Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:
      a. verified the vulnerability and confirmed its existence;
      b. notified the website operator about its existence.
Affected Website: |
margueritescafe.com |
Open Bug Bounty Program: |
Create your bounty program now. It’s open and free. |
Vulnerable Application: |
Custom Code |
Vulnerability Type: |
XSS (Cross Site Scripting) / CWE-79 |
CVSSv3 Score: |
6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N] |
Disclosure Standard: |
Coordinated Disclosure based on ISO 29147 guidelines |
Discovered and Reported by: |
Dipu1A |
Remediation Guide: |
OWASP XSS Prevention Cheat Sheet |
Export Vulnerability Data: |
Bugzilla Vulnerability Data |
JIRA Vulnerability Data [ Configuration ] |
|
Mantis Vulnerability Data |
|
Splunk Vulnerability Data |
|
XML Vulnerability Data [ XSD ] |
|
Vulnerable URL:
![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAAA3CAIAAABVZQ1/AAAACXBIWXMAAA7EAAAOxAGVKw4bAAARsklEQVR4nO2dcUxTVxfAn7Vjz/pkWEuH2ih2jhDilBlGmCOLYWRhhGBDWMNYxxgyUwlhSAhT41zDTCWOGeMcY4suzhhnFkOYfzGTLYY45zrFyroGO9YBeauddKWwjpVSed8f9/tu3vfefY+2UkB3fn/13vfuufece27Pu/e+3i7hOI4CAAAAgASgWOgGAAAAAA8tEGMAAACARAExBgAAAEgUEGMAAACARAExBgAAAEgUEGMAAACARLF4Y8yGDRtu3bollQQWP4noMnADIBrATxYPizTG/PTTTzMzM1u2bCEmgcVPIroM3ACIBvCTRcUsMWZ4eHjFihXES+Pj44cPH5ZK3icXL14sLS2VSi5+BHabW+PIs2fPnmXLln3++efzU50UMl0Wt3HidgNsk+Hh4SX/z4YNGyiK+u2333bs2LFy5crHH3/8zTffHB8fj6OWaJAZUFKMjY298cYbqampa9euffvtt6enp/lXX3rppU8++QQnR0dHX3311VWrVq1du3bPnj1TU1OUrHZ8bxkbG3vttddQWVSRlLnkVRseHl65cmVMOs4t8flJHF0jI2phLbC44GQZGhpiGCaaSzJ3xkFubu6lS5ekkg8EoVAIf55b48jg8/kUCoXdbo9EIvNQnQzyXRafceJzA75NUF2h/3Ho0KHS0lKO47KyslpaWrxer9vtNhgMlZWVsdYSJXF4QmlpaWVlJcuyAwMD+fn5e/fuxZcGBga0Wu3k5CTOKSoqqqmp8Xg8g4ODBQUFzc3NnLR2Am9Bl1iWdTqdeXl5FotFylzyqg0NDaWkpMSk49wSn5/M4SBdcAssKhZjjPF4PCkpKeFwmJh8EJm3GDNvFckTU5dF2ea43YAv3+v1FhUV4UtZWVldXV13795VKpU4026363S6WGuJozHRMDk5qdPpgsEgStpsto0bN+KrdXV1Bw4cwMlgMEjTtOBmGe34jQmFQkqlMhAIoOSVK