lerobert.com Cross Site Scripting vulnerability

2019-11-20T02:01:00

Description

Open Bug Bounty ID: OBB-1019985 Following coordinated and responsible vulnerability disclosure guidelines of the **[ISO 29147](<https://www.iso.org/standard/45170.html>)** standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence. Affected Website:| **[lerobert.com](<https://www.lerobert.com>) ** ---|--- Open Bug Bounty Program:| **Create your bounty program now**. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| **[XSS (Cross Site Scripting)](<https://www.owasp.org/index.php/Cross-site_Scripting_\(XSS\)>)** / CWE-79 CVSSv3 Score:| 6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N] Disclosure Standard:| Coordinated Disclosure based on **[ISO 29147](<https://www.iso.org/standard/45170.html>)** guidelines Discovered and Reported by:| **yassinehmimou2 ** Remediation Guide:| **[OWASP XSS Prevention Cheat Sheet](<https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.md>)** Export Vulnerability Data:| Bugzilla Vulnerability Data JIRA Vulnerability Data [ Configuration ] Mantis Vulnerability Data Splunk Vulnerability Data XML Vulnerability Data [ XSD ] Vulnerable URL: ![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAAA3CAIAAABVZQ1/AAAACXBIWXMAAA7EAAAOxAGVKw4bAAARM0lEQVR4nO2df0xb1RfA31hhHTx+rpRSirSojCzLJIYgMUzRkWVBQrqJnSHVMSWMLAQJYYr8gYgLmwwWnAtZDCZIjC7GEELMgqZBQ0g1DGqHBAERWSUFsbAyO8ZY4X3/eNnL8737bm8Lhcr3fP7qve/ec889576e9rbv3F0Mw1AAAAAA4AeCtlsBAAAAYMcCMQYAAADwFxBjAAAAAH8BMQYAAADwFxBjAAAAAH8BMQYAAADwF4EbY3Q63a1bt6SKwNYAZgcAYCMEaIz55Zdf1tfXn3rqKWQR2BrA7AAAbBAPMeb27dvh4eHIS0tLSxcuXJAqbpDu7u78/Hyp4haAmfi2iNpc8xKyKWbfREtuXPKdO3dOnz4dGxubkJDwzjvvPHz4kNqAbX3u6D+bAECg4fv3GKfT2dDQIFXcINseYwKNzTUvITvP7EVFRaurq1artbe312w219bWUhuwrc8dk5KSHA6HDx0B4D9HIO6Vzc7OTkxMZGdnI4vA1rDzzH7//n2LxfLJJ58kJCTs37//8uXLX3/99XYps2fPnu0aGgC2EqIY89FHH+l0un379r322mtLS0sURS0tLWm1WpfLtWvXrs8++4xfvHz5cnh4+KVLl+Li4qKjo0+dOnX//n1Wzs2bNw8fPhweHp6QkPDyyy//+uuvyOG6u7uPHj0aHBwsKB4/fvzSpUts5a1bt/bs2cMqQ1HUmTNnzp07h2/w5JNP4rtjLPDgwYM333wzPDw8KSnpvffeW1tbox7teFy4cCE2NjY+Pv7TTz+lKOrevXtnzpyJjY1NTEx8//332ZYURX344YdigxCKFVhboNva2tq7774bFxcXFhb2yiuvLCwsSKnBSm5ubtbpdGFhYSdPnlxYWDh37lxsbOy+fftOnz597949sReQ00RqLqUMcgl5ZVUpsV5J3rt3759//hkWFsa2mZycVKvVAtsiO/7xxx9hYWE///wzRVELCwvR0dHff/893ilIvv32W/YFt1dG7pHZ2dmXXnopPDxcp9M1NzdHR0eL5YvvL2+NKQA5cZKZAgCH5xjjcrmsVqvZbB4YGLDb7dXV1RRFRUZGjo2N0TS9srJiNBr5xePHj7tcroGBgcHBwcHBQYvF0tjYyIrKy8srKiqy2Wz9/f1ZWVlyuRw5otRGWV5enslkYiu/+eab9fX1np4etmgymXJzc/EN9Ho9vjvGCPX19cvLy8PDwz09PX19fdeuXeOMMzY2NjIy0t7enpWVRVFUeXm53W63WCw9PT3d3d2tra1ss8FH8A1CKFZgbYFujY2NJpPJZDJNTEyo1erR0VEpNThv9vf3W61Wu92emprqcDiGh4d/+umn6enpmpoapBfE05TSHKkMcgl5ZVWkWB8kc4yPj1dVVTU1NQlsi+yo0+lqamoqKiooiqqtrc3NzX3hhRfETokVwQ138+bNI0eOFBUViZcWoUfKyspCQkImJydNJlNHRwdqkaLvL3JjivVHThw5NABIwmCZnp6mKOru3bts0Ww2Jycnc5domua3ZItsF5vNxtZ3dnamp6czDLO4uCiTyVZWVsSj2Gw2rVbLvna5XDRNLy4uiot2uz00NJSVkJGRUVlZWVhYyI4YERGxurqKb2Cz2fDdBRPnz06hULhcLva11WrNyMjgZsqpyjCM2+2maXpqaootdnd3Z2ZmShmEXKxYHz5KpdJisfBrkGpwkp1OJ1vf398fFBS0vLzMFs1m8xNPPCE2O1IfpOZIZTBLiHz6YrE+SOaYmZlJTk6+fv06J4ezrVTH1dXV1NTUuro6hUIxNzcn7siKFcAwzMTEhMFgiImJaWho4CQLbhaPHnG73XK5nHNoZ2dnVFSUwBrI+4vcmFL6IycOAOTIPAYhmqa5/8Co1erFxUWPXeRyeWJiIvs6NTXVZrNRFBUdHV1QUJCZmfniiy+q1er09PTnn3+eE2s2m9nX3333XUZGBrcVwC/Gx8enpKSYzeYDBw7Y7fba2tqUlJS1tTWTyZSTkxMcHIxvkJiYiO8uNZ07d+44HA6tVssW19fXZTIZZxz+rsX8/Pzq6qpOp+Pmzt7kSIOQi8WwtLS0uLh46NAhfqWUGqzkyMhI9rVGo4mIiNi7dy/nBe6HaIEXBPpIaY5UhpJYQuTTlxLrg2SWgoKCioqKkydPCqRhOgYHB1+9ejUnJ+fKlStxcXFiTSiKSkhIEFceOHAgLy9vamqKM7t4Ch49Mj8/v76+zneoWI7U/UVuTKT+JBMHAAyeY8wm8uWXXw4NDY2MjNjt9srKymefffbjjz+mKGr37t3x8fFsG/w/ynJzc00m09TUVF5eXmRkZFpaWl9fH3+nC9/AY3ckKysrQUFBg4OD3DtOUNAm/FdiE8Xu3r174/rwwf+jDK85oTLeTp98jnjJs7Ozw8PDP/74o7cd5+bmgoKC5ubmpMblb46x/P333/X19U1NTWfPnq2vr3/88ccJp+Ab4vurqqoK2RJpTKT+FMHEAQAH/muOeEOM+5JOuFfW1dXFbQ3xsVqtGo1GUOl2uxUKBbcnICgyDGM2mzMyMvLz82/cuMEwTGtra3l5uUqlstvtJA08dpeaOE3TyL0awf4VyV4Z3yCEYqUqWZRKpdVq9aiGWAjfm/yiwOzIoZGaI5XBDEo+fbFYHySzuN1u/ooSyJHq6HQ6VSrV9evXY2JiRkdHkQog95oYhnE4HBUVFTRNl5aWCjqSe0Qul09PT7P1yL0yAez9RW5MKf2REwcAcnyPMS6XSyaTTUxMCIrsW2pBQcHMzMzIyEhaWlpdXR3DMKOjo8eOHevt7XU4HDabrbi4OC8vj5PM7iP39fUdPHiQqxQUWZRKpVKpZNvPzMxERESkpaWRN8Bf5baz7969K5PJxsbG3G43wzClpaWZmZnsJ8TGxsb6+nqxcViKi4vz8/NtNtvIyMjTTz995coVKYN4JVZgbf62e0NDQ0ZGxvDw8MzMTFlZWV9fH1INvDf5RYHZkfogNUcqgxmUfPrIOXormUPwowXftlIdz549azAYGIY5f/58dnY20il4pqenjUajwKSEHmEYpqCgQK/XT09Pj4yMHDp0SBxjkPcXuTGlQE4cAMjxPcYwDFNXVxcaGtre3s4vNjc30zR98eJFpVIZFRX1+uuvs79hrq6u1tXVpaSkhISEKJVKo9Eo/u20qqqqpqaGky8oshQWFhYUFHDF9PR0QRt8A8xVwWSrq6u52a2srFRUVGg0mtDQ0NzcXPaDsFQwKCkpUSgUGo2mrq7O7XazzRobGwUG8Uos39qCBm63++2331YoFHK5XK/XOxwOpBpiyVLvaAKzI/VBao5UBjMo+fSRc/RWMnLWAtsiOw4ODtI0zX4TXVlZ0Wq1HR0dgo5if2HwIcbMzc3l5eXRNK3Vai9evCieAvL+IjcmEszEAYCQXQzDbO7m2+3btw8ePPjPP//40Hf//v0dHR3PPPMMsghsDWD2AGd8fPy5557766+/tlsRAPDMlv7m75Hx8XFMEdgawOwBjtVqTU5O3m4tAICIwIoxAAAg+eCDD9RqdX5+/tTUVE1NDZtpDQACn0DMVwYAgIDs7OzW1laNRmM0GsvLy0+dOrXdGgEAEZsfY5KSknz7MWYj8BNA8Z84C5Ak6iRqbGWieIGV/s/xbZFg/MW/tFkr8PDhw0NDQw8ePPjtt9/eeuutjQtEInUfAYDP7PDvMQGSRJ1EDUgU/98C469tOYgBAAKTHRJjZDJZSkoK/wVHgCRR96saATJH4L8O5j4CAB/x+O9mqQc+mpqatFptVFRUYWEhl9SPYZiVlZU33niDpunHHnustraWa9/Q0KBQKFQqVVtbm7gGORDz6AECQUtyuOcDBgYGMjMz5XK5QqFgH4dkGMZgMJw/f55rnJmZ2d7ejmzJSsjKyqJpWq1Wnzhxgnvm2e12V1dXK5XK0NDQgoIC7okQ8Xw5fcTPyjidTs4jgoct9Hp9Y2Mj+9pqtYaEhHDWLikpqaqq4j8DgXHNzMzM0aNHaZpOSUlpaGjgP0srNrvHQfErBK+JeIUgHU24SLxaIUjnCh4iIVnAGH8JLrF9W1patFptTEyM0Wjk7EA4QXJfTE1NhYaGsnkKHA5HVFRUb28vZulK1Qvo6enBmBQA8Hj+HiOVrH54eJjNqW6z2fg54ZHZ0cUJxgmz4iNbYpKoS2GxWEpKSubm5kZGRjQaTVlZGUVRBoOhq6uLbTA7O2u1WvV6PbIlJX0wgVQ2e4HOHMiDDzDZ+z2eaCCYqZRrysrKIiIiRkdHb9y48cUXX+D969WgGMchNSFP6U9+dILY2shFIuVcPiQLGOMv8SWpAwgIJ0juC6lU/FJLl/CsjaKioiNHjgwNDSGvAoAH8CEIk4CLy6ne39/P5VRnUNnRxQnGCbPiI1sy0omhxCCfc56cnFSpVAzDLC8vszn/GYZpbW3Nz8+Xaok5mEAqm71gvviDD8SqcucdeDzRQPA9BukaNuEVf1wuERbS7B4H5fTEOw65SAhT+nt1dIJghTAEi4RzrsDyJAsY4y/BJcwBBIQTJPcFg0rFL7V0MUtagMvlamhoiImJMRgMhIlzAIDDQ4yx2+0hISFccWJiQqVSYRJgsMnVFY+IiYlRKpXiN3pxDXIgZEuv4LpbLJacnBy1Ws1qxSn86quvsrm8cnJyPv/8c3zLtLS0ysrKpqamH374ga10Op0ymYzd7cHMjh9j5HI5Vz86OqpUKpG93G43l6kzLS2tt7d3bm5Oo9E4nU6lUul2u9va2k6cOMGI3tGQrrHb7YJxuXqk2T0OykHoOE4T5ArBGw0/llcrBOlcvgTCBSxWj+8vEo+QT5Ah9gUL+6WHXdUsyKWLqUeyuLio1+tlMhm+GQAI2ORnMJHZ0VdXVzd3FKkk5Bj0en1xcfG1a9fkcvnMzMyxY8fYeoPBcPXqVaPRODAw0NnZiWkpdTAB5YfU+tS/zzvw7UiCDeKnQf10UIIY5CKRci5ePZIFzPfXpuOVL8Sp+KWWLmZJC/j9999ra2v7+vrq6+v9NEdgx4IPQVK