Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:
      a. verified the vulnerability and confirmed its existence;
      b. notified the website operator about its existence.
Affected Website: |
skip.justpickone.org |
Open Bug Bounty Program: |
Create your bounty program now. It’s open and free. |
Vulnerable Application: |
Custom Code |
Vulnerability Type: |
XSS (Cross Site Scripting) / CWE-79 |
CVSSv3 Score: |
6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N] |
Disclosure Standard: |
Coordinated Disclosure based on ISO 29147 guidelines |
Discovered and Reported by: |
Tanzil |
Remediation Guide: |
OWASP XSS Prevention Cheat Sheet |
Export Vulnerability Data: |
Bugzilla Vulnerability Data |
JIRA Vulnerability Data [ Configuration ] |
|
Mantis Vulnerability Data |
|
Splunk Vulnerability Data |
|
XML Vulnerability Data [ XSD ] |
|
Vulnerable URL:
![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAAA3CAIAAABVZQ1/AAAACXBIWXMAAA7EAAAOxAGVKw4bAAAW2UlEQVR4nO2dfUwURxvA1/OAExaE8zwVMHzUorGGEmsJWqRUGzWUkCsibZUqoYRSikiIMfgRStEi9VWDSIkx2lBi1BpCKDGEUmLNVakfiCellFKk5wURERHwpCec7PvHpJPpzu7s3sEB6vz+YnefeT5vbri53eemcRzHUCgUCoXiABST7QCFQqFQXljoGkOhUCgUR0HXGAqFQqE4CrrGUCgUCsVR0DWGQqFQKI6CrjEUCoVCcRRTYo0JCAi4deuW2CFlijAF6zIFXbIbu2OxaeBYMjYB2ZZj4kUq+svA5K8xv/322+jo6Ouvvy54SJkiTMG6TEGX7MbuWGwaOJaMTUC25Zh4kYr+kiCxxty5c8fd3V3w0sDAwP79+8UO5VNVVRUTEyN2KMcZgpNi2DEEICdMsnK7TU8uhLoQQIMd98CBS/ZV38vLaxw9QTXbFyM5vVAt7jk6kGcdd4ZnxSZv4dhpQqCq0Dlinwk5Mo8fP962bZufn9+MGTMWLlz49ddfP3v2TKYhykRi/+eY/v7+/Px8sUP5yF9jxPDz8+vt7XX0EICcMO1WPpWxb41xKMClFyPbdqcXDLx///6WLVtAHm7fvr1p0ybBN1xoRaa84FiLxWKxWFpbWz09PS3/glZhvN4KyDJJSUkmk6m2ttZkMpWUlNTU1DQ2NtphlOJwOCJGo5FlWTmXCJIEurq6PD09h4eHBQ/lOzNhjN2HqRCFrZDrQgANdnwDt9sl4Imnp+d4ecLTPPZZgNPZ2bl06VLwR2hoqODAb7/9dsGCBUqlMiQkpKamBh0laAWXt8lDQg7tK7qcgkKZoaEhpVLZ398vRzNlcpH1OebIkSMBAQGzZs36+OOPBwYGGIYZGBjw9/c3m83Tpk377rvv0MPDhw+7u7v/73//mzNnjpeX15YtW/755x8xzVVVVWvWrHFycsIPr1+/vnLlSnd3dx8fn/Xr1//xxx/owN9//33WrFm//PILI7QhI2kdiOF7C3AjQtA6L2oxW6jaZ8+e7dy5c86cOW5ubhs2bHj48KFYFAzDPHny5NNPP509e/b8+fO//PJL8K8l0Hbo0KGAgAAvL69NmzaBEjAM8/Tp008++cTd3d3Pz++LL74Q/FeUoHP//v2zZ8+eN2/eyZMnGYa5d+/ee++95+7uHhAQcOjQIXRPBq2LmNj169eXL18+Y8aM2bNnb9iw4e7du2JFJziPO/bNN9+sXbsWjtq9e/eWLVtQl/DqC+bq7t27a9eudXd3X7hw4enTp8lu/P33325ubjdv3mQY5uHDh15eXj///DPqPPllhs8XsjxvFkB+/PFH8IePj8+NGzfAH1evXhUcODo6Cs8rFAp0lKAVXF7MOsFDXkIYbI7wxAivWMkkoDLAeaVSKegMedJRJhjpNcZsNhsMhvr6+mvXrnV1dWVnZzMMM3PmzNbWVpZlLRZLQkICevj++++bzeZr1641NDQ0NDQ0NjYeOHBATDlhoyw6OjoxMdFkMl26dCk8PFylUkGxgYGB2NjYgoKClStXCjos0zoBQeu8qOXYOnDgQF1dXV1dXVtbm7e3d0tLCyGKjIyMrq6uxsbGmpqaqqqqkpISGFFTUxMogclk2rVrFzifl5c3NDTU1NRUU1Oj1+uPHTuGB0LQ2dra2tzcXFpaGh4ezjBMenq6s7Nze3t7XV1dWVkZqgSti5hYY2NjSkpKd3d3c3Ozr69veno6OcNizvMc0+l0er3+8ePH0JPY2FhGfF9FLFfp6ekeHh4tLS3V1dXoGiPoRkBAwK5duzIzMxmGycnJiYqKeuedd3BDgqUXnC8EecFYrl+/vnr16sTERHIO0b2vixcvnj17VqVSlZeXl5aW4v9woFbI8rh1+Vt5+BxBIbxi5SQByri5uUVFRX344YeXL19+8uQJzwph0lEmAfLHHKPRyDDM4OAgOKyvrw8MDISXBPfKwBCTyQTOV1RULFu2DPxtMpn8/f3hELPZzLJsX18fftjX16dUKi0WC88ZYCIqKiotLQ0/T7aOq8JDAB//Ba3Lt4XKaLXaxsZGOVFYrVaWZTs6OsBhVVVVWFgYh5Xg0qVLsAQajcZsNoO/DQYDuosiRyfMPJBUqVRQsqKiAu6EoHUhiKG0t7fPnTsXTxeabUHnccc4jgsLCysvL4caLBYL6hJeETxXwG20UtBtsRwODw8vWrQoNzdXo9F0d3fzAiSUXnC+EF6WvFnQ1tYWHx+vVqvz8/OhY4LwBuIZJgsLygtaFxuLll6s0HKKLjMJPJnBwcHs7OygoCClUrlgwYLc3Fyr1Qou4ZOOMokIf9hEYVkW7kV4e3v39fVJDlGpVPPnzwd/L1q0yGQyweH19fVQrLa2NjQ0FG62oIdeXl5xcXFhYWGrVq3y9vZetmzZ22+/DcR2795dU1Nz4sQJW63Lh2DdJlsDAwN9fX3BwcH4QDyKnp6e4eHhgIAAqA28MTH/LYGvry8owaNHj3p7e/39/cH50dFRfOuArBPdDevp6RkdHUUl4SW0LgSxmzdv7tixo6WlZXh4eHR0FN2KwSE4z3OMYRidTnf+/Pn169efP38+KirKxcWluroafeWgCOaqp6eHYRi0UpJuODk5FRcXv/vuu0VFRXPmzMENiZVebL6IyfNmweLFi6Ojozs6OmbOnElIID6QYRg/Pz/4gU9SWFBe0LrgWDsgZFtOEngyYE91//79T58+bWxszMrKslqte/fuJUw6yqQwoc/HTJ8+fd68efCQfEfZmTNnTpw4ERwcPDw8nJWVtXXrVoZhhoaGKioqzp49m52dDbfaHYGgdfuYPn0678y4RGGxWBQKRUNDg8FgMBgMTU1NBoPBbicJyNwn0el0ERERer3eYDBUV1eThW1yPjY2Fig8f/48eaPMVshudHd3KxSK7u7usRsiwIslLy9Pr9enpaXdvn3bpoHjIixofQKyLScJYm64uLgsX768qKjo3Llz8CQ+6SiTBvljjthukuAlwb2yyspKwd0qq9Wq0WjgrgvvkIfBYPD19TUajUqlsqWlheO46Ojo9PR03BOZ1sGQwcFBhUKBbq0I7vwA6/Jt8fbKDAYDz7RgFIR9LbESsCxL3hOQqZP7dzfJaDSCQ7ibhJdJUKynp0epVKIZA+cJ2yaCzovt9ixZsqSurs7T03NwcJDnEsEEzBVvr6yyslIyh/39/XPnzj179qxarQbF4vkpWXrUATF5wZd9b29vZmYmy7Kpqam4YwDyfBmLMM+62Fj79soEsy0nCbgMbyNRr9fDPWR80lEmEfvXGLPZrFQq29raeIdgOsXFxXV2djY3N4eEhOTm5kIN8EsOvV6/ZMkSeJ532NLSsm7dugsXLvT29ppMpuTk5OjoaNSZ1tZWlUrV1NTECb3vC1pHv1+BQ0JDQ5OTk7u7u9va2sLDw0F0gtbxqMVsof7k5+eHhoY2NTV1dnamp6fr9XqxKDiOS05OjomJMZlMzc3NS5cuLSoqIpcgNTU1LCysubm5q6vrwIEDeXl5eKRydALi4uJ0Op3RaGxubg4ODgZWeHURE+M4TqvVlpSU9Pf3t7W16XQ6cH5wcFCpVLa2tlqtVvRvMefF1picnJzg4GBQBZ5LctYYjuN0Oh1aKckcpqWlxcfHcxy3b9++yMhIXmLllJ7D1hhcHk8vOjYhIUHwEnngGIV51sXGEtYYdI7IKbqcJPBkWltbtVrt8ePHu7q6+vv7wdX8/HxwFZ90NsVOGV/sX2M4jsvNzXV1dS0tLUUPDx06xLJsQUGBVqv19PTcvHnz0NAQrm379u27du2CqniHw8PDubm5QUFBzs7OWq02ISGhu7ub50xGRkZERAQn9C6DWxf71NXe3r5q1SqWZRcvXlxUVASiE7SORy3HltVq3bFjh0ajUalUOp2ut7dXLAqO48xmc0pKikaj8fX1hd9hEkpgsVgyMzN9fX1dXV2joqLAf3k8eTk6Ad3d3dHR0SzL+vv7FxQUACu8uoiJcRyn1+uXLVumUqnmzp2blZUFz2dnZ8MXCfq3HOchYFMFDOS5JHON6ezsXLNmDcuyQUFBBw8eJOewoaGBZVnwscNisfj7+5eVldn3MkM/z+HyeHplYtNAu60QxhLWGO6/7wySRZfjHi5TXV0dGRnp4eHh6uoaHBx8/PhxeAmfdPZEThknJNYYO5D51FVQUNCVK1fEDh1tfVyeBxwXJVMT8H8iJ1UXKOZozGazSqUC9xSN10tlLNhaejF5u2OxaeBYMjYB2ZZjYioUnWIf0veVOYg///yTcEiZXAwGQ2BgICNVFyjmaGpra8PDw8E9RS/SS8XuWGwaOJaMTUC25Zh4kYr+sjGh95VNkabcIyMj9fX1vr6+glcnpsX6FOTzzz+PjIx88ODB1atXd+3alZqaKii2d+/ekydPSoqJMTIy8tFHH92/fx8c3rp167PPPsPF0GQODAwUFxfHx8fbZIgyFgICAm7cuIFWSs6Q5/r1T3EQE7fGTJ2m3CkpKenp6YJt+yamxfrUpLa29q+//vL19U1ISMjIyAAtW3AiIyNLSkokxcRwcnJydnbevn07OExMTIQPTEB4yYTfYdgWD8VeQP7feOMNtFJyhjzXr3+Ko7B1c03OTjRovMo7uW/fPnif7pQFdVIwUrHw5URXVFQUGBjo7OwcEhJSXV0t6Qxuy1YNPG2ERpC9vb0KhUKwtQHBH5nwXg+NjY2gC4CYUTSZYiHDh0kZhlEoFP7+/nl5efBJb/QqpLCwEFxSKBS8e414N4BBfH19