1eysrKI5pJqKsuyW7duRR9yc3Oj13FumRM/uU8gxvCJKsYcO3YsPT1drVabTCbkhYFAAM+ETp8+zU9+8MEHDMMcOXJEq9WmpKRUVVXh5yybzZafn88wzJo1a8rKypxOJ7HSzs5Oo9EoTqLGtLe3p6enq1Qqo9Ho8/mam5s1Go1ara6uruaPrry8PJqmNRpNeXk5y7K4uNVq1Wg0aWlpJ0+e5DjO4/EUFxczDJOent7e3o48Qxw+sceEQqGamhqGYdatW3fw4EH0ACiWzJcgsBVRgoxxIpHI3r17tVqtSqUqLy/3+XxSCvp8vmgq4kMUHgwGd+3apdFodDqdxWLh6xiN8QU9KNZLxjhSFhbIFM/FpbpMYBO+7jabTaPRoC+jrKysEydOcBw3OTlpNpsrKiqwTKInE92Gj1RZqQElUxefc+fOPf/889h0arXa6/WKb0OgOCGlncAygUBAoVDgSq9fv56eni5lrujp6emJ/gaxqxiNxkOHDuEb8vLyUCfK2J/vJ7N6ckpKSmVlJb8LsBxiWU5i6HEcx7Lsiy++yDBMRkaG1WqFGIOZPcZQFFVdXY1n32azGV0aGBhA82hkfZx0u90URZWXl4+MjAwODm7atMlisaAiWq325MmTfr/f7XYfPXrU7XYTKy0uLj579qw4iRpjMplYlnW5XPn5+RqNBrXN5XJt3769oaEBFens7Pzss88CgYDX621sbDQYDLh4VVWV1+vt6ekZGBjgOK6srMxgMHi93sHBwc2bN88aY/bv319RUeF2u51O5/bt29HQFUsWSODbiihBxjhWqzUnJ6e/v59l2YaGht7eXikFo6yID1F4TU1NSUnJyMiIw+HYunXr8ePHYzK+oAfFeskYR8rCApl49aalpYUfD4hdJpCPqaurw212u93Jyck0TSuVyszMTBQvkcpETya6DR+pslIDSqYuvqHWrFljs9lQsr29vaqqStynmKKiora2NintxJbJyclpbGwMh8MTExMlJSXl5eVS5uI4TiOC2Ia0tLSCgoLr16+LL9lstoKCgrS0NJwjdpULFy7k5OSgqx6Ph6ZpFA9k7M/3ExlPrqqqQq6bn59fV1fHiVyIWJaTHnoGg4HffRBjMFHFmImJCZS8evWqXq/Hl4hrZajIyMgIyu/q6kJe4vf7lUolfyEeMzIygh+agsEgwzB+v1+cRJL503n+k9fVq1f5ywiYwcFB5MeoOJbMcVwkEqFpGn+bd3V1zRpjNBoNHqJ2ux2tCYglyywkEiXIGEer1fb19YnzxQpGU9GswiORCMMw2CYXL17My8vjYjE+v8uIesmvshKbLfAKhMPhWLduHZp7yXQZcQ0kFAqlpKRg3RsaGrZu3Wqz2S5duqTT6dAcV8qTpdxGoCOxrNSAkrofw7KsXq8/f/48ztHr9Xa7XWpZxmKxFBYWouBB1E5sGafTmZ2dnZSUpFKpKIrib2kIzIXaI0DcBo7jgsGg1WpVq9VGo9HlcqFMl8tlNBrVarXVasV9TXSVycnJ5ORkZJaOjg60GyRjf76fyHsy7oIrV67gLsDWkCorAA891CR+90GMwcS2HyMzdPkxhqZpnO90OrVaLfpcUVGRnZ3d1NTU3t5++fJlfE8kEvF4POhzV1dXQUEBvsRPyjRGkOzr6yssLFyzZg1aySFGDo7jPB5PUlISv6nyMcbv91MUhR/c1Go1Uk0sWco4UhKkjBMIBJRKpXiZi6hglBVhiMIFNnG5XDhCR2l8QQ+K9ZKJMVLNFshEbNu2rbu7W8rg8jHm/PnzmzdvRp/D4bBKperv70fJc+fO4XhA9GQpt+EjVVaqnTKjBpGXl4cfpfkGIcaY7u5uvV6Poq+UdlKWCQQCR48eFUQ4vrniwO/3GwwGvC2kVCoNBgN+XsEQh0BFRQVSvLCwEE1QZOzP95NYPZmfL1WWkxh6aI5FbBKgJL1rlii++OKLGzduOBwOj8fT1NS0bdu2Dz/8kKKopUuXrl69Gt0zJ28tGwyG2trazs5OmqZZli0qKpqT9odCIYVCcf36daXyv3ZTKGL7gZGMBCnjUBS1dOlSgZxZFYy+qWLh94mgy8R6NTc3S5WVarbYDT766CO9Xr9jx474Gnn69Omamhr02e/3h8Php556CiWzs7NZlo1PbIK4c+dOf3//999/j3OOHz/e1NREvPnnn382m809PT2rVq2iYtdOpVIdO3bsxIkT/Ey+uRCpqamCgqOjo0SBv/7668GDB3t7e1tbW1FOa2tre3t7XV1da2vrE088ge8kDgGj0XjixAmTyWSz2bq6umRaTs3LjxwS9N3yMCMfguKbx1C8WX93d7fgmQhBfHsnEoloNBo8RRUko3yUFr9IIzWPQTPcoaEhlMQz3ImJCYVCwZ9N44oYhhGvXEU/j5GSIIBvHK1Wa7fb+VelFIyjIrFwmRWGaIwv6DKiXvJrZeJmi2WyLJuZmclfOpPpMnHvsCxL0/Tdu3dxDk3Tg4OD6HNXVxd/UUXsyVJuw0eqrMxDtMyoiUQiApNSFKVWq9GjtEKhwDsifr9/48aN586d499M1I5oGY7jPv30U/R6mIy5uKjXysxmM8MwTU1NaFKF8fl8jY2NDMPg/V0BeAiEQiG1Wn3s2LGysjJsDaL9xd8eMXlyNGtlUkNPsFbW3d0N8xhM/DEmGAwqlUq8xoqTePeSZVmHw5GdnY12L51OZ1FR0bfffuvz+UZGRmpra0tKSrBktA7b29u7adMmnClIRr9co9VqOzo6AoGAy+UyGAxSMYbjuPLycoPBMDQ05HA4+JuHubm5tbW1Xq8X7QrifLPZnJeXhx61jhw50traSpQsfkcF24ooQcY4Vqs1NzcXbcvX19ejbXmigoJ6iRVx///bFKLw2tra0tJS8U5pNMYXdBlRLxnjEJstkMlxXFlZ2YULF/DOv3yXiXunra0Nb9Ui6uvrCwoK3G53X19fRkYGenlJypM5abfBjZEqKx9jiHWJe43jfcVfu3YtOTkZfY5EIoWFhQ0NDSEeUtoRLROJRPR6/cWLF+XNFT0mkwkHAzFDQ0Mmkwl9lhkClZWVycnJX375JS5ItL/YT2Ly5ImJCaVSOTAwgFaPiWU56aGH9vxx90GMwcQfYziOs1gsKpUKuyxKoneX29raBG9hhsNhi8WSkZGRlJSk1WpNJhN+7RLX0tzcvH//fixfkIw+xvT29ubk5NA0nZaW1tTUJBNjvF5vSUkJegmyra0NS0Dv/DAMk5WVdfz4cf6XSGNjo06nU6lUxcXF6Eln1hjDtxVRgoxxIpFIS0uLRqOhadpgMKDnQaKCgnqjaSpRuMwbn7MaX9BlRL1kjENstkAmR3p3WabLxNVlZmbijRxsq/r6eq1Wu27duvb2dn5BsSdzEm7Dr0iqrPxDNLEusbX5CJYWBJZBl4jaES1z5swZwSSGaK5EIDMEuru7GYbhG4Rof7GfxOrJe/fuxX4o9e6y1NDjv7tMfJ39X8ssMSYOiF/lUZKRkXHt2jWpZKJBv5qet+oeShLRZfPsBpgoPZnoNrGOgvsZNf9ysP0Xyk8AeeZ1z39Wbt++LZNMNHa7Xa/Xz2eNDx+J6LJ5doNYAbdZWLD9F7mf/GtZdOcu37p1a/fu3TI3TE9Pv/LKK3/88cecVPfee++dOnVqdHT0hx9+2L9/v9lsnhOxwMMNuM3CAvZ/gFh0Maa6ujo9PV3mhkceeSQpKUnm/deY2L59e0dHh06nM5lMDQ0Nr7/++pyIBR5uwG0WFrD/A8QSTrSDGjfDw8ObNm3666+/Yio1Pj7e0dGxb98+iqL+/PNPdI7so48+SlHU6OhoY2NjT08PTdNGo7GtrQ3l37x5s7i4+M6dO3PVcgAAACARLPw8JhAIWK1W9DkYDKpUKhRIKIqqqqqiadrhcPT29vb39x84cADlq9XqYDC4MM0FAAAAomZx7fnz+fvvvy9fvuzz+ZYvX05RVFtbW2Vl5fvvv7/Q7QIAAACiJc55zI8//vjss88uW7YsNTX15Zdf/v3338X3TE1N7dy5c8WKFevXr3/33Xfv3buH/mnu8OHDqampq1evPnXq1Pj4eHp6ejAYXLJkieCvG5cvX/7PP/+gAENRVDgcTkpKIjbm66+/jk8LAAAAIKHMHmNSRVAU1dfXt2vXLq/X63A4dDpdfX29uGBra+vk5GR/f39PT09vb29nZydFUcFgcGBgwOFwnD59Oj8//7HHHsMHjJtMJplmHDp0qKqqinipurr6hRdeuHHjRlQaAwAAAPPGrL+gmfVgIv7h+fKHtA+JzsDnSL+OFreBf1C5+Dbi+eEAAADAgjP7fszatWvFmTdv3mxpaXE6neFweGZmZmZmRnDD2NiYz+fDbyHPzMygk3QZhlm5cmVMUfCrr746c+aMzWaTOiF4+fLl+/btM5vNNTU1WVlZ09PTMckHAAAAEsTsMYZ4iHd8Z8uHw+FY2yc4qFwK8fnhAAAAwIIze4yx2+2CnNHRUY/H884776Ak/4/BMatXr1apVH6//+mnn8aZw8PDMTVubGzMYDAcPXp0y5YtMrft3r377Nmzu3btcrlc8qEIAAAAmE/iXCtTq9Uff/xxZWXl3bt3LRYLzgyFQrdv3964cePSpUtNJlNdXd3JkyfVavXZs2dDoRBx016j0YRCoV9++eXJJ59UKBSRSATl37t3z2g0FhcXl5WVTU1NoUz005lIJIKnRxRFBYNBh8Oxfv362FQHAAAAEk182zhSB1zzD8cWH9Ius6WPz72naRrt20sdVM5x3IULF+7nn18BAACA+WEuz5KZE9566y2Hw/HNN99I3TA1NZWZmXngwIGdO3fOZ8MAAACAWFl0MWZ6etputz/zzDMy93z33XfPPffcvDUJAAAAiI9FF2MAAACAh4aFPxMTAAAAeFiBGAMAAAAkCogxAAAAQKKAGAMAAAAkCogxAAAAQKKAGAMAAAAkCogxAAAAQKKAGAMAAAAkCogxAAAAQKKAGAMAAAAkCogxAAAAQKKAGAMAAAAkCogxAAAAQKKAGAMAAAAkCogxAAAAQKKAGAMAAAAkCogxAAAAQKL4Dz8wAMI4UgRCAAAAAElFTkSuQmCC)
Screenshot: ![margueritescafe.com vulnerability](/twimages/screen-1211333.jpg)
Mirror: Click here to view the mirror
Coordinated Disclosure Timeline
Vulnerability Reported: |
30 June, 2020 11:01 GMT |
Vulnerability Verified: |
30 June, 2020 11:17 GMT |
Website Operator Notified: |
30 June, 2020 11:17 GMT |
a. Using the ISO 29147 guidelines |
![](/images/done.png) |
— |
— |
b. Using publicly available security contacts |
![](/images/done.png) |
c. Using Open Bug Bounty notification framework |
![](/images/done.png) |
d. Using security contacts provided by the researcher |
![](/images/done.png) |
Public Report Published |
|
[without any technical details]: |
30 June, 2020 11:17 GMT |
Vulnerability Fixed: |
25 July, 2020 13:45 GMT |
— |
— |