Open Bug Bounty ID: OBB-1158774
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:
      a. verified the vulnerability and confirmed its existence;
      b. notified the website operator about its existence.
Affected Website: |
sunshinelights.com |
Open Bug Bounty Program: |
Create your bounty program now. It’s open and free. |
Vulnerable Application: |
Custom Code |
Vulnerability Type: |
XSS (Cross Site Scripting) / CWE-79 |
CVSSv3 Score: |
6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N] |
Disclosure Standard: |
Coordinated Disclosure based on ISO 29147 guidelines |
Discovered and Reported by: |
Dipu1A |
Remediation Guide: |
OWASP XSS Prevention Cheat Sheet |
Export Vulnerability Data: |
Bugzilla Vulnerability Data |
JIRA Vulnerability Data [ Configuration ] |
|
Mantis Vulnerability Data |
|
Splunk Vulnerability Data |
|
XML Vulnerability Data [ XSD ] |
|
Vulnerable URL:
![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAAA3CAIAAABVZQ1/AAAACXBIWXMAAA7EAAAOxAGVKw4bAAAR3ElEQVR4nO2db0xT1xvHr1ixQAGBUvlnBHRo2ILMMMacy4wSRxgxNcO/Y4pKlDnCGFGnzDjGDBpFk7GEmGUmaBa3F8YQshi2dMY0jqFiV7uOYcMIdlgZliqmaqmV+3txspv7u/ecc29bCrQ8n1c9t+c89znP+d77cE/bh1ksyzIAAAAAEADCptoBAAAAIGSBHAMAAAAECsgxAAAAQKCAHAMAAAAECsgxAAAAQKCAHAMAAAAEiumbYzIyMm7fvk1qAjMEP9cdZANMCCAkn5mmOeaPP/4YHx9ftmwZtgnMEPxcd5ANMCGAkPxBIsfcvXs3Ojoa+9bo6OixY8dITT9pb29ft24dqRnskKJKibZXNuXYkb+yU4if6x4g2dy9ezcuLs63sRMSWx908vDhwx07diQmJqampn766afPnz/31rKcWY+NjW3ZsoVvgTPoW9AE/nzyyScRERHnzp3z1o6f+Cwkf67okMH355hHjx41NjaSmn4S2jmGxMKFC+12+5Tbmdil9IfpmWP8YapiW15e7na7jUbjlStXOjs7jxw5gu3mj3LGxsaKioo8Ho8fbtL8GRkZaW5u7urqKisrm8BTyGEaCimImI57Zffv37dYLKtWrcI2Q5u5c+dOKztTiJ/rPqNkQ+fZs2cGg+Gbb75JTU1dsmTJ6dOnL168SOrss3KGhoYKCwubmpr4BxUKRVZWFv+Ft3D+OJ3OyMjIZcuWzZ492zcPfQOE5CeycsxXX32VkZGRkJDwwQcfjI6OMgwzOjqanp7udDpnzZp17tw5fvP06dPR0dEnT56cP39+XFzc9u3bnz17huzcvHnzrbfeio6OTk1Nfe+99/766y/s6drb29euXTtnzhxBc/369SdPnkQHb9++PXfuXOQMwzB79uzZv38/vcNLL71EHy5wQ+yt4MmXe/xHx0+dOpWRkREXF/f+++9zlimzFkdVvN+FtTk2NrZr