logo
DATABASE RESOURCES PRICING ABOUT US

startupeuropesummit.com Cross Site Scripting vulnerability

Description

Open Bug Bounty ID: OBB-1006490 Following coordinated and responsible vulnerability disclosure guidelines of the **[ISO 29147](<https://www.iso.org/standard/45170.html>)** standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence. Affected Website:| **[startupeuropesummit.com](<https://www.startupeuropesummit.com>) ** ---|--- Open Bug Bounty Program:| **Create your bounty program now**. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| **[XSS (Cross Site Scripting)](<https://www.owasp.org/index.php/Cross-site_Scripting_\(XSS\)>)** / CWE-79 CVSSv3 Score:| 6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N] Disclosure Standard:| Coordinated Disclosure based on **[ISO 29147](<https://www.iso.org/standard/45170.html>)** guidelines Discovered and Reported by:| **devl00p ** Remediation Guide:| **[OWASP XSS Prevention Cheat Sheet](<https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.md>)** Export Vulnerability Data:| Bugzilla Vulnerability Data JIRA Vulnerability Data [ Configuration ] Mantis Vulnerability Data Splunk Vulnerability Data XML Vulnerability Data [ XSD ] Vulnerable URL: ![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAAA3CAIAAABVZQ1/AAAACXBIWXMAAA7EAAAOxAGVKw4bAAATkUlEQVR4nO2df0xT1/vHr1ixwhUBS/lVtTDDCDOIjjXoOufUOEMIq4jMOabMEWSEOSTMIVsYIwYN4uKcGrOwBDej/kEMIcQw07itIZ1RrBUbho0ybLrKtNbiOu1q4X7+ON/vyfX+6m2hgPZ5/dVzen4+57k9veee+z4zKIoiAAAAACAIhE11AwAAAIAXFphjAAAAgGABcwwAAAAQLGCOAQAAAIIFzDEAAABAsIA5BgAAAAgW03eOSUlJuX79Ol8QACYfcMIXGxjfYDBN55gbN26MjY0tXbqUMwgAkw844YsNjG+Q8DHH3LlzZ+7cuZxfjYyM7N+/ny84Tjo7O/Pz8/mCU0jA3ZxY+4QgDFecfHvSnfDhw4cffvhhXFxccnLy559//vTp04CLvXPnTkxMjM9ku3fvnjNnzsmTJ/0tnHH9Muz222+/LVu2LDIycsWKFTdu3PCrcJGIHKnJGVBsELbZJ/lHRuCn9UWDEmRoaIgkSTFfCaQMAJVKdeHCBb7gFBJwNyfWPqGJ2+3GnyffnnQnzM/P37p1q9VqHRgYUKvVtbW1ARc7NDQUHR0tnMZut4eFhRmNRq/X62/hDCsxYhISEjo6OhwOR0NDQ3Z2tl+FB9yG8SSbqMawzT75PzJ0f36BmY5rZXfv3jWbzatXr+YMAiHL7Nmzp6pquhM+efLEYDB8//33ycnJL7/88jfffNPe3h7U2l0uV0RExNKlS2fOnDmxJXu93uzs7JiYmOzsbI/HM7GFT0MkEklaWhr9A2JKfmSm0J8nFeEpCE37hw8fViqVsbGxxcXFTqeToiin04lLaGtrowcPHTpEkmRzc7NcLo+Ojt62bdvjx49RaZcvX1ar1SRJJiUlFRQU9Pf3c1Z64sSJoqIidlCj0TQ3N6NIo9EYHh6OGkNRVFlZWU1NjXCCxYsXC2dnNIPdWkavUZqcnBypVCqTyQoLC61WKzZaU1OTTCZLSEhobW1l24duYfx/CmXkNJ3b7d6xYwdJkgsXLqyvr/d6vez7SEY59AZQFOVyucrKymQymUKhaGhoQP+I/aqRbwT5WoLiW1palEplREREUVGR3W6vqamRyWSxsbElJSUul8vfZKgK9kBgvF5vbW2tXC6PiIgoLCy02+0ont19kfVy+iSd06dPr1q1is84nFit1vXr15MkmZaW1tTUhAeO0+Z2u53eWQGX4xsCHM+2W319fWZmZkVFRWZmpslkojdSwDc4fYnTAgIjRYeR7OjRo+vXr8ff1tXVbdu2zV9f9Qv6+HZ3dwsnpifgHHS2E7IvydBZ2PB9H+NyuYxGo16vv3z5ss1mq62tJQhi3rx5AwMDJEm63e7i4mJ6cOPGjS6X6/Lly729vb29vQaDobm5GRWVl5dXUlJisVh6enrUarVUKuWske9hTF5enlarRZFdXV1jY2Pd3d0oqNVqc3NzhRNoNBrh7IxmsFvL6DVBEAaDoaysbHh42GQyKRSKyspKbLSBgQGTydTW1qZWqxn2EbY2p+kaGxsfP37c19fX3d2t0+lOnDghUAi7AQRB7Nq1y2azGQyG7u7uzs7O48ePB1CjyBGkN8NoNPb09BiNRpvNlp6ebrfb+/r6Ll26NDQ0VFdX51cyDHsgMM3NzVqtVqvVms3mpKSk/v5+FM/ZffH18i3W37x5s6ampqWlhc84cSwIgqisrIyKiurv7z9//vzp06dxaZw2nz9/Pr2zfC4nBrbdSJIcHBxsa2vr7u5+5ZVX2MPH6Rt8viTmkhHTMI1Go9Pp/vnnH2z8goICgfZw2o3T8nzQx7ekpGTt2rVXr15lJ7ty5cratWtLSkpwDOegczoh+5IMFYSnoKGhIYIgHj16hIJ6vT41NRV/xfk8BmWxWCwo/ty5c2id1+FwSCQSziVIi8WiVCrRZ5fLRZKkw+FgB202W0REBCpBpVJVV1dv3boV1RgVFeXxeIQTWCwW4ez0JvG1VuDfx61btxISErAFcBfY9hG4/+A0HUVRMpkM/602Go0qlcpnOfQGeL1e9GuCgp2dnTk5Of7WKNIm9D/RBEHgm8Wenp6wsDD831Ov1y9evNivZGKe/8nlcoPBwIjk7L7IeimWT2KsVmtqaurZs2cpfoexsvB6vVKplG5zPHBsmwt3lu5yYu5jGDGtra2ZmZnDw8OrV6/esGEDKlAul+OUnL7B50sBXDICyXJyctrb23G82+32y1cpLsvzVc3+zWlqaoqNjS0qKjKbzSjSbDYXFRXFxsY2NTXhuvi6zHZC9iUZOvcxEp+TEEmSeP9DUlKSw+HwmUUqlS5YsAB9Tk9Pt1gsBEHExMQUFhbm5OSsWbMmKSkpOzv7zTffxMXq9Xr0+cKFCyqVCm/5oAcTExPT0tL0en1GRobNZquvr09LSxsdHdVqtevWrZs1a5ZwggULFghnp3dBoLV0rl27tmfPnv7+fo/HMzY2NjY2ho0mZrOQSNM9fPjQbrcrlUoUPzY2JpH4GDhGA+7du+fxeFJSUnDJyOn9qlGkTRjNmDdvHvqsUCiioqLmzJmDgklJSXgVSGQyn4yMjDgcjszMTEY8X/dF1svwSUxhYWFVVdW7775L8DtMcnIyI9fdu3cJgqDbHH0QOcp8LhcAdXV13d3d8fHxp0+fzszM3L9/P2o8TsDpG3zGDMA9BNBoNF1dXZs2berq6srNzUWPLvy6OtiW54MxvpGRkXv37i0vL9+xY0dGRgbaNJiRkZGXlzc4OIgdhq/LfE4Y8G/C847vOWYCOXPmzNWrV00mk81mq66uXrly5XfffUcQxMyZMxMTE1Ea4V3Lubm5Wq12cHAwLy9v3rx5WVlZOp2OvtIlnMBndjGtpaPRaEpLS0+cOCGVSq1W64YNGybUYP+H2+0OCwvr7e3FPzphYWFBfULLWSMhziZTzoQ/GOdcKLt7925fX9/vv/+OYziNw16i6evr46yFz+YMJsrl7t+/73A4li1bRhBEYmJiW1ubRqPp7e0dzzLOBLpHQUEBaklXVxd9bYoNn93Ylr9//z5nCezxvX37dn19vU6na2xsRDGNjY0tLS0VFRWNjY0vvfQSTsnu8r59+4ggOOFzjPBtjs8Hy+yUjFvajo4Ozj2RRqNRoVAwIr1er0wmw7fhjCBFUXq9XqVS5efnnz9/nqKo48eP79q1KyEhwWaziUngMzsfuLX0Xt+7d08ikdDT8C1Q0CMfPXoUFhaGlx97enr41sropiNJknH3LVwOowEi18qEa+SzCV9LBJyH4l/PEZ+Mb63MaDQyIvnWysTUy3ZCXCY7km0cn2tlHR0duF4+m+Om8rmcyCGgx6Bm4LUgiqLKysoIgsBP/vl8g8+X+CwQ8N7lJUuWaLXa6Oho1C9/fVXkWhl7fMvLy0mSrK6uxhtGEHa7vaqqiiTJ8vJyzqJwl9lO6HMT+QtM4HOMy+WSSCTYR3EQuQLa8WIymbKyshoaGiiK6u/v37Bhw8WLF+12u8ViKS0tzcvLwyWjNU2dTrdkyRIcyQgi5HK5XC5H6a1Wa1RUVFZWlvgEwt/ipVW+1jJ6LZfLjx8/7nQ6zWazRqMRmGPoGVUqVWlp6fDwsNlsVqvVjDmGbTqKosrLy3NyctDfpebm5sbGRuFy2A0oLS3Nz8+3WCwmk2n58uVHjhzxt0aBEeRsSVDnGLo96QviTU1NKpWqr6/ParVWVlbqdDq+7ousl9MJEfR6hd2bgUajodsc18s5yoy+c7ocxTMEjx49kkgkAwMDeKsV3W4VFRUrV640mUx2u72trQ1tefryyy9xpXy+welLIi8ZPtjJ0J43bEZ/rw6RsMe3uLh4aGiIL/3Q0FBxcTH6zNdlthPCHMOL8HXY0NAQERGBtySiINqbe+DAAcYWQ4/H09DQkJaWFh4eLpfLi4uLh4eHGbXU1NTU1dXh8hlBxNatWwsLC3EwOzubkUY4gcC39M4KtJbea51Ol52dLZVKExISqqurBeYYesZbt26tWbOGJMmMjIwjR44w5ga26SiKcrvdVVVVCoUiIiIiNzcX/e0SLodRu8DeZZE1CtiEsyVBnWOoZ/0NR3q93j179shkMqlUqtFofO5d9lkvpxOy0wsYhw1973JLSwt97zJ7lBl953Q5viGgKKq2tpZ+kVI0P3S73bW1tUqlUiqVLl++/NSpU4ODgxEREWhiFvANTl8SeckIwEhmNBoJ2o5nf68OkfCNrxj4usx2QphjJpLx2C4tLe3SpUt8wReeyXe70HH0gAk1J8RMuW+4XC6pVIr3YgWpPSE7vpPGpD7z98nNmzcFggAw+YATThUXLlxQq9XB3osF4xtspqOWjBiuX7/+8ccfMyJDSpo7JSXl6tWr77333t9//y0+S+jYB5iGsN+LRODXLTEjIyNHjx4tKiqaknYCE8j0uo8RT0lJyZYtW+gxISXNjTr76quvhoeH19TU/PTTTyKzhIh9gOkJesTChq1ALJfL8/Lytm3bFvxGAUEm4FU2p9PZ1NTkb66AF1Xp1SEZWsbrtfv27ausrAxSG/Abixj0XvT4CcwguLMGgwG96S0+y3gQ2drAfAMAgBePwNfK0O/IuOa3QKtDMrQM1VLxxz8sWrRI/KvjGCRogens7PS3hAkEdzY2NtblcvmVZTyINN0k+wYAANOW53WtjIG/0tyBqWpPEy3uAHTIJ1C6fJoYAQCA5wJR52AePHgwPj4+JiZm+/btT548IQhiZGREqVS6XK4ZM2acPHny559/5sx+5cqVFStWzJkzJy4ubvPmzX/99Rc7zX///ffRRx/NnTt30aJFX3311ejoKKp0//79cXFxiYmJP/zwA6M6diGdnZ3r16+fNWvWxo0bDx48iCKvX78+e/bskZERFNy5c+dnn31G0E6gu3LlyhtvvDF37tzk5ORNmzb98ccfBEH8+eefkZGR165dIwjiwYMHMTExv/zyC0EQY2Njn376aXx8fHx8/O7du0dHR3FRhw4dSklJiYmJef/993F1M54FRf777787d+6Mi4tbsGDB119/jQohCOLbb79NSUmZP3/+Bx98gEs4duzY22+/jfv4xRdfbN++nd5Z4bGjDwo9C2evCYIYHR3du3dvfHx8ZGTk5s2bHzx4wB4I+uF94/QNAABCAVHa/mw9bYYWN58athgdck5dbgFtfE6FcPH6//RcnLrcKSkpdXV1VVVVBEHU19fn5ua+9dZbBEE8fvyYJEmTyaTX67Va7eHDh7F9+vr60NkHFosFC8LjVbU9e/bg7QkCCvOM0xMIguBTOPe56sVWIKdn4dPnD0CQfDy+AQBASCD8uEZAT5v++JdTDZsB0iFnPzTmVK0n+LXxKdaTZ7/0/3F2gbMGPB5Penp6Q0ODTCZDL+663W76i1odHR1IP3zo2bMPenp68NkHCJPJtHDhQvS2uYDCPOfpCRSXwjlDh5xhCk4FcnoWgV77K0g+gb4BAMCLiu85RiqV4mB/fz/9eAnGbOFwODQaDV2zz2AwrFu3LikpCZ0tGB0dzciFTgqQ/T+xsbFyuVxYU5Jd9blz59asWYODWVlZFy9eHB4eVigUTqdTLpd7vd7W1taCggJG9i1btmRlZVVXV7e0tPz666/06tDNEBJiYjMwMCB8bgdm5cqVHR0d6LPNZgsPD8dfmc1m9qTLKOHAgQMlJSUURaF3BdidZWSXSCQajQaficJpH85eO51OiUTCOEBQWABjnL4BAEAoMGHvYN6+fRupv2E1bIIgNBrNqlWrdDqd0Wg8f/48OxfW5TYajUajsa+vj28HvQCc+v9dXV0+BfzPnDmDjmnyeDzV1dWffPIJ/mp4eDgsLGx4eJivUjHndhw7diw1NfWdd97xt0eYgoICZLeuri4xC2WNjY06na6iouL27ds4kpFFoNdBEiTn9A0AAEIC4SlIQE+b/l+VUw2bU4ec/Q+Xrcvt131MAPr/nOXTzxpwOp0JCQlnz56NjY1FB3RrtVq6PPO5c+fwWhnfXYjVak1PT/d5GKXPOyG6wjm7s+y+MBTI+aTp2b32V5B8PL4BAECIIGqO4dTTpmtx86lhs3XI2WLjbF1un9r4FosFr9IEoP+PyhcQY6+oqEALU/v27Vu9ejVFUU6nUyaT1dfX2+12g8GwZMkSrI3PN0MUFBS0t7fjJ/8o0l+FeepZhXN2Z2/dusVIj8tBCuSMLAK99leQfJy+AQBAKCBK259TT5sSIdnNqUPOEBtn63L71MZ3u934eKUA9P9R+Xy63L29vSRJor/nbrdbqVT++OOPKF6tVpMkmZqa2tzcTC+KXjL+xee8X/RXYZ56VuGc3dn29vbMzEw++7OzCAiw+ytIPk7fAAAgFPDv/Jjpw65du9Bz7ACkuadtpzihK5wzOoumwNbWVoHswZMuf77MCADAlPC8vuff0tKC/uC/8NLcdIVzRmdnz5596tSp119/XSD7C28fAACmM8+rtv+sWbNee+21ADI+ffpUr9crFIoJb1Iw8KlwLjzBAAAATC3P6xwTMGVlZZWVlc+LYiN+1DHVDQEAAAiEGRTr6TQAAAAATAghdx8DAAAATBowxwAAAADBAuYYAAAAIFjAHAMAAAAEC5hjAAAAgGABcwwAAAAQLGCOAQAAAIIFzDEAAABAsIA5BgAAAAgWMMcAAAAAwQLmGAAAACBYwBwDAAAABAuYYwAAAIBgAXMMAAAAECxgjgEAAACCxf8AFk1hoUkxHKQAAAAASUVORK5CYII=) --- **Screenshot:** ![startupeuropesummit.com vulnerability](/twimages/screen-1006490.jpg) **Mirror:** [Click here to view the mirror](<http://1006490.openbounty.org/mirror/>) ### Coordinated Disclosure Timeline Vulnerability Reported:| 31 October, 2019 12:46 GMT ---|--- Vulnerability Verified:| 31 October, 2019 13:01 GMT Website Operator Notified:| 31 October, 2019 13:01 GMT a. Using the ISO 29147 guidelines| ![](/images/done.png) ---|--- b. Using publicly available security contacts| ![](/images/done.png) c. Using Open Bug Bounty notification framework| ![](/images/done.png) d. Using security contacts provided by the researcher| ![](/images/done.png) Public Report Published [without any technical details]:| 31 October, 2019 13:01 GMT