Open Bug Bounty ID: OBB-1126842
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:
      a. verified the vulnerability and confirmed its existence;
      b. notified the website operator about its existence.
Affected Website: |
inhousewebsolutions.ca |
Open Bug Bounty Program: |
Create your bounty program now. It’s open and free. |
Vulnerable Application: |
Custom Code |
Vulnerability Type: |
XSS (Cross Site Scripting) / CWE-79 |
CVSSv3 Score: |
6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N] |
Disclosure Standard: |
Coordinated Disclosure based on ISO 29147 guidelines |
Discovered and Reported by: |
g0bl1nsec |
Remediation Guide: |
OWASP XSS Prevention Cheat Sheet |
Export Vulnerability Data: |
Bugzilla Vulnerability Data |
JIRA Vulnerability Data [ Configuration ] |
|
Mantis Vulnerability Data |
|
Splunk Vulnerability Data |
|
XML Vulnerability Data [ XSD ] |
|
Vulnerable URL:
![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAAA3CAIAAABVZQ1/AAAACXBIWXMAAA7EAAAOxAGVKw4bAAANlElEQVR4nO3db0wTZxwH8BMLVHqIQFuR4gBjmDGGNYY1LGOLQbMYQghu6qZjG2YEcVFCGmTilo3xAjcEk/mCLAtLXLZke2HMQoxhSUOWjjROWXPUjmGHC9RS2QJdy04tWL29uOxyu389+geRfT+v+lzvuef3e/q0v95VzjUMwxAAAABJkPK4AwAAgFULNQYAAJIFNQYAAJIFNQYAAJIFNQYAAJIFNQYAAJJlRdSY4uLi0dFRuSZAQmBdrW6jo6PHjh1T2OHBgweHDh36448/VB4QCyYhHn+NuXHjxqNHj5555hnJJkBCYF2tevX19UVFRQo7pKampqWltba2qjkaFkyiRKkxU1NTmZmZkk+FQqEzZ87INdUbGBioqakRNBXGVRPbSpOQUNUfhP9arJxZ+uuvv44cOWIwGEwm07vvvvvgwYMldY8zEcEyi43KGKK+F7jjTE1NZWdnxxnVUqnJIua383LiBzk3N+dyuVpaWrhnFxYWDh06JMi0paXFZrOpOXhCFgwQ8ZzHBIPBrq4uuaZ6kjWmsLBwdnY25tj+5/ivxcqZyfr6+sXFRYqihoaGHA7HBx98sJyjJ+QjQ+VkxvxeWB5qsljhKbD4QdI0nZGRkZ6ezjYXFhb27t0biUQEXXJycmiaVnNw1JhEeczXyu7cuePxeHbt2iVucssF4rQSZvL+/ftOp/Pzzz83mUxPP/30uXPnLl68uKQjaDSakpKS2EYXLLN4JGQyuVziSSoeK2FJJNXMzMyePXt6enpi657ABQOqasynn35aXFycm5v7xhtvhEIhgiBCoVBRURFN02vWrPnyyy/5zXPnzmVmZp49e3bjxo3Z2dlvvfXW/fv35Y48MDDw0ksvpaamCpr8iwmZmZm9vb3FxcXZ2dmvv/46G4BCbARB3L179+jRowaDYfPmzR999NHDhw8J0SUC/mWK69evv/DCC5mZmSaT6ZVXXvn1118JglhYWHj77bczMzMLCws//PBD9iD79u07e/Ys22t0dDQ9PZ0b9OjRoydPnpTrSBDEJ598Ip4TyaHlUuAHL5eL4KXh76kwLZIzLBcb5+HDh+3t7Rs3btTpdAcOHJibm+M6Pvfcc+vWrTMYDAcOHJienl63bt3t27d1Oh27w8TERH5+vpohOCaT6eeff+aa33//vdye4h34y0xuRHEu7MycOXPGYDBs2rTpiy++4E8m+1i8zgXzLxkql4vJZPrpp59iyEgyCzUpEP+9UhdzCnJ9JUeMuvB0Ot2rr746Nzd38uRJg8GQm5t75MiRu3fvLilIvsLCwvfee095PuXmllC3YECl6DWGpmmKohwOx7Vr1/x+/6lTpwiCyMrKGh8fJ0kyHA7X1dXxm/v27aNp+tq1ayMjIyMjI06ns7u7W+7gkhfKxAG4XC42AK/Xe/r0aeXYCIJobm72+/1Op3NwcHBgYKCvr085x+rq6vr6eq/XOzw8XFFRodVqCYLo7Oy8d++ey+UaHBy02+2fffYZuyd3Pffy5cuPHj0aHBxkmzabraqqSq4jTdMj/+LPieTQMaTAEbw0/Kfkjik3w3Kxcbq7u202m81m83g8+fn5Y2Nj7Han09nY2DgzM+N2uwsKCo4fP87vdfPmzdbWVvY7ptwQBhHB0PX19bt37+ZXHc7169d3795dX1/PbeGvK7kRJXOhaXp8fNztdl+4cKGiokIwkOQ6F8+/QqgxZySZxTKnIPc2F4+osPAoihoeHqYoyu/3b9u2bXZ21uVyXb16dXJykluHKoOMjXhuCXULBtRiFE1OThIEMT8/zzYdDseWLVu4p0iS5O/JNtkuXq+X3X7p0qWysjL2sdfrLSoq4rrQNE2SZCAQEDcFR+MCGB4e5gcgGVskEiFJ8vfff2e3DwwMlJeXSwa8YcMGhmECgYBGowmHw4Lc9Xo9TdPsY4qiLBYLwzB+vz8jI4Pd2WKxWK3Ww4cPs0dbv3794uKiZEe5OZEbWjIFfvxyuYif5R4rTIvkDMvFxmc0Gp1Op8IODMNMTEzk5eVxTZ/Pt2XLlm+//VZ5CJ+IYAeapru6unJycg4ePOjxeNiNHo/n4MGDOTk5XV1d3EvAX1cKI4pzYWeGW5+MaGLl1rng1ZEMVUx9RnJZqEmBUfdWjZqCXF/xiMoLLxgMstuHh4dTUlLu3bvHNh0Ox9atW9UHKQhYbiN/i+TcMqoXDKgUvcbIfZYp1BitVsttHxsbMxqN7ONIJOL3+7mnLl26VFlZKdnkH019AOxTfr8/LS2N2+7xeNjPOIVDvfbaa2az2Wq19vT0/PDDDwzDBAIBgiD0/8rJyeGyMJvNQ0NDMzMzBQUFwWDQaDRGIpH+/v6XX35ZrqPCnIiHlkshzhqTkGnhCwaDGo0mEokwIk6nc8+ePfn5+ewM8GMrLy8/f/4811QeIqpAIFBbW6vRaNimRqOpra3lPrZYgmUmOaJkLsqfUAqvqeTnnSDUeDKSzEJlCoy6t2rUFOT6ijvGsPD4TZVBxlBj5OZWzYIB9Zb1N/+1a9du2rSJa6q5ULY8vvnmm/7+/tLS0sXFRavVeuLEiXA4nJKSMjIyQlEURVEul4uiKHbnqqoqm812+fLl6urqrKwss9lst9u5C2UKHVUOvRwJq6MmtrVr14o31tbWvvjii3a7naKoK1eucNvv3Lnjcrn4x5EbIuq1MoIgbt26dfz4cbvd3tnZyW7p7Oy02+3vvPPOrVu3uN0E60ohKclcEkIcqsrdJDMi5LN47Ck8QeTmVv2CAVWUS1Bs5zEE79z2u+++485t+SKRiF6v586gBc14zmPkzs3n5+dTUlL4F4X435s4FEUVFBQwDEOSpOSFIIfDYbFYampqrly5wjBMX19fc3NzXl4ed4om7qhyTriho14rU85lqdfKFL5OimPjMxqNFEUJNv7555/8b+sURXEHjEQiXADKQ0S9VtbU1ESSpNVqnZ2d5W+fnZ1taWkhSbKpqYkRrSuFEcW5RD2PkXtNBR3lQo0tI4Us1KTAqHurRk1Brq94xNgWHv88Rk2QMZzHMFJzq37BgEqx1xiapjUaDXfhmGuya2L//v0+n8/tdpvN5o6ODu4I3JVNu92+Y8cObrugGU+NYRimoaGhpqbG6/W63e6dO3dyF2csFktDQ8PMzIzH46moqGD3Hxsb27t379DQ0OzsrNfrbWhoqK6uZhimqampvLzc7Xb7/f7u7u7Ozk5uLKPRaDQa2Vx8Pt/69evNZjP3rLij3JzIDS2Zwvz8vEajGR8fZ6+HSOYifmn4syQ5LXLTKBcb/9p0V1eXxWJxuVw+n4/9ksvNT19fXzAY9Hg8tbW1/Nj43RXSj6qurm5yclLu2cnJybq6Oka0rhRGFOeipsZIrnPBW0M51KVmpJCFmhQYUY2JLQW5vpIjLmnhCZoqg/R6vfxLaoJMORMTE+KvUPy5Vb9gQKXYawzDMB0dHRkZGRcuXOA3e3t7SZL8+OOPjUbjhg0b3nzzTe53PP7RWltbT58+zR1K0IyzxtA03djYqNfrCwoKOjo6uIvUExMTlZWVJElu3779/Pnz7P6Li4sdHR0lJSVpaWlGo7Gurm5mZoZhmHA43NLSUlBQkJGRUVVVxf9qc/jw4f3793PNsrIyfvDijmyo3d3dgjmRG1ouhVOnTnETLpmL+KXhz5LkMeWmUTI2wc6RSKStrU2v12u12traWu5Lrt1uLysr02q1eXl5VquV/5Lx41RIP1EE60phRHEuUWuM3DpnRG+NxJLLQk0KjOjNFVsKcn0lR1zSwhM0VQYZDoe1Wq3gn1SIg7l48WJpaanC3KpfMKBSlBoTA8lFJlZSUnL16lW5JkBCJG9dqVznK1k8KSxb+uoHam5u5v9WLxYOh4uKivr7+xX2wQdRwmmW75ef/7p586ZCEyAhsK7+P3p6epT/fU16evrXX3/9/PPPK+yDBZNwj/++ywAA8UtNTX322WeV91EuMJAMqDEAAJAsaxiGif8oU1NTO3bs+PvvvxX2CYVCfX197e3t8Q8HAABPhMTUGIIgFhYWlG/mqqYOAQDAapKwa2Wr/m7hAACwVNFrzJLueR7P3cIBAGCViV5jlnrD8MTe8BwAAJ5gUf+CZkn3PJ9M9A3PAQDgyRXlPCYUCgUCgdLSUsF2kiS5/3hRQKvVbt68mX28bds2r9cruZtOp2tvb5+YmFhcXNy+ffsSqiIAADwhVP3mn6Qbhq++u4UDAABflBqTlZWVk5MzOjqq/ojhcPj27dvsY4/H89RTT0nuduzYMbPZnJeX5/F48EczAACrUvTzmJaWlsbGxhs3bkxPT584ceLHH3+M2sVqtU5PT//yyy8dHR3V1dXsRr1eHw6Hf/vtN7ZJ07Tb7e7t7c3NzY0nAQAAWLGi15i2trZdu3ZVVlZu3brV5/NF/e2EJMmysrKdO3dWVFSUlpa2tbWx23U63fvvv282m9l/u/zVV18VFhbGnwAAAKxYCfs7fxb+mB8AADi4JyYAACQLagwAACQLagwAACRLgn+PAQAA4OA8BgAAkgU1BgAAkgU1BgAAkgU1BgAAkgU1BgAAkgU1BgAAkgU1BgAAkgU1BgAAkgU1BgAAkgU1BgAAkgU1BgAAkgU1BgAAkgU1BgAAkgU1BgAAkgU1BgAAkuUfrvysO1l11kUAAAAASUVORK5CYII=)
Screenshot: ![inhousewebsolutions.ca vulnerability](/twimages/screen-1126842.jpg)
Mirror: Click here to view the mirror
Coordinated Disclosure Timeline
Vulnerability Reported: |
28 March, 2020 20:14 GMT |
Vulnerability Verified: |
28 March, 2020 20:29 GMT |
Website Operator Notified: |
28 March, 2020 20:29 GMT |
a. Using the ISO 29147 guidelines |
![](/images/done.png) |
— |
— |
b. Using publicly available security contacts |
![](/images/done.png) |
c. Using Open Bug Bounty notification framework |
![](/images/done.png) |
d. Using security contacts provided by the researcher |
![](/images/done.png) |
Public Report Published |
|
[without any technical details]: |
28 March, 2020 20:29 GMT |