Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:
      a. verified the vulnerability and confirmed its existence;
      b. notified the website operator about its existence.
Affected Website: |
seongbuk.name |
Open Bug Bounty Program: |
Create your bounty program now. It’s open and free. |
Vulnerable Application: |
Custom Code |
Vulnerability Type: |
XSS (Cross Site Scripting) / CWE-79 |
CVSSv3 Score: |
6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N] |
Disclosure Standard: |
Coordinated Disclosure based on ISO 29147 guidelines |
Discovered and Reported by: |
YassDennis |
Remediation Guide: |
OWASP XSS Prevention Cheat Sheet |
Export Vulnerability Data: |
Bugzilla Vulnerability Data |
JIRA Vulnerability Data [ Configuration ] |
|
Mantis Vulnerability Data |
|
Splunk Vulnerability Data |
|
XML Vulnerability Data [ XSD ] |
|
Vulnerable URL:
![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAABLCAIAAAAphcDFAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAaXElEQVR4nO2df0xb1/n/b4gLxtj8MGACOAnQlURZRimliGSkitKoYa7F3DShjLKEJIgwikiEyMZYl1IWkYwQlqUViiI6uRvKoqqiCFURq1iUMcQQUMuhHjUeY+A6DiMOhc4QA07u54/z7dX9+p5zfU1sg8nz+sv33PPjOc8514/v8b3vs4GmaQoAAAAAfEDQahsAAAAArFsgxgAAAAC+AmIMAAAA4CsgxgAAAAC+AmIMAAAA4CsgxgAAAAC+Yk3EmOTk5Dt37pAOgTWOf8YrsGZFYFkLAL5j9WPMl19++fjx4+effx57CKxx/DNegTUrAstaAPApbmLM5OSkTCbDnpqbmzt//jzpUDidnZ15eXmkw3UJj1e9WMQ/MOO14gngUSse4R+nTU5ORkVFsVN8NIe5DXmRb7755tixY7GxsYmJib/4xS+Wl5dXy3v+Z3Fx8Sc/+Qm7s6Ojoz/60Y8iIiLi4uJOnDgxNzfHnPrb3/72wgsvhIWF7dq168svv1xdOwOCld/HzM7ONjQ0kA6F8xTGmPUEM14rngAetRIQBJa1iOLi4qWlJb1ef+vWrb6+vrNnz662RX5icXExNzfX6XSyE1UqlVKpNBqNOp3O4XCUlZUxpwoKCurq6iwWS25u7vHjx1fXzoBgldfK7t27ZzKZ9u7diz0E1jj+Ga/AmhWBZS3i4cOHOp3u2rVriYmJ27Zta25u/uSTT1bbKD8xNTW1f//+pqYmJmVxcbGysrK5uTk+Pj4xMbGmpqa3t5c563Q6MzMzo6KiMjMzl5aWVtHOQEFQjPn973+fnJwcHR3905/+FN02zs3NJSUl2e32DRs2fPTRR+zD5uZmmUx28eLFuLi4qKioo0ePPnz4kFRzZ2fnq6+++swzz7gcvv766xcvXkSJd+7cCQkJYW5XT548+dxzz/GcPXPmDH/xM2fOsG0YHBzcs2ePTCZLTEx84403vvrqK5S+uLh44sQJmUy2devWd99999GjRxRFzc/Pnzx5MjY2dvPmze+99x5KRKsKly5dSk5OjoqKeuutt5jm7t2799prr8lksuTk5EuXLrGXBX7729+6uMhldYK0jPDPf/4zOjr673//u0s6jxmDg4O7du0KDQ2NjY09fPjw3bt3XfKHhYW9+eabDx48OHPmTGxsbHR09LFjx+bn53lcwR4vl/ngXUexJwlpsHjg+plkHo+Xzp8/HxsbGx8f/+GHH1IUdffu3QMHDshksm3btl2/fp3dHGMttiDJk9im+RtiwJbFOgqZxL02Q0NDv/7667CwMFTh2NhYQkLCqniP1EFuX0ieRJWHhYU9++yzv/vd79wuxG3duvVXv/oVOyUkJOTUqVPoSlxeXm5ra9u3bx9ztry8XKVSvf3227W1tVzjfWcq185AwX2Msdvter2+r69vYGDAarXW1NRQFBUREWE0GqVSqcPhKCoqYh++/vrrdrt9YGBgaGhoaGhIp9M1NjaSKictlKnV6u7ubpT42WefPX78uKurCx12d3drNBqesyqVir+4SqVi26BWq4uLi81mc29vb05OjlgsRun19fULCwvDw8NdXV09PT1Xr16lKKqystJqtep0uq6urs7OzpaWFsZLw8PDyEtms7m2thalV1RUBAcHj42NdXd3//GPf2R7deg7+F3kwtzc3MGDBy9cuLBnzx7uWZIZOp2utLR0amrKYDAolcqKigomv16v7+3t1ev1Vqt1+/btNptteHi4v79/YmKCKY51BXu8XOaDFx1F/f+ThDRYJEh+xprH4yWj0WgwGLRabU5ODrI2PDx8ZGTk5s2b3BjDWMstSPIkqWmehhiwZUmOcnttjo6OVldXo9/L/vceFmxfSJ5ElRuNxs8//1yr1TKVxHJw2+6nn34qkUgGBgauXbvGJEql0vHxca1W29XV9f3vf3+NmLqmoXmZmJigKOrbb79Fh319fSkpKcwpqVTKzokOURGz2YzS29vbMzMz0Wez2ZyUlMQUsdvtUql0ZmaGe2i1WiUSicPhoGk6KyurqqqqsLAQVR4eHm42m3nOLi0t8RdfWlpibJiZmRGJRCinCzExMXa7HX3W6/VZWVlOpxPNMJTY2dmZnZ3N9VJvby/yktPpFIvFTP729vbIyEgeF3FdivKzT6lUqvLyciGDxZjhwtjY2KZNm5j8s7OzTP6goKCFhQV02NfX973vfY/kCu7wsY33lqNcWuEZLB6HcP1MMo/HS0w3GWvZ1WKt5RYkeZLUNE9DJFBZkqN4rk2ExWJJSUm5ceMGT2bfeQ8LqS9YT/JUbuHg4hn2pYdYWFjo6enZuXPn1atXUUpra2taWtrU1NTevXtzc3NRTxUKhd9Mxdq5xnEfY9x+67kcTkxMiMViJn1kZIQZA6fTabVamVPt7e379u0jHaanp9+6dWtqakqpVM7OzioUCqfT2draevDgQbdnhWRgKCgoSE9Pr6qqampqun37NkqcmZmhKCrmO+RyuUKhsFqtwcHBTEGTycRcSFgvueQfGRlhYgzWRW69XVtbGxQU9Ic//IHGwVNcp9Pt378/ISEB9YUxg5SffYh1BXe82LV5y1HcVrCDRYLkZ5J5QryEirtUi7WWW5DkSVLTPA2xwZbFOorn2kRkZ2dfuXJltbxHgtsXkidXUDnTWdJ3982bNzMyMtBnhUKh0+lQQzExMQ0NDf39/enp6X4zNRBjjMgPt0oMGzdujI+PZw75nyhTqVTd3d3j4+NqtToiIiI9Pb2np4dZ6eI/KyQDw5///OcvvvjCYDBYrdaqqqrdu3e///77DocjKChoaGhIJPp/LgoKWuXnIxYWFtrb22/cuFFRUXHw4MGIiAjhZTUaTUlJydWrV8ViMXokRnhZkiv88/SUSyvYwfJWW0/iJay1LvBMqidpGlt2BY66d+/e8PDwP/7xD+FNuzXDK3D7gn5seXR5clec7t+/j825vLys1+tfeukldJiSkmK1WlH+mZmZF154gaKo+Ph4rVar0WiGhobQAuCqmBoY8Iegld3HUKxb7I6ODpf7cYTT6YyJiWHuuF0OaZru6+vLysrKy8u7efMmTdMtLS2VlZWbNm1Cd0L8Z4VkwKLX65VKJfoslUrRbxa2zaQlIKyX0O3wxMQESietlTEu+vbbb4OCgthLSWxvi0SikZERmqbVanVFRQXXeJIZ09PTIpGI3UeP7mNIrnAZL4FrZR45itsKG/ZgYSH5GWueQC/RnFWOjo4OrLXYn5xcT9LkASI1JKQsG8ZR/Nem0+l0GVB/ek8gTF+wnuSpXPhamcPhEIlEzPpeZ2cne3XLZDIxpUpLSymKMhgMfjM1EO9jVh5j7Ha7SCRiPM4coql56NAhi8ViMBjS09Pr6uqYGpjFSrTQyaS7HCIUCoVCoUBFLBZLeHg4+7aU/6zbDCh9ZGQkNzf31q1bNpvNbDaXlJSo1WqUoaysLDs7G/0kaWxsrK+vp2m6pKQkLy/PbDYbDIaMjAy0sMDjpUOHDmk0momJCYPBkJaWxo4xWBdlZWWVlJRMTU2ZTKacnBxsRDcajWKxeHh42MWlPGYoFIqWlpbZ2VmTyaTRaDyNMVxXcMfLZT54xVEurfAMFhYeP2PNE+IlhEajYVeLtRZbEDupSE2TGqJZg44tS3IU/7XpUq2fvUeC1BeSJz2qnN1Ztp1qtbqgoMBisej1+h07drS0tKD08vLy3bt3GwwGm82m1WpjYmI2bdr0zjvv+M3UpyvG0DRdV1cnkUi0Wi378NKlS1Kp9MKFCwqFIjIy8siRI8zfyOzaqqura2trmapcDhGFhYWHDh1iDjMzM9l5+M/yZ2AsWVpaqqurS01NDQ4OVigURUVFU1NTKI/D4Th9+rRSqZRIJCqVCv1ws9vtpaWlMTExSqWyrq7O6XTye2lqakqtVkul0qSkpAsXLrAvvMbGRq6LxsbG9u3bJ5VKd+zYceXKFdJdY2Vl5csvv+ySzmNGT09PZmamWCzetGlTVVWVpzGG6wrseLHng1cc5dIKz2Bh4fEz1jwhXkJYLJZXX31VKpWmpqY2NTVhrcUWxE4qUtOkhlxq5pYlOQoVxF6bNG4C+NN7JEh9IXkSVS6RSFJSUtxWThqs6enpgoKCyMhIpVJ57tw59vDV1NQkJSWJxeKMjIy2trbx8XGJRNLT0+MfU9dhjFkBAr2Qmpra399POlyXGI1Gl79YAxefjhfjqMCaFWvf2kD8hnoSXKLmWiaATPUUv/7nz2Z0dJTncF2i1+tTUlJW2wrv4NPxYhwVWLMisKwFAP+wajHmKeE3v/lNQkJCXl7e+Ph4bW3t0yMD5SlP4ijSS2rj4+MBJyD41AKDuF6BGONb9u7de/r06fLy8i1btlRWVh49enS1LVqjPImj9Ho9Nh2+mwIIGMR1i/BltdzcXPS+K3rghA3z9v74+HheXl5kZKRCoSgpKWHeIb99+3Z6erpEIsnOzmYeiEL4bY3Yuyuea3Bp2+FwFBQUuFjF43ksa6Rfa8QMBpvNVlRUFBMTk5CQUFNTw0hFeOpeX8N+hWAFs32tuR1YBwh9r3B0dFSn0x05cgQdImUqxLlz59LS0lC6Wq3evn270Wjs7++32Wzl5eUofbUEsZ8eSNLfnnp+69atNpvNNzYGMEeOHHn8+DGSvr99+3Z9fT1KX2cTG0Yf8DpCY8yVK1dKS0tDQ0MpihKLxTk5OSHfcf369eLiYoqi7t+/bzKZkFBrcnJyXV1dT08PKr5agthPDyTp7xV4PiQkxAcGBjDz8/NdXV0tLS1I+r6pqenjjz9Gp9baxBaJRKmpqewPngKjD3gZITc7s7Ozcrkc+y7CwMBATEwMs3SwY8eODz74gKbphYWFsrKygoIClH727Nm0tLTy8vK0tDSX12J5ntnHPoaPGs3OzhaLxTExMeglJlRJQ0MDeiuqtbUV5WQ/id/Q0OB29WBgYCAnJ0cqlSYkJBw8eHBkZIT0Sgf/qwYCK0fpDofj+PHjUql0y5YtZ8+eRd1kPzvf3Ny8YtklHs/n5+ezn/3Pzs7WarUuLzxzDdNoNI2NjSiDXq8PDg5mVkRLS0urq6s98kBAuJfntR63Exv7fgl3AqN0q9WqUqnQS0LsFyawXRBOV1eXwAzspTapVNrU1JSUlCSRSPLz8202W3V1NVLcKi4uZkQeSTazIY27ywXrdDpramoUCoVEIjl06JDNZuOxmeRDYK0h6D6mtbVVrVbHxcVxT2m12sLCQmYDmM8++6y2tjY0NDQ8PPz27dutra0onV8Q2yMJcYqgIs6VEKe8pCJOwlN9fo82EfCW7jeP5/Pz8zs6OtDne/fu6fV6jUbDzoA1zKN9EwR6AEugu5ciC+nzKPljNzggicMLtLa4uPiVV1754osvuKcGBwdfeeUVtA7BNV7Ivg88mzIwYIeGe8E2NjZ2d3d3d3ebTKaEhISRkRGebpJ8CKw5hASilJQUvV7P/RfR4XBERkaypXgqKyszMjIGBgY+//xzpVKJfp7wC2JPPIGEOP2divgETkfdKyriPD+0sWZ7VDkCu4mAVyTK+T2/sLCANkqgabqlpSUvL8+lBqwmufB9E4R4ICDcSzJyZRPbBRclf+wGB6QdAfgnA4Pdbm9oaJDL5fn5+YzYj8lkys/Pl8vlDQ0NTOUuqoNu933gsZmBNO7cC5ZRNXbBbTcZHwJrEPcxhpEr58aYGzdupKWlMYdLS0sSiYR5uub69evoouIXxJ7wUEKcxqmIY5+H8YqKOM+XIL9MupDKafImAl6RKBciRY7Epvbv39/W1saugUeIXvi+CW49EBDuJRm5solNk5X8sRsc8AyER8zMzGg0Gka5UiQSaTQaJoq49FSgzhDPpgxs3I47TdOzs7MikUj4MiDWh8AaxP37MVeuXKmqqsKe0mq17GdpZmZmlpaWfvCDH6DD9PR0i8UiRBDbU/ypIl5dXe27ylewiYBw3W8hns/Pz//ggw+KiooGBgba29vZxXkME75vglsPrG/3kvBoAvN0Qbi1//73v8+ePdvT08M8EVdfX9/U1FReXl5fX//ss8+6tflJED7uGzdu5CZiu+m7LwHAy7iNQhRFyeVy9GMhKCgI/ZiiadpisYjF4unpaXZmsVg8NjaGPre3t2dnZ7sVxPZIQpwmiJlj72O8oiJO0tvnl0kXWDn6jFXOf3KJciFS5A6HQy6XX758mbkFYdeA1SSnV7pvAtYDAeFeu90eFBTEXjhKTU1d8cTmV/Kf4GxwgO0Cj7VcysrKpFJpVVWVy7/oNpvt9OnTUqm0rKyMsdmj+xgem0mgocFesAqFQq/XC+mmkB0NgDWC+xjDjGt/f394eDgzlS9cuKDRaFwyV1RU7Nu3b3x8XKfTpaamIglefkFsTyXEaZyKOOndMa+oiGP19t3KpAusnCZIf3tFopzf84jCwsLw8PCPP/6YWwNJk5wWsLHCOnNvbm5uUVGR1WpFRiIfrnhik5T8sRsc8A+EEIqKipgwwGViYqKoqIj57FGM4bGZATs02Au2oaEhKytreHjYYrFUVFQgMWMSJB8Caw0P3vN3mWfbt2/v6OhwyeNwOCoqKhQKxZYtW5qamphEHkFsTyXEaZyKOCnGWLyhIo7V2+cx26PKaYL0t8UbEuX8nkd0dHRIpVLs/gskTXJawMYKwj0QEO6dnp4uLCyUy+Xs9/yFTGzs49ckJX/sBgf8A+FdVhBjSDYzYIeGtPDw85//PCYmRiwWazQa/meXST4E1hobaJr27+Ic4DGTk5Pp6enffPPNahuyPvGReycnJ3fu3Pm///1vZcVHR0dffvnl//73v961yqcEos2Ar1nlPeoBAMASiDtBBKLNgK95GnWXfaoizlTudDodDodUKiVVvry8fOTIkcuXL2Nfbg1c/ONeX1S+6gTiThCBaDPgT57GGONTFXGm8gMHDvz4xz9mVEG5lT/zzDPBwcHV1dV/+tOfnrzdtYN/3OuLyledQNwJIhBtBvzKav8htH6YnZ1taGhAn202W1BQEPNus9FozM3NDQ8PVygUx48fZ56C1el0nr6f7FMxeXYXSI9RrONNYQEA8Drwf4zXQF/Q6LPdbpdIJIyErUqlUiqVRqNRp9M5HI6ysjKULpfL7Xa7R634VEye3QWQeQcA4MmBGONzFhcXKysrm5ub4+PjExMTa2pqent7V1ybP8XkQeYdAIAnxH2MmZ+fP3nyZGxs7ObNm997771Hjx5NTk7KZLJLly4lJydHRUW99dZbc3NzTP7FxcUTJ07IZLKtW7e+++67TP7z58/HxsbGx8d/+OGH3BRsQxRFYXNyQdkuXrwYFxcXFRV19OjRhw8f8hTn71RYWNibb7754MGDM2fOxMbGRkdHHzt2bH5+nqehubm5pKQku92+YcOGjz76iG1bSEjIqVOn0B8Gy8vLbW1t+/btc+v2v/zlL9j08vJylUr19ttv19bWcpWkBwcH9+zZI5PJEhMT33jjja+++kq4Y126gDKgau/evXvgwAGZTLZt2zYh8tWDg4O7du0KDQ2NjY09fPjw3bt3SbZRFPXo0aNf/vKXcXFxYWFhhw8ffvDggdv6AQAIFNzHGKzAvt1uHx4e7uvrGxgYMJvNjNA3RdAh5+p4c1NISv7cnFitb5KOOlbzn9QpIWLm2IYiIiKMRiPaHrSoqAjryU8//VQikQwMDFy7ds2t20l67Pxi8lgRdYGO5ekCaYsEkrY8VnedpL1PUnQHAGA9wP93DVY0DIlksDWmUlJSmCJcHXKujjc3haROhtUA5+oXkXTUSZr/pE65FTPnEWxn/0mO/cN8YWGhp6dn586dV69e5WYzm81JSUlMZqweO7+YPFZE3SPHYruw4o0GEEh3nUd7n6ToDgDAOsBNjMEK7PPoTGB1yLlfuNwUkpI/6ekmF0g66iTNf486xT7kEWx3G2MQN2/ezMjI4GZzOp1cTUkXPXYhWv0uIuoeORbbhRVsNIDVXcdq73uq6A4AQGDh5fdjsDrkXv9rmvsi3tDQkHeb8CLLy8t6vf6ll15ChykpKVarlZtt48aN8fHx7BQXPXYhYvJcEXX2MqbXIWnLY3XXsdr7TN99ZyQAAKuImxijUCiCg4P/85//JCcnUxRlNBqTkpJ48sfHx0skEuarEDE5OenWDo8a4r6Ih16q//rrrzdv3kxRlMlk2rJli7c65YLwhhCPHz/evXv39PR0VFSUwCIURf3sZz9ra2srLS01mUzR0dEURcnlcpFI9K9//eu5556jKOq11147fvz4tWvXDAYDu+CLL7744osvUhSlUqnUavXly5efpLMURSkUCoqi2F1mTmHfiLx//77Vav31r3+NDtkPQLvY9v7770dERMjl8jt37jz//PMeWQUAQGDg9k6HK7DPv6zE1SEXslaGbYiUkwtJR51U3NNOuewBjBVst9vtIpEI/XdiNpvZ60tqtbqgoMBisej1+h07drS0tKD0sbExphW73Y62QkBg9dj5xeRJ+vbCHcvuAjuDp0r4XN11Hu19jxTdAQAILNzHGK7APv/XMVeHXGCMwSr5C48xWB11UnFPO8WOMSTBdpqm6+rqJBKJVqt1OBzsDaymp6cLCgoiIyOVSuW5c+eY/J988gmzWbWQnvKLyZP07T1yLNMFdgaPtkigcbrrPNr7Him6AwAQWKwTbf8n1FH3RUOnTp0yGAx//etfSRkWFxe3b9/+zjvvnDhxwqOaAQAAAoWnURPTPzQ1NZEEHBEhISFtbW0//OEPmZTi4mKfmwUAAOBH4D5mrTS0uLgoEongCSsAANYTcB+zVgBxMAAA1h/r5D4GAAAAWIOA7jIAAADgKyDGAAAAAL4CYgwAAADgKyDGAAAAAL4CYgwAAADgKyDGAAAAAL4CYgwAAADgKyDGAAAAAL4CYgwAAADgKyDGAAAAAL4CYgwAAADgKyDGAAAAAL4CYgwAAADgKyDGAAAAAL4CYgwAAADgKyDGAAAAAL4CYgwAAADgKyDGAAAAAL4CYgwAAADgKyDGAAAAAL7i/wBcn2rJAt/QSAAAAABJRU5ErkJggg==)
Mirror: Click here to view the mirror
Coordinated Disclosure Timeline
Vulnerability Reported: |
24 July, 2020 15:57 GMT |
Vulnerability Verified: |
24 July, 2020 16:13 GMT |
Website Operator Notified: |
24 July, 2020 16:13 GMT |
a. Using the ISO 29147 guidelines |
![](/images/done.png) |
— |
— |
b. Using publicly available security contacts |
![](/images/done.png) |
c. Using Open Bug Bounty notification framework |
![](/images/done.png) |
d. Using security contacts provided by the researcher |
![](/images/done.png) |
Public Report Published |
|
[without any technical details]: |
24 July, 2020 16:13 GMT |
Vulnerability Fixed: |
1 September, 2020 13:35 GMT |
— |
— |