Open Bug Bounty ID: OBB-1160688
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:
      a. verified the vulnerability and confirmed its existence;
      b. notified the website operator about its existence.
Affected Website: |
bebakids.ru |
Open Bug Bounty Program: |
Create your bounty program now. It’s open and free. |
Vulnerable Application: |
Custom Code |
Vulnerability Type: |
XSS (Cross Site Scripting) / CWE-79 |
CVSSv3 Score: |
6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N] |
Disclosure Standard: |
Coordinated Disclosure based on ISO 29147 guidelines |
Discovered and Reported by: |
g0bl1nsec |
Remediation Guide: |
OWASP XSS Prevention Cheat Sheet |
Export Vulnerability Data: |
Bugzilla Vulnerability Data |
JIRA Vulnerability Data [ Configuration ] |
|
Mantis Vulnerability Data |
|
Splunk Vulnerability Data |
|
XML Vulnerability Data [ XSD ] |
|
Vulnerable URL:
![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAAA3CAIAAABVZQ1/AAAACXBIWXMAAA7EAAAOxAGVKw4bAAAUMElEQVR4nO2dbUxT1xvAC1aseEFeSkWs8jKDxDAkhjHmcDPEKBKiHTKmkSE65hhhDRLnDC6MEYOMocmfqXEJS9QY9INjjJiFGGNMRwipjNUOWSXIoKmVYUFwBUvtuP8PJzu53rceC7cIPL9PPbfnnOflnHue3nPvfepD07QMAAAAACTAd7YVAAAAAOYtEGMAAAAAqYAYAwAAAEgFxBgAAABAKiDGAAAAAFIBMQYAAACQilcixkRHR9+9e1eouBDwmskL0LcAAMwisx9j/vjjj6mpqQ0bNvAWFwJeM3kB+hYAgNnFTYwZGBgICAjg/WpsbOzkyZNCRXKam5t37tzJKorIfVk9ySuLdDIwMBAcHEyuz0vBa7LH/nQrCH0+fPjw0qVLL168KFSZqcB0hkPSoZx+t+LiJFLGY3Hk5yNJ28nJyb1793I7FDouk8l27Njx/fffE1Zm8vjx43379oWGhq5aterw4cOTk5PTNIcED4ZPivNugeP5dczo6GhVVZVQkRzeGOOxVtMhMjLSZrN5Xy4ymSXdY3+6FSSTyYaHh+vq6trb23Nzc4UqS6HAK8hsDfqM87LjNTk5mZ6e7nK5CI/LZLL79+93dnbm5eWRVGaRl5enUCi6urp0Op3RaPzyyy/F68/W9Fsg096bzPJe2aNHj3p6erZs2cJb9D5LlizxskSmyZJKZwqy2+3+/v4bNmxYtGiRdBLnCt4f9FeBwcHBrVu31tbWEh6XyWR1dXWHDh1aunQpSWUm4+Pjt2/frqurW7ly5WuvvVZdXd3U1DR9E4A5AVGM+d///hcdHR0aGvrhhx+OjY3JZLKxsbGoqCi73e7j43Px4kVm8fTp0wEBAd9+++2KFSuCg4P379//7NkzoZ6bm5u3bdu2ePFi3uI333zD7WRycvKjjz4KCAiIjIz86quv/v33X9wbb/07d+689dZbS5cuDQsLe//99x8+fMhU4N69e6Ghob/++quMc2X98OHD7du3BwQErFu3rqGhAR+/c+fO5s2bAwICVq1atXv37j///JPZIerk5MmTYWFhK1eu/OGHH1jdsrbdsMnMaiz38lqN6p86dSo6OnrZsmUffPDB8PDw559/HhYWFhoaeuDAgfHxcV5XDw8PswaLqxtXASH3jo+Pf/LJJ2FhYatXr/7666+Zw8GF6W3xoeHK4jr27Nmz27dvx02OHz++f/9+cW9z1SDfTmEpz2s44aCgam7PEZGpztKHd7zEiYyMPH78OPnxsbGxq1evFhcXk1RmsWzZsmfPni1btgwVnU6nn58f/pY71tz1hHyecyFfFjyWy+2NOROCg4P37duHVs4FiPsYY7fbDQZDW1ubXq+3Wq3Hjh2TyWTLly83mUwURTkcjtzcXGbxvffes9vter2+o6Ojo6Ojs7OzpqZGqHORjTK73d7xH8xOKisrJyYmjEZjS0uLTqc7f/68eP3Ozs5Dhw4NDg52dXWp1WrmSTI2NpaVlVVdXb1582aubsXFxYGBgd3d3b/88gszxmRmZubn55vN5tbW1tTUVIVCwfWYyWTq6uq6cOFCamqquHt59wZZ7hWyGg1Na2urwWCwWq1xcXE2m81oNLa3t/f395eVlfEKCg0NZQ4Wr1ZcBYTcq9VqrVZrZ2dnS0tLc3PzuXPnhCzleltoaIRksRyr0Wh0Ot0///yDDczKyhL3Nq8aJHBbCRlOOCgk54jQVOfqwx2vGae+vj4zM3PFihXT7+rEiRN4w413rLnrCfk8Z/FSy4LHcnl7s9vtRqMRrZxms1lcz/kMLUp/f79MJnv69CkqtrW1xcTE4K8oimLWREXUxGw2o+ONjY1JSUnos9lsjoqKwk3sdjtFUSMjI9yiSCdKpdJut6PPBoMhOTlZvD6T3t7e8PBwrGpGRkZRURHXBJqmXS6XQqFgdhgUFETT9MjIiFwudzgc4h7DRvE6CnXFNZnXn0JWI0Gjo6PoYGtrq6+v78TEBCq2tbWtXbsWN2e5mjlYQroxvxJyr8vloiiqr68PHW9ubk5JSeG25fU2CzQ0IrK4jqVpOiUl5dq1a1iKw+EQsohk0LkItRIxnGRQRGx0O+hCzhQ3RKiCUCvu8ZiYGIPBwJwh5KKZVFRUbN261eVy0aKnLWs9IZznXMXIl4WZkosXGebK2drailfOhYbcbRCiKApvJkRERIyMjLhtolAoVq9ejT7HxcWZzWbcvK2tDVe7ceNGcnIy3spgFXk7efLkic1mi4qKQsenpqbkcrm40N9///3o0aPd3d1Op3NqampqagodP378eEtLS319Pa8JQ0NDMpmM2SH6EBwcnJ2dnZKSkpaWFhERkZSU9O6773I9RvgQGstkIYSspihq+fLl6KBarQ4MDMR75REREcxb2YSCROB179DQkNPpjI6OxsfRqcWF19tCQyM0lFzHajSa69ev7969+/r16xkZGW7vrIgPelhYGP78+PFjkVYihhMOipCNGJGpLm6FuC2e8dNPP0VFRW3YsGFgYICkvpD0n3/++dKlS3q9Ht8IdOsH2cvMc67cl10WPJPL2xtz5VSr1SQr57zEfYyZQRYtWrRy5Upc9OCJMofD4evr29HRgc83X183230ajaagoOD8+fMKhcJisaSnp8tksomJicbGRrS/nJWVhWcSCVeuXPntt9+6urqsVmtpaemmTZu+++478uZMCB+i47Xa6XTOuCCJEPI279C8FFlZWWg38vr16/n5+Z6pgTEYDB60kgihQSfUh9cWj6mrqystLSWvzyv93r17hYWFLS0toaGhM6eae7m8TH/uSdfbfEP8ModwL4XmXGPi69Ompibe61OXy6VUKvFuA6so0glFUZ2dnVw9eesPDQ3J5XJczWAwBAUF9ff3y+Xy7u5umqYzMzOLi4u5FrH2ypqamrhbBKhDtVot4jGapp8+ferr68u8akZdcU0W2SvjWi0yNKwiSxCzrZBurP6F3Eu4V8brbd6hEZEltCETHx9/8+bNoKAgZIWQRSSDzkWoFYnhtPCgENrIO+i8+rg1RKgC4V6ZTCYLCQlRKpUhISG+vr5KpVKpVJKLpml6ZGRk7dq1DQ0NLClCpznJdi63yLWCfFnwWK7QIiPSfEHheYyx2+1yubynp4dVROOanZ1tsVi6uroSExMrKipwD/hOhk6ni4+Px8dZRZFOCgsLU1JS0GVETU1NZWWleH2VSnXu3LnR0dGenh6NRsMafpPJpFAojEYj11iNRsPsEBne3d2dnp5+69Ytm81mNpsLCgoyMzOZdvGeb8nJyQUFBYODgz09PampqagrrsnMhiz3cq0mPwdYgliyeHVjKSDi3oKCgp07d5rN5q6uro0bN9bV1dE0/fTpU7lcbjKZXC6XkLd5h0ZEltBCVl5enpCQgEZBxCLCQWchojyv4S8VY7g2Mv1Guxt0lj6sCcOF1TnXQCHDaZq2/Ed7e3tgYCD67LYTjMvl2rp1q1ardTAQ8QP94noyzRhDuCxMR674IuNWz/mN5zGGpumKigp/f/8LFy4wi6dOnaIoqrq6WqVSBQUF5eXl4RtlzN6OHDlSVlaGu2IVUc2amhpuJw6Ho6SkRK1W+/v7Z2RkoN+SIvV1Ol1SUpJCoQgPDy8tLeUOv1arfeedd7jGWiyWbdu2URQVGxtbW1uLDHc6nRUVFbGxsX5+fiqVKjc3d3BwkPcWN5Pe3t60tDSKotavX19XV4e64jWZ2YrpXq7V5OcASxBLFq9uLAVE3Gu32w8dOqRUKtVqdUVFBV6/jh07xmzL9Tbv0IgMpdBChrZH8CQUsohw0FmIKM9rOHmMETpHsN9ogkFn6kNzzkcuzM55DSQ57sE9f+5dOvGxZpqD1hMhBdzGGPJlYTpy3S4yCznG+NA0PbObbwMDA/Hx8fiJUiHWrVt36dKlN998k7e4EPCayfPbt+Pj40ql0mq1SpfsZ8YhPEcAYB7g1Xv+TO7fvy9SXAh4zeT57dsbN26kpqbOoQADAAuK2c+7zMucTkE/p5WfW4yNjZ05cyYnJ8ebQu/evfvpp5+KVHj+/PnevXv//vtvwg5hwgDzmFcxxszpFPRzWvk5B95n96bQ/Px8/NoKL4sXL/bz8zty5AhJbzBhgPmNhzGGm9B7YGDAx8fHx8cHJ/yJjo7GBzE7duxA9f/6669du3YFBwevWLHi448/ZibzwS9zPHny5MCBA2FhYatWrfriiy+eP38upM8M5mCfZlcz8iYKoQ7k6dwl/W8Ct9JFmGYq9cnJyR9//FHqpJZMJYeHh41GY0lJCVMHbnL7kpKSmzdvCnUYGRnJTIHjnQkDWeuBWcGTGCOU0Bsl80CcOHEiISGBddDhcDQ3N6PKmZmZcXFxJpOpvb3dZrMVFRXhfvBZl5+f73Q6DQbDrVu32traysvLhVR6dTK0z8iSQWjOK56HnMSKV9wEBFNJlLIaRzWhcyEkJMRut5N07rUJMydcDcxDPHgWrb+//8SJE6yH8wYHB9PT03Fx/fr1jY2NQg81ct9awm8yWq3WoKAg9D6zWq3G+Zr0er1IYqIZxGKxbNy40bO2WPmZVUkIt8+MYlssFgtK7PaqQfL63qwj8mw677nArSaENyfMnHA1MP/wJMYgRKasXq9XKpVOp7O/v9/f31+r1apUKpVKVVJSgt+fWL9+/ZkzZ2ianpiYKCws3LNnDzp+/vz5nJwcbp8NDQ3oVQC9Xp+amkpRVERERFZWFnrnmakMbxB1OBwHDx6kKGrNmjXl5eXM19DEaWlpIa/AVJ5XT5qmXS7XsWPHVCqVv79/dna2zWZDyldVVSmVyvDw8Pr6eu6ixn3Gf3R0FNuI3nhwq6oHFvFaQWICzRiU6Zgg/roMS6LIOyu1tbVRUVH+/v45OTk2m+3IkSPorfX8/Hz0O4ZQScK35YXODpaBbieMN10NAFIgSYwpKirSarX0f+9elZWVDQ0N9fb2xsfH19bWojp9fX2BgYEKhUIul8fFxeHrlYyMjMuXL7M6NJlMERERer2epmmVSlVfXz8yMtLX13f69GnmO5ioMt6XO3r0KA5dZWVle/bs6evr6+7u3rJlCwpvNE0rObBEh4eHp6WldXR0cM3U6/VpaWk4YytLeV49aZquqqpKSkoyGo0Wi0Wr1ep0OuSlvLy8wcHBlpYWk8nEijEymSw7O9tsNiMf4neVcR5ytJiKqOqxRbxWkJhAv7jweWyCUFteiQcPHszMzOS+ey+TyXJzcy0WC3rzX6lU5ufnW61W9KdtzLnqVkmPYwzXtzTBhPGmqwFACmY+xjgcjqCgIJRnyeFwtLe346+amprwjo1Wq924caNer79x44Zarca/QylGCnqExWKJiYm5evUqLZxan6tMV1fXmjVrbDYbKvL+IwDNSJKBYfVst9urqqpCQkJycnJwoo6enp6cnJyQkJCqqircLVN5kb8AUKlU3CRUMuG/A+gnyH8uoioXcouErCAxgeYsfJ6ZINSWK1GifPs0ZzheNsbw+pYmmzDedDUASIH7GCP0G18oxly9ejUhIYG3K5PJhH7HOZ1Of39/nGqpoaEBnQmNjY1paWmsVikpKegHKWLPnj2JiYmlpaW1tbW3b98WUmbTpk1NTU3oM8qqja0ICQlRqVRuDWcyMjKi0WjwPSS5XK7RaPCyhWApz6vn6OioXC5n7dSJr1D9/f0KhQJ/1d3djZXnHQKWqtOxiNcKQhPoFxc+j00QasttaLVa/fz8cLGnpwf/IQ1hfhcSJT2IMUK+dTthvOxqAJAC98+VGRi4rYx2ew8ePCj0LfpnhZGREafT+frrr6ODiYmJFotFxveMzaNHj4xG42effYaPXLlypb6+PiEhwel0lpaWMr/CnD17NiYmZteuXaiI06QjK4xGI7YljAO3twcPHhQXF+t0usrKSnSksrJSp9MVFRU9ePAAV2MpL6In/vOMGYerKmE1XotkwlbMuglzCCHfEk4YcDUwt/E4OvH+LLJYLAqFYmhoCBVv3ryZmJiIv21sbMSbVAqFore3Fx9PSUnhpqCnadrlcrGOMMEPpDGVsVgscXFxrM0Eiu8fAWiCvbLCwkKKokpLS/G2G8Jms5WUlFAUVVhYSPPlz+fVk6ZplUplMBiY37q9jpG5y38urqpnFolYQWIC/eKPa49NEGrLlShRvn162tcxNJ9vCSeMN10NAFIwwzGmurpao9Hg4ujoqFKpLC8vt9lsnZ2d8fHxeNeruLg4LS2tr6+vs7MzNjb2woUL3BT0COYmtVBqfaYyWVlZ165dY6YQpwX+EYCE3Nzc/v5+ESfk5ubSnPz5QnrSNF1VVZWcnIzu4qJfkSQxRjz/OYmqL2uRiBUkJtCchc8zE4Ta8kqUIt8+S0mz2czcjGJZiunt7eXNT4x9SzhhvOlqAJCCGY4xcXFx+C4IoqOjAz2RGRMTU1NTg487HI7i4mKVSrVmzRr0sBk3BT3NWRF4U+uzlOG9UOP9R4AZhKW8kJ40TbtcrqNHjyqVSoVCodFo8NOoLKtZP5x588DTBOncp4OQFSQm0C8ufB6bINSWV6JE+faZSjocDoVCwbpJzlXm2rVrQnclEYQTxpuuBgAp8DzGzDixsbHMh9DmFtIpL/RsxRxiOiZ4zXxyQVqtlvtkChOHwxEVFYUelRRCogkzD2YLMM+Ytdz+XOZ0Cvo5rTzwUtTW1oo//7JkyZLLly+//fbbInVgwgALhFcx7zIAvMosXrz4jTfeEK8jHmAAYOEAMQYAAACQipn/r2UAAAAAQMB1DAAAACAVEGMAAAAAqYAYAwAAAEgFxBgAAABAKiDGAAAAAFIBMQYAAACQCogxAAAAgFRAjAEAAACkAmIMAAAAIBUQYwAAAACpgBgDAAAASAXEGAAAAEAqIMYAAAAAUgExBgAAAJAKiDEAAACAVPwfc4BOH7z3CFcAAAAASUVORK5CYII=)
Mirror: Click here to view the mirror
Coordinated Disclosure Timeline
Vulnerability Reported: |
14 May, 2020 09:40 GMT |
Vulnerability Verified: |
14 May, 2020 16:29 GMT |
Website Operator Notified: |
14 May, 2020 16:29 GMT |
a. Using the ISO 29147 guidelines |
![](/images/done.png) |
— |
— |
b. Using publicly available security contacts |
![](/images/done.png) |
c. Using Open Bug Bounty notification framework |
![](/images/done.png) |
d. Using security contacts provided by the researcher |
![](/images/done.png) |
Public Report Published |
|
[without any technical details]: |
14 May, 2020 16:29 GMT |