Open Bug Bounty ID: OBB-1166752
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:
      a. verified the vulnerability and confirmed its existence;
      b. notified the website operator about its existence.
Affected Website: |
a101.com.tr |
Open Bug Bounty Program: |
Create your bounty program now. It’s open and free. |
Vulnerable Application: |
Custom Code |
Vulnerability Type: |
XSS (Cross Site Scripting) / CWE-79 |
CVSSv3 Score: |
6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N] |
Disclosure Standard: |
Coordinated Disclosure based on ISO 29147 guidelines |
Discovered and Reported by: |
ELProfesor |
Remediation Guide: |
OWASP XSS Prevention Cheat Sheet |
Export Vulnerability Data: |
Bugzilla Vulnerability Data |
JIRA Vulnerability Data [ Configuration ] |
|
Mantis Vulnerability Data |
|
Splunk Vulnerability Data |
|
XML Vulnerability Data [ XSD ] |
|
Vulnerable URL:
![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAAA3CAIAAABVZQ1/AAAACXBIWXMAAA7EAAAOxAGVKw4bAAAQRklEQVR4nO3db0wT5x8A8LNW7OoJ2F1rYXUrzChZyMYIQ7aRhTDjGDGkMYwg6wxTwpAYZIQ4JE47RnBhsBg0yAu2OEecWYwxvDBsQbIQx0yHiKx2rDoG9agdFiyuI0fpuN+L55cnt/vXUij++35e9bk+99xzz3P02+fu6cMKlmUJAAAAIAIUD7oCAAAAHlsQYwAAAEQKxBgAAACRAjEGAABApECMAQAAECkQYwAAAETKwxtjEhISrl+/LpUES24JWxg6CwCAPKQx5tdff52fn3/ppZdEk2DJLWELQ2cBALAgMWZsbGzt2rWib01PTx89elQquUidnZ15eXlSyQdrdnZ2586dvGaZnJx87733tFrtM888c/Dgwbm5Ofn8yybEfkEtzO1uma6XLxx31r17995//33UJh999BG3TZZBKPUXCvsyDm9HXMmxsbF169aFcdwFOX78eEJCwpo1a7Zs2XLp0qVIHw4AgiAIVtbo6ChJkqG8JZMzDOnp6T/88INU8gFiGCYrKys/P593srm5uUVFRTRNDw8PZ2RkHDp0SD7/sgmxX1AL8zIzDBNG4biz8vLycJtkZmbW1NQsvPrhC++CDPsyXuThRkdHY2Njwzhu6FpaWhITE3t6ejwez7lz5yiKunz5ckSPCADLsg9jjHG5XLGxsX6/XzT5YI2OjtbX1/NO1ufzKRQKr9eLkpcvX960aZNM/uUUyqFxCy+0nsL8uKiZmRmDweDz+dB2q9W6cePGhVZ+MR6JGEPTdGpqKnqRnp4exnFDFx8f39PTg5NtbW3bt2+P6BEBYEOMMceOHTMajRqNxmw2o09Sr9eLR0KnTp3iJpubm0mSbGxs1Ol0sbGxu3btmpmZQaVZrdbMzEySJOPj43fs2GG320UP2tbWVlBQIEyaTKbGxka0cXBwMCoqCn+sl5aWVldXy2fYuHGj/O68alit1oyMDJVKRVFUfn4+TdO8ZpFJ8r6TynwABQKBmpoanU6nVqvz8/M9Hg/a7vP5SktLKYoyGAwWiyUQCKBCmpqajEajWq0uKCjweDzV1dUURWk0muLiYvyBjvG6CZXQ0NBAUZRer29vb+e1MLeevDoL+45XOK8onjNnzrzxxhui5aAMDMPs3r2bJMlnn3328OHDgUBAqgtEz0LYjFKXrgzhGQlrNTIyolarBwYGWJb1eDyxsbE9PT2iTcEjuqNUTbq6uuSrijOItmdBQUF9fT3OnJGRcfLkSYIguF/U0FcK+aMAsHjBYwxBEMXFxS6X69atW9nZ2WVlZeit4eFhkiQZhkEfBzg5MjJCEER+fr7T6bx161ZycrLFYkG76HS69vb2qampkZGRL774YmRkRPSgubm5HR0dwmR7e/u2bdvQxvr6eqVSefbsWZRENwHkM1RXV8vvzqtGW1vbV1995fV63W53