s7OzYaNGPAO8rBYVFfn7+7u6uoaGhtbV1fEkCZoJlSUbJYfDcZzgrGdZFr0h+9SpU0FBQTB7MP+wUpI8F7ObMinY850/+Z2IE3kzCg0Nra2ttcPcRAKc7O7u3rx5M7i5qL29fePGjVarVfAkbyBBM3j3qaur6+npOX36tFqtlrylkpdGOzTwtBHWGDnrh91rDOFRKkGFMJmEkI3/9pWxWCxDQ0OgMQm88xi9CoH31DEMExgYiD5gwbsBDKptbm5esWLFnj17xDKAZhWsE+CW9/Lyco1Gc+nSJV7UgprJlZVcYwjhcBwn2Io/MzNz8+bNUD44OBjeHYrmX37Fn4vZTZkUxv++Mk7opTmWTuwTBrlTuthJTl503t7eFy5cgIeFhYXwmRsxeGm0QwNP23OxxqDJJISMj7106dLixYslXTUaja6urkuXLkWfcOStMah8fX39okWLxNSiWeV5e+zYMbRABM3kykquMYRwxM50dXWxLGs0GjmOq66uDgwMhP8wofmXWfHnYnZTJgtZv4OJ9lpHf5JPsF25YHNvyd7gOGhPb0kBvBX/Bx988NVXX0GB5cuXA2dkdrAX7Hwu1g5dMrqBgYGuri7Q3hgQEREB2sES2tHL1MCI99UXa2gvB8le/TKb85ObvePAZJJDxlGpVFarVU5oCoWirKystLT0p59+khR2dnYeHh6WFMO9TUpKKi4ultRsa5g4NoUDmDdvXmJiIuj9XFBQkJ2dDZuvyOmxz8OO2U15eZDV25/XBB69hLcrF2zubUfLo8TExNWrV6M/gAHBm37jrfjj4+MrKyvB1Xv37hkMBp1Ox8jrYC/Y+ZzQDl0yOvB4BzoJPTw8BgcH4VXBdvTyNYj11RdraD8bA7co2atfZnN+crN3HJhMcsg8Hjx4sGfPHlBiObz22mu5ublJSUnkfnGPHj3KyclJTk6WVIh76+Tk5OfnJ6nZpjDFkBkOSnZ29unTp3/44Qej0SinjT9hPk7B30ilTCHIH3OMWK91dKODEWlXjj9qzmK9wSUxm835+flqtTo+Ph52rBFs+i3Yin9oaMjDwwO4V1JSEhMTw8nuYC8YhdhJ3kDe7xeIjero6EC/ZBZs3U94gh3VwAP21Sc0tO/EIO+KAJ08GfnN+eXvlYk17cdDBoY0Go1Go1Gr1SqVKjU1ldfrRYOA38phtVrDwsLA1xK87/yhWoVCsW7dOrFAOJFNtu3btwMNsJQEzZKVldwrI4QjOASSmpqqUqlKSkoE888zLTgf8SEUCg9Zvf3F2nrL7KLPa8qN/tf84MEDwTMMw7i5ue3cuTM1NTUpKWnx4sUjIyOMSNNvwVb8M2bMiIqKqqys3Lp1a0VFBfhPTWYHe4Bgp3T8JG8g7/cLAEqlkreNw+tmj7ejt0mDYF99sYb2DMP4+Pjw9N+5c4d3htyr36bm/PJBk0kOmWEYV1dX0GNGoVBotVpeq114FR7ybE2fPr2srCwkJCQ2NjYkJERwYEdHR2Zm5pEjR7Zt20b2HPV2z549mZmZnZ2d69atE3MJao6LiyOHKROxcAikpaWVlpYmJSXBM4Q2/oLzkTyEQmEYZiKe8+d9lMa7uIv1db99+3ZOTo5er8/LywNn8vLyDh48mJaWlpeX98orr0DJM2fO3LhxA/Tay8rKWrFixdGjR+Pj44uLixMSEq5du1ZRUWGTk3ZHx/v9AgDYKRoZGYFbIoODgx4eHvKtkDXodLrk5ORjx46pVCr8rQ0H3xxraGjgnSHrhH3a4buh4O/12gqaTMmkKRQKfLGUeRXw6quv5ufnp6SkoD9GgA708fEpKipKSkoCa4yrq6vFYnn27Blcz8xmM1i9UG9nzpw5c+bMnp4e3sImqDkxMZEcJsGonHAIeHh4KJVKFxcXeIY8C/D5KDmEQrGtJyYnvleGdtHnNYWU31ccJTU1lWXZrKwsXks7yc7nsBW/xWJRq9WFhYWxsbHQGTkd7OUjfyDv3qGioiJw7xChjSP5vjKoQayvPqGhveRemaBOngwruzm/zL0yPJliIYsZIrshdikyMjIsLEzsvrIrV66gW15arRa9I7mkpARupnl7e1+8eBFeOnjwIHmfDWomhClplBwOah3fK5PMPyogOB/tnjiUl4exrjGCXfTR5t529BUHJCQkwMVA0DHY+ZzQin/jxo0eHh7nzp2DA2V2sJcJPtBsNqOPGkDgMxC9vb3gV0nAMxCENYbXF11MAyfSV58Tb2iPYzKZVCoVegbXaXdzft7PQLS3twNPeEbxZBJClrPGiD0fg3//wbIs/nyMxWJpaWmJiIhAfxK7uLg4KChIr9eDh2DUajV894fPx/T09Jw6dUqtVtfX14u5hGomhClplBwOal1yjcHzDyvFicxHuycO5eVhTGuMYLtyAGzuPZa+4jIhtOKvrKxkWRZ1TGYHe5ngAwnvfYLPchPWGO6/fdHFNHDiffXFGtrjWCwWlUqFfpcrqNPu5vxos/fy8vLg4GDcqGAVCM/5k9cY/CM7fM4fH3js2DHB5/y1Wm1KSgq8IwNw+PBhf39/Z2fnJUuWVFRU8LwFl5YuXYp+NJHULNnBQcwoORxUTHKNwfMPKyXGBMxuyvOO/c9gynw+ayo35ZbZwZ4APtDuBxUnnYyMjFWrVjnaCvg5lhMnTuBGp/JL5WWAl39epeQMoVBwpnEiHY0kuXPnzpIlS/A7r54jvv/++8LCwl9//XUcdd65c+fgwYNHjx4dR50Tw8jIiMFgePPNNx1t6PLly2+99dYEG6XYAVopCsU+Xro1Zu/evd7e3jExMR0dHRs3bszJybG1czCZp0+fKpVK3n20FAqF8nIyob8fMxUYY2t6SVxcXOgCQ6FQKAD7P8dQKBQKhULmpfscQ6FQKJQJg64xFAqFQnEUdI2hUCgUiqOgawyFQqFQHAVdYygUCoXiKOgaQ6FQKBRHQdcYCoVCoTgKusZQKBQKxVHQNYZCoVAojoKuMRQKhUJxFHSNoVAoFIqjoGsMhUKhUBwFXWMoFAqF4ijoGkOhUCgUR0HXGAqFQqE4iv8D8wq5pAdD0RQAAAAASUVORK5CYII=)
Screenshot: ![skip.justpickone.org vulnerability](/twimages/screen-1212174.jpg)
Mirror: Click here to view the mirror
Coordinated Disclosure Timeline
Vulnerability Reported: |
1 July, 2020 04:36 GMT |
Vulnerability Verified: |
1 July, 2020 04:46 GMT |
Website Operator Notified: |
1 July, 2020 04:46 GMT |
a. Using the ISO 29147 guidelines |
![](/images/done.png) |
— |
— |
b. Using publicly available security contacts |
![](/images/done.png) |
c. Using Open Bug Bounty notification framework |
![](/images/done.png) |
d. Using security contacts provided by the researcher |
![](/images/done.png) |
Public Report Published |
|
[without any technical details]: |
1 July, 2020 04:46 GMT |
Vulnerability Fixed: |
30 July, 2020 17:45 GMT |
— |
— |