Open Bug Bounty ID: OBB-1181441
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:
      a. verified the vulnerability and confirmed its existence;
      b. notified the website operator about its existence.
Affected Website: |
school328.com |
Open Bug Bounty Program: |
Create your bounty program now. It’s open and free. |
Vulnerable Application: |
Custom Code |
Vulnerability Type: |
XSS (Cross Site Scripting) / CWE-79 |
CVSSv3 Score: |
6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N] |
Disclosure Standard: |
Coordinated Disclosure based on ISO 29147 guidelines |
Discovered and Reported by: |
geeknik |
Remediation Guide: |
OWASP XSS Prevention Cheat Sheet |
Export Vulnerability Data: |
Bugzilla Vulnerability Data |
JIRA Vulnerability Data [ Configuration ] |
|
Mantis Vulnerability Data |
|
Splunk Vulnerability Data |
|
XML Vulnerability Data [ XSD ] |
|
Vulnerable URL:
![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAAA3CAIAAABVZQ1/AAAACXBIWXMAAA7EAAAOxAGVKw4bAAAQC0lEQVR4nO3de0xb1R8A8LtSWdcWeba8uvHIREImIlkQE2YmWxSRYN0D0TGGDrESZEgmATYRGbINh9FFCTEsmWSZxpi6EGLmgpM0ZGHAulorQsej1FoRSoWtQCml9/fHye+mua+WQgdz389fPaen5377bdPTe257ziYcxzEAAADACzjrHQAAAID/LBhjAAAAeAuMMQAAALwFxhgAAADeAmMMAAAAb4ExBgAAgLdsiDEmJibm119/ZSoClyBjAICNaf3HmN9++83hcDz55JO0ReASZAwAsGG5GGPGx8f9/Pxo75qdnT19+jRT0X3t7e3Z2dlMRXewBOlxJ0NDQy+++KK/v39oaOjRo0dnZ2dR/dTU1KFDh4KDgyMjI997773FxUVUPzY29vLLLwcGBoaGhr711ltE+/vAOWPT09OHDx8WiUSRkZFVVVVLS0tMj2Jpubi4+Nprrzlng0jO+Ph4YGDgisJbk1cHAPCA8vw8ZmZmpqGhganovtWPMd6QmZkpkUgGBweVSqXVapXJZKg+Pz+fx+NpNBqFQqFWq0+ePInqs7Ky4uPjBwcHe3p6TCZTcXHxfQvVOWP5+fkOh0OlUl2/fr2rq6uuro7pUUwtFxcXMzIy7Hb7WoUXFRVlMpnWqjcAwAMGZ6XT6YRCoTt3sbRkYTQaAwICbDYbbdFNnh2apROr1frZZ5/dvXsXFdVqtUQiwXHcYrHweDyLxYLqe3t7t2/fjuP45OQkl8slulKpVKj9feCcMYvFwuFwZmZm0F3d3d1xcXG0j2JpqdPp6uvrSSk1GAzJycnoRkpKiveeDgDgP8at85jPP/88JiYmODj48OHDaBZodnY2OjraYrFs2rTp66+/di5++umnfn5+n3zySWhoaGBg4JEjRxYWFph6bm9vf/755x955BFqsa+vb9euXX5+fpGRkfv37//jjz8wDFteXq6qqgoNDRUIBAcPHpyenmYJEsOwubm5t99+WyQSbd269aOPPlpeXmavRzZv3nzs2DE0w7O0tHTp0qX09HQMwwQCwcLCgkAgQM1sNpuvry+GYSKRKC4u7ssvv8QwbGFhoaWlJS0tjfRMmSKnRoIml5qammJiYgQCwauvvjo9Pf3++++LRKLg4OA33nhjbm6ONoEmk4nP5/v7+6O7JBLJ5OTk2NiYQCC4ffs2hmHT09OBgYG//PILbUt0Oyoq6sSJE6TgIyMjb926hW7cvHkTVf70009ML6tzA+e5Mvef2t9///3SSy/5+fnFxMQ0NTXRTtBR3yGo/9OnT4tEovDw8AsXLrBknoo2V+zPEQDAzvUYY7FYVCrVjRs3ent7jUZjZWUlhmH+/v6Dg4NCodBqtebl5TkXX3nlFYvF0tvb29/f39/fr1QqGxsbmTpnmSjLysoqKCjQ6/Xd3d1paWk8