7E5hEfuLs6CQfUQnT0bN4u1c2Pz/P//xltVr5yRNjYmJaWlrYj4SYlnz4BxN4zGbP/Pt7DCWR5x/zeRx/JAHJp2bBXllXVxd+r8zjoBw+nCNAmNKfcJFI2U28SKScK5BAsoClKsWXvPoeI2VM8jMpPKbiR56pgalnGKa0tJSm6crKSkz2TACQwvP/ypDJ6jExRpwdneTtAzmQVEtyuO5KpbK1tdXpdE5MTOj1er7ChYWFERERX331FVtEtsQcTOAxmz0jijHIPP/iRPH8vXLMkQSE72h6vZ4/LlePNLvHQfm6eXuOAGFKf8JF4tUKQTrX4zkOyCHEZ1twfzDjX/IqxkgZkyE40oJFnIpfauniz9rgYzQapx8dXQMA3uL7f5e5BoIYI86OTvj2QZKO3lu47n19fenp6XK5XKVSVVZW8hXu6uqiaZrLt49siTmYwGM2e+bfMYZGHXzAwk8ULxBCeCQBxjX8/y43NTXh/7uMH1QwirfnCBCm9CdcJF6tEKllgD/HQWoIjL+kDmLwGGOk3OHxSAtGIhW/1NLFLGkA2EQ2P7d/QLGRgwb8QaDpA2wW4FkAQLJDnvMHgG2nqKhou1UAgIBjJ8eYhw8fms1mjUaz3YoAOx+VStXS0rLdWgBAwLGTz48pKSnp7u5ua2vbbkWAnQ+kjAMAJDv89xgAAABgG9nJe2UAAADA9gIxBgAAAPAXEGMAAAAAfwExBgAAAPAXEGMAAAAAfwExBgAAAPAXEGMAAAAAfwExBgAAAPAXEGMAAAAAfwExBgAAAPAXEGMAAAAAfwExBgAAAPAXEGMAAAAAfwExBgAAAPAXEGMAAAAAf/E/bP5n1wudAn8AAAAASUVORK5CYII=) --- **Screenshot:** ![lerobert.com vulnerability](/twimages/screen-1019985.jpg) **Mirror:** [Click here to view the mirror](<http://1019985.openbounty.org/mirror/>) ### Coordinated Disclosure Timeline Vulnerability Reported:| 20 November, 2019 02:01 GMT ---|--- Vulnerability Verified:| 20 November, 2019 02:14 GMT Website Operator Notified:| 20 November, 2019 02:14 GMT a. Using the ISO 29147 guidelines| ![](/images/done.png) ---|--- b. Using publicly available security contacts| ![](/images/done.png) c. Using Open Bug Bounty notification framework| ![](/images/done.png) d. Using security contacts provided by the researcher| ![](/images/done.png) Public Report Published [without any technical details]:| 20 November, 2019 02:14 GMT

{"id": "OBB:1019985", "type": "openbugbounty", "bulletinFamily": "bugbounty", "title": "lerobert.com Cross Site Scripting vulnerability ", "description": " \n\n\nOpen Bug Bounty ID: OBB-1019985\n\nFollowing coordinated and responsible vulnerability disclosure guidelines of the **[ISO 29147](<https://www.iso.org/standard/45170.html>)** standard, Open Bug Bounty has: \n\n&nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; \n&nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence.\n\nAffected Website:| **[lerobert.com](<https://www.lerobert.com>) ** \n---|--- \nOpen Bug Bounty Program:| **Create your bounty program now**. It's open and free. \nVulnerable Application:| Custom Code \nVulnerability Type:| **[XSS (Cross Site Scripting)](<https://www.owasp.org/index.php/Cross-site_Scripting_\\(XSS\\)>)** / CWE-79 \nCVSSv3 Score:| 6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N] \nDisclosure Standard:| Coordinated Disclosure based on **[ISO 29147](<https://www.iso.org/standard/45170.html>)** guidelines \nDiscovered and Reported by:| **yassinehmimou2 ** \nRemediation Guide:| **[OWASP XSS Prevention Cheat Sheet](<https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.md>)** \nExport Vulnerability Data:| Bugzilla Vulnerability Data \nJIRA Vulnerability Data [ Configuration ] \nMantis Vulnerability Data \nSplunk Vulnerability Data \nXML Vulnerability Data [ XSD ] \n \nVulnerable URL:\n\n![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAAA3CAIAAABVZQ1/AAAACXBIWXMAAA7EAAAOxAGVKw4bAAARM0lEQVR4nO2df0xb1RfA31hhHTx+rpRSirSojCzLJIYgMUzRkWVBQrqJnSHVMSWMLAQJYYr8gYgLmwwWnAtZDCZIjC7GEELMgqZBQ0g1DGqHBAERWSUFsbAyO8ZY4X3/eNnL8737bm8Lhcr3fP7qve/ec889576e9rbv3F0Mw1AAAAAA4AeCtlsBAAAAYMcCMQYAAADwFxBjAAAAAH8BMQYAAADwFxBjAAAAAH8BMQYAAADwF4EbY3Q63a1bt6SKwNYAZgcAYCMEaIz55Zdf1tfXn3rqKWQR2BrA7AAAbBAPMeb27dvh4eHIS0tLSxcuXJAqbpDu7u78/Hyp4haAmfi2iNpc8xKyKWbfREtuXPKdO3dOnz4dGxubkJDwzjvvPHz4kNqAbX3u6D+bAECg4fv3GKfT2dDQIFXcINseYwKNzTUvITvP7EVFRaurq1artbe312w219bWUhuwrc8dk5KSHA6HDx0B4D9HIO6Vzc7OTkxMZGdnI4vA1rDzzH7//n2LxfLJJ58kJCTs37//8uXLX3/99XYps2fPnu0aGgC2EqIY89FHH+l0un379r322mtLS0sURS0tLWm1WpfLtWvXrs8++4xfvHz5cnh4+KVLl+Li4qKjo0+dOnX//n1Wzs2bNw8fPhweHp6QkPDyyy//+uuvyOG6u7uPHj0aHBwsKB4/fvzSpUts5a1bt/bs2cMqQ1HUmTNnzp07h2/w5JNP4rtjLPDgwYM333wzPDw8KSnpvffeW1tbox7teFy4cCE2NjY+Pv7TTz+lKOrevXtnzpyJjY1NTEx8//332ZYURX344YdigxCKFVhboNva2tq7774bFxcXFhb2yiuvLCwsSKnBSm5ubtbpdGFhYSdPnlxYWDh37lxsbOy+fftOnz597949sReQ00RqLqUMcgl5ZVUpsV5J3rt3759//hkWFsa2mZycVKvVAtsiO/7xxx9hYWE///wzRVELCwvR0dHff/893ilIvv32W/YFt1dG7pHZ2dmXXnopPDxcp9M1NzdHR0eL5YvvL2+NKQA5cZKZAgCH5xjjcrmsVqvZbB4YGLDb7dXV1RRFRUZGjo2N0TS9srJiNBr5xePHj7tcroGBgcHBwcHBQYvF0tjYyIrKy8srKiqy2Wz9/f1ZWVlyuRw5otRGWV5enslkYiu/+eab9fX1np4etmgymXJzc/EN9Ho9vjvGCPX19cvLy8PDwz09PX19fdeuXeOMMzY2NjIy0t7enpWVRVFUeXm53W63WCw9PT3d3d2tra1ss8FH8A1CKFZgbYFujY2NJpPJZDJNTEyo1erR0VEpNThv9vf3W61Wu92emprqcDiGh4d/+umn6enpmpoapBfE05TSHKkMcgl5ZVWkWB8kc4yPj1dVVTU1NQlsi+yo0+lqamoqKiooiqqtrc3NzX3hhRfETokVwQ138+bNI0eOFBUViZcWoUfKyspCQkImJydNJlNHRwdqkaLvL3JjivVHThw5NABIwmCZnp6mKOru3bts0Ww2Jycnc5domua3ZItsF5vNxtZ3dnamp6czDLO4uCiTyVZWVsSj2Gw2rVbLvna5XDRNLy4uiot2uz00NJSVkJGRUVlZWVhYyI4YERGxurqKb2Cz2fDdBRPnz06hULhcLva11WrNyMjgZsqpyjCM2+2maXpqaootdnd3Z2ZmShmEXKxYHz5KpdJisfBrkGpwkp1OJ1vf398fFBS0vLzMFs1m8xNPPCE2O1IfpOZIZTBLiHz6YrE+SOaYmZlJTk6+fv06J4ezrVTH1dXV1NTUuro6hUIxNzcn7siKFcAwzMTEhMFgiImJaWho4CQLbhaPHnG73XK5nHNoZ2dnVFSUwBrI+4vcmFL6IycOAOTIPAYhmqa5/8Co1erFxUWPXeRyeWJiIvs6NTXVZrNRFBUdHV1QUJCZmfniiy+q1er09PTnn3+eE2s2m9nX3333XUZGBrcVwC/Gx8enpKSYzeYDBw7Y7fba2tqUlJS1tTWTyZSTkxMcHIxvkJiYiO8uNZ07d+44HA6tVssW19fXZTIZZxz+rsX8/Pzq6qpOp+Pmzt7kSIOQi8WwtLS0uLh46NAhfqWUGqzkyMhI9rVGo4mIiNi7dy/nBe6HaIEXBPpIaY5UhpJYQuTTlxLrg2SWgoKCioqKkydPCqRhOgYHB1+9ejUnJ+fKlStxcXFiTSiKSkhIEFceOHAgLy9vamqKM7t4Ch49Mj8/v76+zneoWI7U/UVuTKT+JBMHAAyeY8wm8uWXXw4NDY2MjNjt9srKymefffbjjz+mKGr37t3x8fFsG/w/ynJzc00m09TUVF5eXmRkZFpaWl9fH3+nC9/AY3ckKysrQUFBg4OD3DtOUNAm/FdiE8Xu3r174/rwwf+jDK85oTLeTp98jnjJs7Ozw8PDP/74o7cd5+bmgoKC5ubmpMblb46x/P333/X19U1NTWfPnq2vr3/88ccJp+Ab4vurqqoK2RJpTKT+FMHEAQAH/muOeEOM+5JOuFfW1dXFbQ3xsVqtGo1GUOl2uxUKBbcnICgyDGM2mzMyMvLz82/cuMEwTGtra3l5uUqlstvtJA08dpeaOE3TyL0awf4VyV4Z3yCEYqUqWZRKpdVq9aiGWAjfm/yiwOzIoZGaI5XBDEo+fbFYHySzuN1u/ooSyJHq6HQ6VSrV9evXY2JiRkdHkQog95oYhnE4HBUVFTRNl5aWCjqSe0Qul09PT7P1yL0yAez9RW5MKf2REwcAcnyPMS6XSyaTTUxMCIrsW2pBQcHMzMzIyEhaWlpdXR3DMKOjo8eOHevt7XU4HDabrbi4OC8vj5PM7iP39fUdPHiQqxQUWZRKpVKpZNvPzMxERESkpaWRN8Bf5baz7969K5PJxsbG3G43wzClpaWZmZnsJ8TGxsb6+nqxcViKi4vz8/NtNtvIyMjTTz995coVKYN4JVZgbf62e0NDQ0ZGxvDw8MzMTFlZWV9fH1INvDf5RYHZkfogNUcqgxmUfPrIOXormUPwowXftlIdz549azAYGIY5f/58dnY20il4pqenjUajwKSEHmEYpqCgQK/XT09Pj4yMHDp0SBxjkPcXuTGlQE4cAMjxPcYwDFNXVxcaGtre3s4vNjc30zR98eJFpVIZFRX1+uuvs79hrq6u1tXVpaSkhISEKJVKo9Eo/u20qqqqpqaGky8oshQWFhYUFHDF9PR0QRt8A8xVwWSrq6u52a2srFRUVGg0mtDQ0NzcXPaDsFQwKCkpUSgUGo2mrq7O7XazzRobGwUG8Uos39qCBm63++2331YoFHK5XK/XOxwOpBpiyVLvaAKzI/VBao5UBjMo+fSRc/RWMnLWAtsiOw4ODtI0zX4TXVlZ0Wq1HR0dgo5if2HwIcbMzc3l5eXRNK3Vai9evCieAvL+IjcmEszEAYCQXQzDbO7m2+3btw8ePPjPP//40Hf//v0dHR3PPPMMsghsDWD2AGd8fPy5557766+/tlsRAPDMlv7m75Hx8XFMEdgawOwBjtVqTU5O3m4tAICIwIoxAAAg+eCDD9RqdX5+/tTUVE1NDZtpDQACn0DMVwYAgIDs7OzW1laNRmM0GsvLy0+dOrXdGgEAEZsfY5KSknz7MWYj8BNA8Z84C5Ak6iRqbGWieIGV/s/xbZFg/MW/tFkr8PDhw0NDQw8ePPjtt9/eeuutjQtEInUfAYDP7PDvMQGSRJ1EDUgU/98C469tOYgBAAKTHRJjZDJZSkoK/wVHgCRR96saATJH4L8O5j4CAB/x+O9mqQc+mpqatFptVFRUYWEhl9SPYZiVlZU33niDpunHHnustraWa9/Q0KBQKFQqVVtbm7gGORDz6AECQUtyuOcDBgYGMjMz5XK5QqFgH4dkGMZgMJw/f55rnJmZ2d7ejmzJSsjKyqJpWq1Wnzhxgnvm2e12V1dXK5XK0NDQgoIC7okQ8Xw5fcTPyjidTs4jgoct9Hp9Y2Mj+9pqtYaEhHDWLikpqaqq4j8DgXHNzMzM0aNHaZpOSUlpaGjgP0srNrvHQfErBK+JeIUgHU24SLxaIUjnCh4iIVnAGH8JLrF9W1patFptTEyM0Wjk7EA4QXJfTE1NhYaGsnkKHA5HVFRUb28vZulK1Qvo6enBmBQA8Hj+HiOVrH54eJjNqW6z2fg54ZHZ0cUJxgmz4iNbYpKoS2GxWEpKSubm5kZGRjQaTVlZGUVRBoOhq6uLbTA7O2u1WvV6PbIlJX0wgVQ2e4HOHMiDDzDZ+z2eaCCYqZRrysrKIiIiRkdHb9y48cUXX+D969WgGMchNSFP6U9+dILY2shFIuVcPiQLGOMv8SWpAwgIJ0juC6lU/FJLl/CsjaKioiNHjgwNDSGvAoAH8CEIk4CLy6ne39/P5VRnUNnRxQnGCbPiI1sy0omhxCCfc56cnFSpVAzDLC8vszn/GYZpbW3Nz8+Xaok5mEAqm71gvviDD8SqcucdeDzRQPA9BukaNuEVf1wuERbS7B4H5fTEOw65SAhT+nt1dIJghTAEi4RzrsDyJAsY4y/BJcwBBIQTJPcFg0rFL7V0MUtagMvlamhoiImJMRgMhIlzAIDDQ4yx2+0hISFccWJiQqVSYRJgsMnVFY+IiYlRKpXiN3pxDXIgZEuv4LpbLJacnBy1Ws1qxSn86quvsrm8cnJyPv/8c3zLtLS0ysrKpqamH374ga10Op0ymYzd7cHMjh9j5HI5Vz86OqpUKpG93G43l6kzLS2tt7d3bm5Oo9E4nU6lUul2u9va2k6cOMGI3tGQrrHb7YJxuXqk2T0OykHoOE4T5ArBGw0/llcrBOlcvgTCBSxWj+8vEo+QT5Ah9gUL+6WHXdUsyKWLqUeyuLio1+tlMhm+GQAI2ORnMJHZ0VdXVzd3FKkk5Bj0en1xcfG1a9fkcvnMzMyxY8fYeoPBcPXqVaPRODAw0NnZiWkpdTAB5YfU+tS/zzvw7UiCDeKnQf10UIIY5CKRci5ePZIFzPfXpuOVL8Sp+KWWLmZJC/j9999ra2v7+vrq6+v9NEdgx4IPQVK7E5hEfuLs6CQfUQnT0bN4u1c2Pz/P//xltVr5yRNjYmJaWlrYj4SYlnz4BxN4zGbP/Pt7DCWR5x/zeRx/JAHJp2bBXllXVxd+r8zjoBw+nCNAmNKfcJFI2U28SKScK5BAsoClKsWXvPoeI2VM8jMpPKbiR56pgalnGKa0tJSm6crKSkz2TACQwvP/ypDJ6jExRpwdneTtAzmQVEtyuO5KpbK1tdXpdE5MTOj1er7ChYWFERERX331FVtEtsQcTOAxmz