167o6OiFCxd+/vnnL168EHgu8PP+/fvvvvtudHR0RkbGqVOn+FsWkisrZ9VevHhx6NCh+fPnR0VFbdiwYWRkhGGYJ0+e7NmzJzExccGCBV988QVykj+pqKioTZs2jYyM7N+/PzExMSEhYceOHU+ePMHKADtleti54aibWJDo+LFjxxITE5OTk8+ePUtym2GYe/fuvfPOO9HR0UuWLLlw4QI2zvztIGxMvI0tyXO6fsT9IyIi/vnnn6ioKDSwr68vJSUF66RgRthZk1i4cOFnn30mOJiamnrr1i304vr16+jgTz/9RDfFdeD8GRkZ4YcOu3Y3b9584403IiIiEhMTN2zYcO/ePcYbyZEuK8HtSKwQug4B6RzjdDqNRmNnZ+eNGzdsNtvBgwcZhomNje3t7VWpVC6Xq6ysjN9cv3690+m8ceNGd3d3d3e3wWA4ceIEMlVSUlJeXm61Wq9du7Zy5UqlUok9I2mjrKSkRKfToYM//vjj+Ph4R0cHaup0uuLiYnoHrVZLHy5wQ6a3XJRMJhOKktVqrauro9vBRlWmzYaGhqdPn5pMpo6ODr1ef+bMGYpjDMNUVVWFh4f39fXpdLrz58/z7UuurJw4nDhxQqfT6XQ6i8WSkpLS09PDMEx1dbXNZjMYDB0dHe3t7S0tLfyTXrt2zWg02my2pUuX2u12k8nU1dU1MDDAjxtfBqQpU8LOH04SpNPp7O3tNZvNra2tK1eupLhdVVUVExPT09Nz+fJlybstKSY+xJbiOVY/pP4cd+7c2bdvH3rawDrJhzTrRBGSAeFTXl6+Zs0alHsE3Lx5c82aNeXl5YLjCQkJgtCJ185gMOzevXtoaMhsNqelpVVVVfFjJSk5ksYEtyOsQig6BBiWysDAAMMwjx8/Rs3Ozs7MzEzuLZVKxe+JmmiI1WpFxy9dupSXl8eyrMPhUCgULpdLfBar1Zqeno5eO51OlUrlcDjETZvNFhkZiSzk5+fX1tZu3boVnTEmJsbtdtM7WK1W+nC+S1hvxVOeN2+eOErXrl3jokSyg40q3z7Fplqtdjqd6LXRaMzPzxeP5V57PB6lUtnf388tB9Zn0spSVo1Do9EYDAb+EY/Ho1KpuJO2t7cXFBRwJ3306BE3qbCwsKdPn3I+LF68GL0WyIA0ZVKI+MNJgkTHuVNQ3EYx5FvgYojVAzYmPsSW7jlWP9j+HIODg5mZmT/88APJSbFyxLNGdgRgLZBwOp2NjY3x8fEbN260WCzooMVi2bhxY3x8fGNjI7fWJFWL105AX19fUlIS643ksBoT6BCrEIoO5UQj5FFIJiGVSsU9PqekpDgcDskhSqVywYIF6PXSpUutVivDMHFxcaWlpQUFBatXr05JScnLy3v77bc5s52dnej1zz//nJ+fz+058JvJyclZWVmdnZ3Z2dk2m+3IkSNZWVkvXrzQ6XSFhYVz5syhd1iwYAF9OH8KFG8lo5SWlsZFiWRHTlSxNh8+fGi329PT09Hx8fFxhYK2iMPDw+Pj4xkZGdxyYO2TfJCMw+joqMPhyMnJEZzU7XbzT4quQ3TS2NhYblIxMTERERGcD9wHvPx1p0yZFHaBirCCRMP5O4ckt4eHhxmG4VsQB0oyJmLkaIziOXbtSP0RpaWlNTU1mzZtkuMkZdapqan0qdGJioo6dOhQZWXlzp07s7Oz0ZfcsrOzS0pK+vv7OXnQEawdwzC///77gQMHenp63G73+Pj4+Pg411NSciSNCYREUghJhwDDMNI5ZgL5/vvvb926ZTabbTZbbW3tihUrvv76a4ZhZs+enZycjPrQv1FWXFys0+n6+/tLSkpiY2Nzc3P1ej1/p4veQXI43dt9+/ZNyKx9s4NwuVxhYWHd3d3cfTYsLLBf3CCtGp8J/xiWv+4+THk6fBFITkzkxHaiuH//vslk+u2337x1Uox4c+zBgwdeWfj777+PHDmi1+sbGhrQkYaGhqampr179zY0NCxatMgHr7RabUVFxZkzZ5RK5eDgYFFRkfyxJI1NByEFPfTHHMpugMy9sra2NsEDO8JoNKalpQkOejwetVrNPYoKmizLdnZ25ufnr1u37vLlyyzLtrS0VFdXJyUl2Ww2OR0kh5NA3j5+/DgsLIz/UCy5Z4K1Q9lzw+4MCGyqVCrxPgx9r2xgYAA15ezzUB7wsaum0WiMRiP/CGWvjBIoriled8kpU4aTBCmepsy9sra2NnQikh6wMcH6zEccW5meC/ZsSZeex+PhhxTrJGWvjJs16/deWWVlpUqlqq2ttdvt/ON2u72mpkalUlVWVoqtUa4OlmWHh4cVCgXXNBqNcq5N+mUl1iFpr8yHS2nm4HuOcTqdCoWC207lmkjopaWlg4ODZrM5Nze3vr6eZdmenp6ioqIrV67Y7Xar1VpRUVFSUsJZRrvSer3+lVde4Q4KmgiNRqPRaFD/wcHBmJiY3Nxc+R3o73Kb4yRv8/PzKyoqhoaGLBbLypUrJXWMteNnjqmsrCwoKEB//J44caKhoYFl2cePHysUit7eXo/HIxhbWlqq1WoHBgbMZnNOTo6kz/yVJcWB/ylCY2Njfn6+yWQaHBysqqrS6/Usy1ZUVKxbt85qtZrN5uXLlzc3N9NPym+K1x07ZZI1wXCSILHXP9ZtlmW1Wi3fAuc2Vg+kmHgbW5meC3KMuD+H4LMfsZMCy6RZU5BzVy0rK+P+6MFaKCsrE1uj5xiWZTUaTUtLy6NHjywWi1ar9TbHiDWGvf+IFUI5Bf+qpMckhPE9x7AsW19fHxkZ2draym+eOnVKpVIdP35co9HMmzdv27Zt6BM2t9tdX1+flZUVHh6u0WjKysqGhoYEZ9m3b19dXR1nX9BEbN26tbS0lGvm5eUJ+tA7UN7lT5bkbV9f3+rVq1UqVXZ2dnNzs6SOsXb8zDEul6umpiYtLS0yMrK4uJj7q+rgwYNoOQRjh4aGSkpKVCpVenr68ePH5Vx73MrK8d/j8Rw4cECtViuVSq1Wi/44dTqdu3fvVqvVaWlp9fX16BqTecGL1x07ZZI1wXDUTSxI7H0K6zbLsoODg2vXrlWpVFlZWU1NTZzbWD2QYuJtbGV6LtCPuD822lgnBZZJs6YwsX+5e5Vj9Hp9Xl6eUqlMSkqqra31NseINYa9/4gVQj8Fd1X6GYrgRSLH+IA/IsvKyurq6iI1Af/p7e3VaDRT7YUEfq67YHjw7ld463nwznR6AvefCWFSP/OX5M6dO5Qm4D9GozEzM3OqvZDAz3UH2QATAghpQpiOtWQmhNu3b3/44Yekd58/f75ly5Z///13Ml2aKr788suzZ88+ePDg+vXrdXV1lZWVU+LGTK6OTlcjM8MECcwoQjbHlJeXc992FzNnzpzw8HB/vkMcRKxataqlpSUtLa2srKy6unr79u2T78MMr45OVyMzwwQJzCwCtw1H+QovfZRve8qooi16bbfbw8LCuG/RDA8Pb926NT4+PiUlpaamBh03GAzol8B0rl69mpubGxkZWVBQYDKZ/JmCnIC4XK7NmzeTvhTufzxramqUSuXkfwJ59OjRqqoqHwZO1GcM01yNrGxBAkBwETrPMfyq6ahEK1exddu2bUql0mw26/V6k8l0+PBhhmHi4+OdTqek2c2bN9fX16OfdO3cuVOOJz4XSIfq6CGDt2pkZAsSAIKL0MkxJJ48eXL16tXm5ubk5ORFixYdP368ra1N/nCPx5OXlxcXF5eXl+d2u2WO8q1AOlRHD3n8VCMABB3SOQZb7RxbRpvxshg4yQgfSlF3fmVvcdV0jqioqGfPnnGFzd1ud3h4uPhEpHrje/fuLS4u/uijj+rq6sQzwtZm5xdIn6rq6FyfEKuOPsPVCABBh3SOwdayJpXR9qoYOMkIH0pRd35lb3HVdBJHjx7dtm2b+Dip3jgqHdHa2trR0fHyyy8L3pWszT751