIJWBcCOWiBTyCulU1NTZlMpuzsbN4m8E9kzZo1d9sENnRe3b59e3Bw8IMPPoiLi0tNTW1paTl//rxXqhQKRUpKio9mLO9yJn4JMu2LL04tmwDME8BHJNWYt99+OykpKSoq6plnnpmfn8cwbH5+PjEx0eFwrFix4uzZs8xmS0tLaGjoyZMn169fHxERUVpaevv2baSnv7//kUceCQ0NjYuLe/LJJ69du8Y7XGdnZ25u7urVq1nNJ5544uTJk6hzaGhozZo1yBgMww4ePPjSSy+JC9x7773il7PMWFpaqq6uXr9+fUhIyK5du2ZmZlgC/f39Dz300Nq1a6Ojo3ft2jU5OYn9/3m8ubk5KSkpIiLi6aefpkfxVn5ycnLHjh2hoaGpqakff/wxPe7CwsK+fftCQ0MTEhJeffXVpaUlWs+JEyeio6M3bNhw6tQpoYD/+eefBw8ejI6O3rhx42uvvca8XMhs3rvGq4c3aMw1Cl7jWen03nvv7dixg/b36NGjpaWlzMiLuMCKwNTU1OOPPx4aGpqUlNTc3Mxc/KHzau3atRMTEyEhIajfbDbHxsaKOM4lLi7u+++/R8eff/65kBgNU4aZ7UIjcqPKdZYZZHTMnYOsOPOaSvsSFxd35coViU4xBXi9kMkFIdt45xoLifOIOyLgHZQo4+PjGIbpdDqbzWY2m3NycsrKytCp0dFRHMedTqfb7WY2x8bGMAwrKiqyWCxmszktLa22thZdQhBEe3v77Ozs2NhYS0vL2NgY76B5eXkfffQRt9ne3p6bm4s633jjDYVC8emnn6JmcnJyT0+PuEBlZaX45Swz6uvrNRrN8PCw1WotLy83GAzj4+M4jtMC77///unTp+fm5ux2e0VFhVarpSO2d+9em81mMpmysrIOHz68PHmtVssMY3h4OOqvqanZvXv32NjYyMhIdnZ2a2srU4/dbv/ss89GR0eFAv7cc8/l5+dbLBaj0bh169Z33nlH3Ayhu8arhxs0pJyOG6/xrHSyWq1KpfLmzZvoVFpaWkdHB/PWiLvAjEBhYaFWq7Xb7WazOT09nY4hN81oM2JjY/v6+kQcV3FgaoiJicnJyRkYGKD46Ovry8nJiYmJ4TVDaETeVGQ5ywwyOss7B5lxFjdVolNcj3i9kMkFIduE5hpz/kqfR6wRAa+QVGPo2d7b25ucnEyfYt4wuokusVgsqP/ChQsajYaiqNnZWYVC4XQ6uaNYLJbExER07HA4cByfnZ3lNm02W3BwMNKQkZGh1+v37NmDRly3bp3L5RIXsFgs4pezrCIIYnBwkBUNpstMzGYzmmasiF2+fJmOmFfybrdbqVQyw0h/PqpUKofDgY5JkszIyKD10HETCrjb7cZxnP7w6uzszMzMFDFD6K4J6eEGjRU3XuMpTmwzMzPPnz9P9zMNEHeBGQEUQ1qSGUNWmiGsVmtycjL65iGSrlYOzLMOh6O+vj4yMrK4uNhkMtH9JpOpuLg4MjKyvr6ejgDTDJEReVOR5Sz3A5o7B1liQqZy4ZXk9UjIC5lckOIFc64xL5Q4j7gXAl7hucawCgk9S0VqjFKppPtHRkYIgkDHu3fvVqvVer2+qanpq6++omXcbrfNZkPHFy5cyMnJoU+xmmq1uqenx263x8fHz83NEQThdrvb29sLCwulCHi8nGZubk6hULC+trBcHhwc3L59e2xsrEqlioyMRJERiZhX8jabjRVG1D87O4thGP0NOjIyEoWXdxpwA26z2YKCgmgBk8nEO/2YZvPeNV49vEFjKhcynmtAQ0ODTqejKKq1tbW4uJipTaILXEk6hhQnrxCZmZnokUjEcYnMzs5qtVqFQkH3KBQKrVY7NzfHFGOZwTuilFSkOB/QQnOQeyHXVIlO8XrE64XcLnBt8zjXvJpHUGN84Y6+8//kk0/a29vT09NdLpderz9y5AjqX7Vq1YYNG9Cx+F+U5eXldXd3d3V15efnh4WFqdVqg8HQ3d2dl5cnRcDj5SxWrVol4o5Wq3300UcNBgNJkhcvXvTovrfyvDidzpUrVw4MDJAkSZLk8PAwSZJCwkIB9wpvlYgETbrxhYWFKERdXV2FhYXLMFsc7p9yTU1NDQ8PM70TcjyaA0v59evXn3/+eYPBUFdXR3fW1dUZDIbDhw9fv35dyAyRUIun4rLhNVWiJK9HmOg0l8MFXts8zjWv5hHgE+IlaHnPMRjjIbejo4N+yGVCkmR8fDyr0+12q1QqenGD1aQoqre3NyMjo6Cg4OLFixRFtbW1lZeXx8TE0I9B4gIeL2dCEARJkkLR+PXXX5lf/UiSFH8u8VaetVbW0dFBRx7HcfH1KF5QwEUWmoRuNFcJJbpWxgoaSzmv8bz2p6WldXd3h4eH0yt4CIkuUP+P4fj4OGrSa2XcvEKdQi8Iqb+nq/haWVlZGY7jer1+enqapWR6erqiogLHcfRSk9cM3hHFU5HbIzIHmWIiprIQkmR5JOKFTC7w2iZxrkmfR/Ac4wvLrzEOh0OhUNALoHSTfllntVqNRqNarUYv60ZGRnbu3NnT0zM9PW2xWPbv35+fn09rRgu4BoMhLS2N7mQ1EQRBEASB5K1W67p169RqtXQB8bPMdeT6+vqMjAz0lhJ9S7p586ZCoRgdHUVP/QRBtLW1zc3NmUwmrVbrca3MW3n0zp8OI91fVlaWmZlpNBptNltjY2NdXR1Xj0jA9+/fX1BQwH1hzmuGyF3j1cMNGsX5XOMaT3HSiaKo48ePp6en08Mxb40UFxBFRUVarXZ8fNxoNNLv/HnzijWEeLqKUFJSQlc1XsbHx0tKSrhmiIzIjaqUD2juHKT+HmePpkp0ivZIxAuZXBCyjXeuseavxHnEHRHwiuXXGIqiamtrg4ODz5w5w2w2NzfjON7Q0EAQRHh4+N69e2/dukVRlMvlqq2tTUlJCQoKIgiipKTEbrezRqmsrKypqaH1s5qIPXv2FBUV0U2NRsOSERcQOcty1u12V1VVqVQqpVKp1WrRt6RXXnmFdtlgMGg0GqVSGRMTo9frPdYMb+WtVmtubi6O4ykpKU1NTXS/0+msqKiIj48PDg7Oy8tDX4S5c0Mo4A6H48CBAyqVKj4+vra2Fs03ITNE7hqvHt6gMZXzGo9gpRNau0BN7mtejy4g7HZ7fn4+juOJiYkNDQ3IKd68YuW2iOP+gmWGyIjcqHr8gOadgwhWnP2LkBd32AXeuUb9ff5KnEcSRwSE8FBjloEvz5UpKSnfffedUBP4T+FwOJRKJesvfHxhdHQUvdcNkLySz4x/wdrOv8AFAKG4Ky+BhPjpp59EmsB/ikuXLmVlZflxyyySJJOTk7GAyasAMQMAZMXz35UNDQ0dOnRI6Ozi4uJTTz31yy+/SBwP9jAHpDA/P4/+atlHPa+//vqpU6d+++23K1eu1NTUlJWV+cU8AAAk4rnG6HS6xMREobOrV68OCgqqrKyUMhjsYQ5IhF6F91FPdnZ2W1tbfHx8SUlJeXk5a08aAADkZgVFUSKnZ2ZmCIK4desWvVfdwsKCTqfr6ur6448/UM8PP/yQl5c3NTXlcbA333zTbre/++67vlh848aNtLQ0enQh5ufn29raqqurfRkLAAAA8AUPzzEOhyM4OJhZYHbu3Ol2u5kykZGRDodDymCwhzkAAMB/Cu9+52+327dv397U1LSMkQJtD3MAAABAbryrMQkJCUePHpUuH8h7mAMAAAByI9d+Zf39/du2bdPpdHQPc6EsPz9fp9NZLJbLly9nZWUplUrU39jY2N3d3d3dbTKZYmNjR0ZGMAxzOByjo6NGo/HMmTNZWVmsgRwOR19f38DAwMDAwODgYGNjI4ZhYWFh9HbcJSUlOp1u27Zt9H/4AAAAAO4Q4j+fkbJ7D6v5j97DHAAAAPAj/n+O2bJli8vlGhsbq66upv+34KVLlzIyMtDv6SIiIoqKijIzM1988cXm5uavv/4ayczPz8/Ozqanp7MU4jgu8kM8pVK5ceNGdLx582aLxcKVCQkJqa6uNpvNLpdry5YtvvsIAAAASMH/Neafvoc5AAAA4C/8X2Oqq6tNJhNBEGq1Gm0QsLS01NXVxfqr5fvvv7+0tLS6uvr06dMdHR0YhoWFhUVGRnq7C4DT6ZyYmEDHJpPpnnvu4cocOnRIrVbHxMSYTCb4xQwAAMAdw0ONWblyJevXMFzcbrdC8bd9z6Kiot566y2j0Yh+N9Pb2xsTE5OUlITOXrt27bHHHvvyyy9nZmYmJiZaW1vVajU6VVFRceDAgatXr05OTh45cuSbb76R4oNer5+cnPzxxx9ra2vz8/NRp0qlcjqdP//8M4ZhDofDaDQ2NzdHRUVJUQgAAAD4BQ81hiAIDMPQJ7UQJEnyPj0kJCScO3cO4yyUbdq0KTMzs6ysLDY2VqPROJ3O9vZ2dKqqqio7OzsnJ2fTpk1Wq1XKuxMcxzUazdatW7OystLT06uqqlB/SEjIsWPH1Gr12bNnz507l5CQ4FEVAAAA4F887CWDYdgLL7xgNBq/+OIL3rMLCwubN28+duzYvn37hDSkpqZ++OGHDz74oE+W8iFxXxkAAADgruC5xiwuLpIk+cADDwgJfPvttw8//LC/DZME1BgAAIBAxnONCWSgxgAAAAQycv3OHwAAAAD+2c8xAAAAQCADzzEAAACAXECNAQAAAOQCagwAAAAgF1BjAAAAALmAGgMAAADIBdQYAAAAQC6gxgAAAAByATUGAAAAkAuoMQAAAIBcQI0BAAAA5AJqDAAAACAXUGMAAAAAuYAaAwAAAMgF1BgAAABALqDGAAAAAHLxPzBuhEqHNn6lAAAAAElFTkSuQmCC)
Screenshot:
Mirror: Click here to view the mirror
Coordinated Disclosure Timeline
Vulnerability Reported: |
28 March, 2020 19:32 GMT |
Vulnerability Verified: |
28 March, 2020 19:40 GMT |
Website Operator Notified: |
28 March, 2020 19:40 GMT |
a. Using the ISO 29147 guidelines |
|
— |
— |
b. Using publicly available security contacts |
|
c. Using Open Bug Bounty notification framework |
|
d. Using security contacts provided by the researcher |
|
Public Report Published |
|
[without any technical details]: |
28 March, 2020 19:40 GMT |