Hg/DsMbGxs7Ozs7OTq1WGxERMTAwwBIkhmGlpaVGo1GpVF69erW9vb25uZm9nuSHH37g8/m9vb1fffUV9d76+vr8/Hx0u6Ojo7q6esuWLY8++mhXV1drayupMVPktJGgp9Pd3a1SqYxGY3x8vMlkUqvVPT09Op2uurqaKYFUMTEx1dXVZWVlGIbV1NRkZmY+99xzLO3dV1BQsGfPHjT2kPT19e3Zs6egoIB6l5tPraSkxNfXd3h4uLOzs62tjTYA2neIxWIZHBzUaDQXL15EIz1t5kUUXs0VAA8v9tMcnU6HYRgxa3Tjxo3Y2FjiLtq5MvQQvV6P6uVy+c6dO9FtvV4fHR1NPMRisQiFQrPZTC2azWYul2u1WknxiMVipVLpZpB2u10oFI6OjqL69vb21NRUpnraCbf5+XmFQrFjx46WlhbSXbW1tXv37rXb7ahYWlqanJzc29t77do1iUTS2trqTuRMkWAY5jyRxeFw5ufniWeHJuioCaS+IgEBATiO22y2+Pj42trakJCQiYkJlpbONS6nHy0WS0NDQ1BQUE5OjlarRZVarTYnJycoKKihoQFNKjp35eZTs9vtPB6PSItcLieFhzO8Q1D/REIQ2swbKFA9NVcAgNVY2fUY5w8jljGGx+MR9QMDA2KxGN222+1Go5G4Sy6Xp6enMxVzc3OTkpLKy8vPnTvX1dWF4/jMzAyXyyU+1l0GaTQafX19iXqtVhsWFsZUz/Kp+uOPP6KrEYQrV67ExsaaTCZUtNlsfD5frVaj4uXLl4lhFWGK3J1ISAOAc5GUMZYHdnZ2Yhh2/vx5ly1pG7Awm81SqZS4HMXlcqVSKTGK4JQxxp2nRkrLwMAAdYzB6d4h1LCZMs+ClCsAwGrc1//H+Pj4hIeHE0X2X5R98803ra2tiYmJNputvLz83XffJTrxdpxLS0t9fX1EMTY21mg0EsXff/9dJpPJ5fLg4GBUYzabbTbbE088gYpJSUkGg4Ha7ZpH7v5v8CYmJjgczsTExNoGMDIyUlJSolAoiJ+l1dXVKRSK4uLikZGRtT0WFdM7hIqaedq5MsRLuQLgIcU+BHl2HoM5zZVduXKF9KUesdvtISEhxHwIqUhC/FJLLBarVCo3g/R4rsxqtXK5XGLKpb29nfgxldls3r59++XLl0kx8Hi84eFhdFsul6MDOaON3J1ZO6Yv+9SMMf1abGZmJiws7Ntvvw0KChoYGGBpyZRSWjKZTCgUlpeXE+dziMlkKisrEwqFMpkM9+g8Bs2V6XQ6VE87V0aC3iG0YdNmnmmujJorAMBqeD7GWCwWLpdLTMQTRTTGHDhwwGAwaDSapKSk2tpaogdiAh1d5yDqScWBgYGMjIzr16+bTCa9Xl9YWJiVlYXjeENDQ0pKilqtNhgM6Bs0e5CFhYXZ2dl6vV6j0SQnJxMTINT6u3fvcrncwcFBNK+SlZWVm5trMBhUKlVCQkJzczOO43a7fe/evaWlpVYnqMOSkpL09PTR0VGlUhkXF3fx4kXnJ8sUOW0kbn4QkzKGZGRk5OXlGY1GrVablpZ28uRJHMeLi4tzcnJwHK+vr9+9ezdLS6bXnVZeXh4xDFDpdLq8vDzcozEGx/EDBw5IpVKdTqfRaBITE6ljDO07hDZspszTos0VAMBjno8xOI7X1tby+Xz0eUoUm5qahELhmTNnxGJxQEBAfn4+cVHXubfjx49XV1cTXZGKNputtrY2Li7O19dXLBbn5eWhC7B2u72ioiIkJITH40mlUvQNmn0gLCoqCgkJkUgktbW1xLw8bX1lZSXxdCYnJ3NzcwMCAiQSSX19PdEz6SyQOJDVai0pKRGLxdu2bTt37hw1KtrIaSNx84OYlDFkcnLy9ddfDwoKioiIqKystNls/f39QqEQnVZardbo6Oi2tjbaliyv+2p4NsZMTExkZWUJhcLo6OgzZ85Qxxjadwht2EyZp2LKFQDAY5twHF/bybfx8fEdO3bcu3ePvdnjjz/e1tb29NNP0xaBSw9PxoaGhp599tl//vlnvQMBAKwYd70OPDQ0xFIELj08GVOpVLGxsesdBQDAE+u/7vIDYXl5+ezZs3fu3FnvQB5UK03gqVOnLly4MDU1dfPmzerqamK9OADAgwXGGLf4+Pg4HI7jx4+vdyAPqpUmcPfu3c3NzRKJJC8vr7S09MiRI14NDwDgJWs/xkRFRbm8GHPfeLywPHWrgoqKCoPBQKzW5W1rtST+/Vla352dHdxMIAp4165dcrmcz+ffuXPn2LFjaxcpAOC+gvMYetStCnx8fG7duvUwXGP3gDs7O0ACAXgIwRgDNhYulxsXF+d8AwDw4HI9xrAvPh8YGHjo0CHnbR8XFxePHj3q5+cXFRX14YcfEu2dV1ynXYOddr192pa0+vr6nnnmmS1btohEooMHD/7111/UNtTYaA9B2rnA/cwQvdFubcBydKZknj17ltQPae7LeWNKlvXwqf2wx0/tnyVO53Tl5+e/8MILxMNPnDjBcimFdncAz/YRAABsTK7HGKbF59VqNVpLX6/XO682X1dXNz8/r1arr169qlAoWlpaMLoV16k1TOvtU1vSLjalVCqLioomJiY0Go1EIikpKaE+F9rYqIcg7Vywosyg3mi3NmA5Om0yLRZL//+xb5GAMK2Hz9SPmxscOPdDG6dzuj7++GOFQkFckGtvb9+3bx9Thyy7A3jcEgCwsbD/RZNl8XliLf3u7m5iwX8cx0NCQoidIlUqVUpKCnXFdWoN09pitKu1My02RRgeHkZLLJP++E2NjekQLv/ozh4w7dYGLEenJpOpH5bF2WjXw2fqhyV+2v7ZX3TnR6Wmpn7//fdEJXWDBgLt7gCrbAkA2FBc/AdzcnLSZrPFxMSgYnx8PPqsEQqFxIyKRCIxm83o9r///msymaKjo1HR4XBwuVzUnrSVIamG6UC0j42MjKSGevv27YqKioGBAZvN5nA4HA4HqQFTbLSHcIklYB6Pt3XrVqJer9e7PDptMmn7YYnH4XA4x0PcRdsPS/xMmOIkkUqlHR0d+/fv7+joyMzM3Lx5M1OHAoGgqqpKJpO9+eabCQkJS0tLq28JANhQ1vh//larlcPh9Pf3Ex+gHA7HZrOt7VGcV2JHpqampFJpYWFhS0sLj8czGAwZGRnuxLa2gbFY36PfT/v27UNTmh0dHbRbYTobGRmpqalx3h1g9S0BABuHizFGLBb7+vqOjY2hL7yDg4PEN3Fa4eHhfD7fbDY/9dRTROX4+LjLOFZ0IJVKRaqZmpoyGo0ffPABKppMJjdj8xhLwFar9c8//0SnDlqtdtu2bZ4dnbafoKCg+fn5e/fuoVMKYqMasVjM4XDGx8ejoqJQPOz9MMXP1L/7HnvsMbFY/PPPP/f09Hz33XcsLd95551Lly4VFRVptVpiM55VtgQAbCwuZ9NWuvi8TCZLTU3VaDRGo7GxsbGuro56bYP2agftOvzuLwAsFoubm5tnZma0Wq1UKkUhkVbsp8bGdAjSzgVuZgb//3UL2q0N3Dk66foHbT8pKSmFhYUTExNoWX729fBZ+mHa+IC2f/YXnZSumpqaxMREtB0DC/bdATxrCQDYUFyPMStdfN5qtZaVlUkkEj6fn5mZOTo66uYYQ7vevvtjjEKh2LlzJ4/HCwsLKy8vJ0JyXrGfGhvLIUg7F7iTGaI32q0N3Dm68xgjFAobGxup/QwPD6enpwuFwoSEhPPnz7Ovh8/SD9PGB7T9u9ye2Tld6ESTJXUAgIfE2q/t/5Bzc2sDb1vf9fDn5uZCQkKMRuNKf0kBAPiP+W9edgbrux7+tWvX0tLSYIABAKzb/jFgzZ06dSoiIiI7O3t0dLS6urqmpmZdwpidnf3iiy9yc3PX5egAgA0FzmP+OzbIevjEhZ91OToAYEOB6zEAAAC8Bc5jAAAAeAuMMQAAALwFxhgAAADeAmMMAAAAb4ExBgAAgLfAGAMAAMBbYIwBAADgLTDGAAAA8BYYYwAAAHgLjDEAAAC8BcYYAAAA3gJjDAAAAG+BMQYAAIC3wBgDAADAW2CMAQAA4C3/Axnjy8d+6D8fAAAAAElFTkSuQmCC)
Screenshot: ![school328.com vulnerability](/twimages/screen-1181441.jpg)
Mirror: Click here to view the mirror
Coordinated Disclosure Timeline
Vulnerability Reported: |
2 June, 2020 12:56 GMT |
Vulnerability Verified: |
2 June, 2020 13:09 GMT |
Website Operator Notified: |
2 June, 2020 13:09 GMT |
a. Using the ISO 29147 guidelines |
![](/images/done.png) |
— |
— |
b. Using publicly available security contacts |
![](/images/done.png) |
c. Using Open Bug Bounty notification framework |
![](/images/done.png) |
d. Using security contacts provided by the researcher |
![](/images/done.png) |
Public Report Published |
|
[without any technical details]: |
2 June, 2020 13:09 GMT |
Vulnerability Fixed: |
24 June, 2020 15:45 GMT |
— |
— |