dEZQoH00KiOPsPVCADBB/3jGlIFJz5cGW3fioELjAg+ZaUUdRdU9pb8GTDLsvX19YWFhdjfnGPrjX/77bc5OTlDQ0OrVq0qKipCfnK/YSTVZucsT3J1dBZXIJ3yS2lxDPlMw+roIaxGQTfS+gJA0CGRY2w2W3h4ONe0WCzo2jMYDIWFhSkpKWq1Oj4+Hl29NptNqVRynXt6eujf5MEa4V9pqES2+j/i4+PR/R170Upe1W1tbZmZmVxVD2wfh8Oh1Wq54nrcP9iw2WxqtbqxsbGrq4tf32zz5s25ubm1tbVNTU1Xr14VWPY2IBTHsAi8ZVlWoVBotVouH7DUHCM+i+SKsORqHKTFunTp0urVq7n+WEVRTsF/K4TViO0mXl8ACDp8/J2/t2W0scXAJY1MYB37P//8s7KysqOjIyEhgdRHUG/8wYMHDofj1VdfZRgmOTm5tbVVq9V2d3ejbSWEz7XZA1EdnfG7QHqQVkefCWoEgGCFnoKwuxOkMtpeFQOXWYtbTlF38UFBB4fDsXjx4gsXLlCMiOuNo+nwdyp2797NMIzZbMbGiqvNTtorm4Tq6KyoQLr855jpXx09hNUo6EZZXwAILqR/g4mtdo4to816WQwca0RQDVtOUXcEv2q61Wrl9kk8Hk9hYWF1dbWLB8uyfX19fPew9cb37t27YsUKs9lst9tbW1vVanVSUtLhw4fRu6Ta7Hz3pqQ6OssrkO7VXtn0r44eqmpk/1+QkusLAMGCdI7BVjvHltFmvSwGTjLCr4Ytp6g7B1c13eVycY8gA//9l18OdKKLFy/m5OTQ5+5yuQ4ePJienq5UKpcvX/7dd9/19/dHRkaifwdCqv/Pdw+qo09sdfRQVSMrT5AAEHTMYll2UvbkJpuPP/7YbDb/8ssv2HfHxsaWLl16+PDhXbt2TbJjM4olS5acP3/+9ddfn2pHphi6GhkQJBC6hGyOef78udFofO2110gdfv311zfffHMyXQJmLJJqZECQQIgSsjkGAAAAmHJCv14ZAAAAMFVAjgEAAAACBeQYAAAAIFBAjgEAAAACBeQYAAAAIFBAjgEAAAACBeQYAAAAIFBAjgEAAAACBeQYAAAAIFBAjgEAAAACBeQYAAAAIFBAjgEAAAACBeQYAAAAIFBAjgEAAAACBeQYAAAAIFBAjgEAAAACBeQYAAAAIFD8DxpDxPzYJvB2AAAAAElFTkSuQmCC)
Screenshot: ![sunshinelights.com vulnerability](/twimages/screen-1158774.jpg)
Mirror: Click here to view the mirror
Coordinated Disclosure Timeline
Vulnerability Reported: |
11 May, 2020 08:17 GMT |
Vulnerability Verified: |
11 May, 2020 08:22 GMT |
Website Operator Notified: |
11 May, 2020 08:22 GMT |
a. Using the ISO 29147 guidelines |
![](/images/done.png) |
— |
— |
b. Using publicly available security contacts |
![](/images/done.png) |
c. Using Open Bug Bounty notification framework |
![](/images/done.png) |
d. Using security contacts provided by the researcher |
![](/images/done.png) |
Public Report Published |
|
[without any technical details]: |
11 May, 2020 08:22 GMT |
Additional notification email sent: |
15 May, 2020 03:57 GMT |