ZWWlyWTiNstSxZiGhoa0tLShoSGapisqKnp7e9H23bt3b9++3el02my21NTUlpYW1Bdms5mmaYfDkZmZSVEU6hqHw5GVlVVRUSEsn9tNqIRdu3a53e6urq7h4WFeC8vEGNG+410DrKDvcB3i4+OtVqtUOSzL1tbWFhYWjoyM2O32rKysEydOSHWB6FkIm1Hm0pXBOyPRWtXX16N4WV5eXlRUJLojJSC1oyi9Xp+dnd3f3y98y2q1Zmdn6/V6mX45d+5cWloayuByuVQq1W+//aZSqYKePgBLLqQYc//+fZTs6+tLTEzEb4l+zqJdnE4n2n7+/Hl0uU9NTSmVStFb/E6n02g0otc+n48kyampKWHS5XKp1WpUQnp6elVVFfpDHR0djY6O9vv98hmcTqf87jLtcOvWLfxXLXPuOBl6jNHpdOi7LVcgECBJEn/+dnZ2ZmRkoIbl3pFTKBR4jNjX1yd6M4oXNgiCwG2LcFtYKsZI9Z3wniG37xCaphMTE1E4l7kGKIrC47DBwUHhjSPcBaJnIWxGmUtXBu+MRGvl9/uTkpIsFgtFUW63W3RHWkBqR1E+n6+hoUGj0RQUFDgcDrTR4XAUFBRoNJqGhgZUK6n2nJmZQRc8y7Ktra15eXnc6qGxL0VRoTQIAIu0sOcx3E9PmRjD/cZkt9t1Oh16XVhYmJKSUlVV1dTU9OOPP+I8gUDA5XKh1+fPn8/OzsZv8ZIpKSk9PT1ut9tgMHi9Xp1OFwgE2tvbd+zYEUqGoLtzDQwMbN26NT4+Ht2M4oaNpYoxXq9XqVTiQQDmcrmioqJw0uFw6PV6+aNIPTSWGZog3BaWySzad7w8vM5CMjIyWlpa5MuZmpoiCAJ/5ddoNOiaEe0C4VmINmPQThHFi6yitWJZtru7myAI7nmF+DxGuKOMqakpk8mkVCpRUqlUmkwm3h0/qb+pwsJCdJStW7d2dHTQNI3/Kr1eL03TV65cifQsAwBYllUuZk7aQn377bdXr1612Wwul6uqquq11147fvw4QRArV66Mi4tDeeRnLefm5nZ3d4+MjGzfvj0mJiYlJaW3t7e7uzs3NzeUDEF35zKZTCUlJW1tbSqViqbpnJycCDXLypUrI1RyKEKcFy7Vd/JF3blzZ2ho6Oeff5Yvh2EYhULR39+vVP7/glQoFMQCu2DJm1GqVgRBuN1uhULhdrul9tVqtbwtd+/eDWVH7I8//jh8+HBvb29dXR3aUldX19TUVF5eXldX9/zzz6ONUv1SUFBw4sQJs9lstVrPnz8/Pz/PMMzc3NyqVatiYmJiYmImJibUavXCWgSAMMiHoPDGMQTnXtmFCxfwrWGuwcFBg8HA2xgIBCiKwveIeEmWZfv6+tLT0/Py8i5evMiybGtra0VFhV6vx8Mg+QxBd8cmJibw90dUW5lxjMy8MtH8XDqdbnBwUNgOovfKlnwcw2vhoIMeBPcdN4+ws9BGqadu7H+vAZIkeTe7pLpAtGLCZlz8OEa0VizLer1evV5/9uxZjUaD5yyEcq9MdEdRZWVlJElWVVXhOSCIx+OprKwkSVL02RK3PRmG0Wg0x44dw2P0+Ph47kCnqakpJycnWHsAsFjhxxifz6dUKvHNYpxEMQbNArLZbCkpKeiZv91uz8nJQdPznU5nSUkJd+okuqfc29ubnJyMN/KSiE6n0+l0KD9N09HR0SkpKaFnkH+Xe2tbp9O1trZ6vV6Hw2EymWRiDMuyOTk5ZrMZPX7PzMzEv48Rzc89SkNDQ3p6OnpYvW/fPvzMv6SkJC8vj/fMP8QYwy2f203CavNa+P79+0qlcnh4GE9jQ9ul+o5buGhn8Sojcw2UlZVlZGSg7+ONjY11dXVSXSAaY4TNGF6M4V3VorUqLy9Hc+fq6+uzsrJEdxQluqMos9ksM+lrdHTUbDazwf6mioqKoqOjv/vuO5TEv4+ZmJjo6OjQaDR9fX1BGwSARQo/xrAsa7FY1Go1nqyJkmju8meffcabu+z3+y0Wy6ZNm6KionQ6ndlsFj4vra6urq2txeXzkkhRUVF+fj5OpqWl8fLIZ5B5l3eyvb29aWlpKpVKr9dXVVXJx5iJiYmioiKNRhMfH19TU8ObQSAzPggEAgcOHKAoSqVSmUymoHOXuWWKxhhh3XA3Cd8StnBNTY0ws0zf4cJFO4tXSZlyGIaprKw0GAxqtTo3NxeNfkS7QDTGCJsxvBjD/veqFtaqv7+fJEk0TGcYxmg0nj59WrijkMyOYZNpT5ZlL1y4QJIknhXCsmxLS4vRaIyKikpNTZWZOQ3AElrBsuzS3nwbGxtLTk7++++/w9h38+bNp0+f3rJli2gSLLklbGHoLACA0MMVYwAAADxOHtJ1lx8e169f37t3r0yGubm5nTt3/vXXX8tWJbBIWgnwxQiAJbesc5cfRcXFxYWFhTIZVq1aFRUVVV1d/c033yxbrcBiDA4Oim5/UGtjA/AYezTGMeGtfL741d0nJyeHhoYqKytRaSv+6+2330bZKisr0W/rwCPhGQkPul4APIYejRiznLxeb0NDA3rt8/nUavXq1atREi1IhXV2dqLtGo3G5/M9mOoCAMBDDO6VLQyONwAAAIIKPo75559/PvjgA61Wu2HDhk8++eTff/9F96Cam5sTEhLWrVv37rvvTk9Ph1EO2v7LL7+8+uqrTz31lFarfeedd8bHx9H28fHxt956a+3atZs3bz5z5ox84VKFcM3Ozu7Zs2ft2rXPPffckSNH8IkcPXpUq9XGxcV9+eWX09PTRqPR5/OtWLHi66+/5pUwPz+/f//+9evXr1+//sMPP8SnwPP9998HbQ0AAHgSBI8xFRUVLpdrYGCgq6urs7OztbWVIAifzzc0NNTX12e1Wp1OZ21tbXjlEAQxMDBQWlrqdrttNpvBYNi3bx/avm/fvujoaLvdfvHiRW6MEU4HkimEq66ubmZmZmhoqKurq7e3t62tDZ3I8PCwzWY7depUZmZmTEwMXqTdbDbzSpiZmSFJ0maz9fX1dXd3Hzt2TPRMi4uL33zzzatXrwZtEwAAeMzJ/0RTZpF5vGr65cuXuYuES/0MW1iO8HB4/fZAIKBSqbj/IAD/SFt0JSjRQoKu0y66SrzUb/IZhrly5QrOduHCBbz+vHD5MuHC7AAA8AQK8jxmYmLC7/cnJCSgZFJSEvpcJkkST9kyGAxoFfQwyiEI4tq1awcOHLDb7X6/f35+fn5+HuUnCGLDhg04Py5KdP6PaCFc9+7d83g8RqMRJefn59FiuiRJhjhjbfXq1dwfsSclJTmdTtGca9asOXjwYFlZ2e7du1944YW5ublQygcAgMfPg3/mv9Al9EVXTQ9aiOg67X6/fzE1F0YyTLgwOwAAPIGCxBidThcVFfXnn3+iIcjw8DAeCiyIVDl37951uVwff/wxyubxeHB+giBu376NhjIOhwMXJfwBnVQhXHFxcWq1empq6uWXX8Ybx8bGQj+FS5cuVVdXX7t2DSXtdrtUU+zdu7ejo6O0tNThcDz99NOhHwIAAB4zQZ75r1y5srCwsLKy8vbt2zdu3LBYLEVFRaGUO/tfBEGIlqPVajUazcmTJ6enp2/evGmxWPBxc3JyqqqqxsfHUX5csvCnc1KFaDQahmF+//13NAHMbDaXl5ffuHHjzp07n3/++aeffipac4qiGIa5efMmQRAKhSIQCKDtaWlpNE0fOXJkcnLy2rVrhw8fxpMCAoEAHh4RBOHz+Ww2W3NzMwQYAMCTLugTmzAWmRcepa2tTVgOyi+1hD5N09u2bSNJctOmTU1NTfILs0sVgleqZ8XWaZf6N1x4kXaGYVQqFX5u39/fn5mZSZJkYmJiY2Mjzn/u3LkXX3wxaEsCAMCTZunXXX7M7N+/32azXbp0SSrD7OxsUlLSoUOH9uzZs5wVAwCAhx/EmCDm5uYGBwdfeeUVmTw//fTT66+/vmxVAgCARwXEGAAAAJECa2ICAACIFIgxAAAAIgViDAAAgEiBGAMAACBSIMYAAACIFIgxAAAAIgViDAAAgEiBGAMAACBSIMYAAACIFIgxAAAAIgViDAAAgEiBGAMAACBSIMYAAACIFIgxAAAAIgViDAAAgEiBGAMAACBSIMYAAACIlP8BdrHf4bEvFd4AAAAASUVORK5CYII=)
Screenshot: ![a101.com.tr vulnerability](/twimages/screen-1166752.jpg)
Mirror: Click here to view the mirror
Coordinated Disclosure Timeline
Vulnerability Reported: |
20 May, 2020 12:19 GMT |
Vulnerability Verified: |
20 May, 2020 12:32 GMT |
Website Operator Notified: |
20 May, 2020 12:32 GMT |
a. Using the ISO 29147 guidelines |
![](/images/done.png) |
— |
— |
b. Using publicly available security contacts |
![](/images/done.png) |
c. Using Open Bug Bounty notification framework |
![](/images/done.png) |
d. Using security contacts provided by the researcher |
![](/images/done.png) |
Public Report Published |
|
[without any technical details]: |
20 May, 2020 12:32 GMT |