0jijHIPP/iRPH8vXLMkQSE72h6vZ4/LlePNLvHQfm6eXuOAGFKf8JF4tUKQTrX4zkOyCHEZ1twfzDjX/IqxkgZkyE40oJFnIpfauniz9rgYzQapx8dXQMA3uL7f5e5BoIYI86OTvj2QZKO3lu47n19fenp6XK5XKVSVVZW8hXu6uqiaZrLt49siTmYwGM2e+bfMYZGHXzAwk8ULxBCeCQBxjX8/y43NTXh/7uMH1QwirfnCBCm9CdcJF6tEKllgD/HQWoIjL+kDmLwGGOk3OHxSAtGIhW/1NLFLGkA2EQ2P7d/QLGRgwb8QaDpA2wW4FkAQLJDnvMHgG2nqKhou1UAgIBjJ8eYhw8fms1mjUaz3YoAOx+VStXS0rLdWgBAwLGTz48pKSnp7u5ua2vbbkWAnQ+kjAMAJDv89xgAAABgG9nJe2UAAADA9gIxBgAAAPAXEGMAAAAAfwExBgAAAPAXEGMAAAAAfwExBgAAAPAXEGMAAAAAfwExBgAAAPAXEGMAAAAAfwExBgAAAPAXEGMAAAAAfwExBgAAAPAXEGMAAAAAfwExBgAAAPAXEGMAAAAAf/E/bP5n1wudAn8AAAAASUVORK5CYII=) \n--- \n \n**Screenshot:** ![lerobert.com vulnerability](/twimages/screen-1019985.jpg)\n\n**Mirror:** [Click here to view the mirror](<http://1019985.openbounty.org/mirror/>)\n\n### Coordinated Disclosure Timeline\n\nVulnerability Reported:| 20 November, 2019 02:01 GMT \n---|--- \nVulnerability Verified:| 20 November, 2019 02:14 GMT \nWebsite Operator Notified:| 20 November, 2019 02:14 GMT \na. Using the ISO 29147 guidelines| ![](/images/done.png) \n---|--- \nb. Using publicly available security contacts| ![](/images/done.png) \nc. Using Open Bug Bounty notification framework| ![](/images/done.png) \nd. Using security contacts provided by the researcher| ![](/images/done.png) \nPublic Report Published \n[without any technical details]:| 20 November, 2019 02:14 GMT\n", "published": "2019-11-20T02:01:00", "modified": "2020-02-18T02:01:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://www.openbugbounty.org/reports/1019985/", "reporter": "yassinehmimou2", "references": [], "cvelist": [], "lastseen": "2020-08-25T22:28:31", "viewCount": 4, "enchantments": {"dependencies": {}, "score": {"value": 0.7, "vector": "NONE"}, "backreferences": {}, "exploitation": null, "vulnersScore": 0.7}, "openbugbounty": {"patchStatus": "unpatched", "mirror": "http://1019985.openbounty.org/mirror/"}, "immutableFields": [], "cvss2": {}, "cvss3": {}, "_state": {"dependencies": 1645694852, "score": 1684004500, "epss": 1679002791}, "_internal": {"score_hash": "f548b34a03f4dbed85246cd882eb3d6e"}}