Open Bug Bounty ID: OBB-1023605
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:
      a. verified the vulnerability and confirmed its existence;
      b. notified the website operator about its existence.
Affected Website: |
pdkamnik.si |
Open Bug Bounty Program: |
Create your bounty program now. It’s open and free. |
Vulnerable Application: |
Custom Code |
Vulnerability Type: |
XSS (Cross Site Scripting) / CWE-79 |
CVSSv3 Score: |
6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N] |
Disclosure Standard: |
Coordinated Disclosure based on ISO 29147 guidelines |
Discovered and Reported by: |
Dipu1A |
Remediation Guide: |
OWASP XSS Prevention Cheat Sheet |
Export Vulnerability Data: |
Bugzilla Vulnerability Data |
JIRA Vulnerability Data [ Configuration ] |
|
Mantis Vulnerability Data |
|
Splunk Vulnerability Data |
|
XML Vulnerability Data [ XSD ] |
|
Vulnerable URL:
![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAAAjCAIAAADNIk3yAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAIkklEQVR4nO3cXUhT7x8A8KNOnLnNhjrfJr6wVERshKwFaiJSMoZMU4IyKgqTWF0Iir1Q4YWGUhSEdGGRXVQXJSIiEiNijREqdlxr2Yhwh7lC5nK2bA3d+V8cOBzO25Z1XL/+38/Vnud8n7fvOfngc2ZxOI4jAAAAgADiYz0BAAAA/yzYYwAAAAgF9hgAAABCgT0GAACAUGCPAQAAIBTYYwAAAAjlr9hjCgsL5+fnuYpAIJBnAIDQYr/HvH37NhwO7969m7UIBAJ5BgBsgwh7jMvlkkqlrJf8fn9/fz9XMXrj4+ONjY1cxb+Ey+WSy+UIb0IEGpccbstDszbc/jz/Tuq2Oe0AgD9l67/HrK6u9vX1cRWj95/YY2IlPz/f6/UK0QnkGQCwDWJ8Vvb582en01lbW8taBAiCJCUl/fFOIM8AgO0R1R5z+/btwsLCtLS0Y8eO+f1+BEH8fn9BQUEgEIiLixsZGaEWb968KZVKBwcHMzMz5XL58ePHf/z4wdXz+Pj4gQMHEhMTacWmpqbBwUGicn5+PikpiRgXQZAzZ87s2rWL52pXVxd/866uLnICxCEM62yXlpYOHjwolUpLSkoePXrEnPy7d+/S0tJevXpFFGdmZvbt25ecnJyRkdHa2rq0tET2f+PGjcLCwpSUlMOHD6+srHR1dWVkZKSlpZ08efL79++0MLlcfvToUWLCXGdEtKGpZmZmqqurpVJpbm7uoUOH3r9/z+yEmnZmPIIgP3/+PHXqlFQqzc/Pv3r16ubmZsQ19vf3Z2RkZGdn37t3D0GQzc3NCxcuZGZmpqSktLa2rqysED0wnyUqntvB2pY/HgAQc5H3mEAggKKo1Wqdnp72eDw9PT0IgqSmpi4sLEgkkmAw2NbWRi02NTUFAoHp6enZ2dnZ2dm5ubmBgQGuzrkOyvR6vclkIionJibC4fDU1BRRNJlMBoOB56pOp+NvrtPpaAtkna3RaJTJZA6HY3JykrnH+P3+5ubm69evV1dXEzVzc3Pt7e1fvnyx2+1KpdJoNFITaLFYUBT1eDylpaVer9dms71+/XpxcfHixYtkmM1mI/KMYRhZz8Qcmkqv1584cQLDMIvFUlVVJRaL+dPOGt/b27u+vm6z2aampsxm8927dyOucWFhwW63P3jwoKqqCkGQgYEBk8lkMpmcTmdOTo7D4UA4niUartvB1Tb6hw0AEAM4r8XFRQRB1tbWiKLVai0qKiIvSSQSaiRRJJpgGEbUj46OVlZWEp8xDCsoKCCbBAIBiUTi8/mYRY/Hs2PHjmAwiOO4RqPp7Ow8cuQI0blMJsMwjOdqKBTibx4KhWgLZM52Y2NDLBZT63fu3Eldpk6nO3v2LFfePn78mJWVRfa/urpK1Fsslvj4+PX1dTKfKpWKmWeLxULkmZrkaIb2+XwikYhYOPPWMPPMGo/jeHp6eiAQID6jKKrRaCKukbyPBIVCMTc3R5sG17NEi2HeDq62PA8bAOBvIIq4CUkkEvKkJScnx+fzRWwiFovz8vKIz6WlpRiGkc2tVisZ9vz5c41GQ3xfi1bMzs4uLi62Wq1lZWUej+fKlSvFxcWbm5smk6m+vj4vL4/namJiIn9z8miOZ7bLy8sIglDrqU0uXbo0NTU1PDxMrXzz5k13d7fD4QiFQuFwOBwOkwlMTU0lPiuVSplMlpycTCaEfBtPzbNSqeTKM+vQJLlc3tLSotVq6+rqcnJyKisr9+/fT4uh5pk1/uvXr16vt6CggIgPh8MikSjiGsn7iCCI3+/3+XwVFRW0oaN5lrgeHq62XPEAgL/Btr7zT0hIyM7OJov83yjT6XQmk2liYkKv16empqrVarPZTJ508V+NJmDL1tfXR0dHnzx50tPTQ32jYDAYampqzGYziqKTk5O/OcovDU31+PHj4eHhioqKUCjU2dl57tw5WgAtz8z4YDAYHx8/OzuLoiiKojabDUXRLawxISHhN9YKAPgn8P+awzwQI46MWC+xnpWNjY2xHl9sbGykp6d/+vSJtYjjuNVq1Wg0jY2Nk5OTOI4PDQ2dP38+KyvL4/FEvBpNADlt1tnSzsrGxsbIszKRSORwOHAc1+v1RqORCFheXhaJRGS3KIrSztaYCaQWucJoZ2WsQ/NAUVSpVFI7YeaZGY/juEQioZ10Rb9GgkKhQFGUWsOfCrKS9Xbw5Ceahw0AECtb32MCgYBIJHI6nbQi8c++paXF7Xbb7Xa1Wn3t2jWyB/Lo32w2l5eXk/W0IkGhUCgUCqKJ2+2WyWRqtTrKqxEDiHqe2RoMBmo98+fpwsKCWCy22WzkcENDQ6urq06n02AwCLHHcA1NZtXhcDQ0NLx48cLr9WIYdvr0ab1eT21IyzNrPI7jHR0dWq3Wbrd7PJ6BgYHe3t7o10jo6+vTaDQ2m83tdhuNRrPZzJMKcv5ct4N/j+F62AAAMbf1s7KUlJTLly+r1eqRkRFq8dmzZxKJpLKycs+ePVVVVRUVFd3d3UQTl8uVnp5OfI7mTy/r6+tramqIv+3Izc0tLi6mnnTxX+UPoM6Ea7Z37txZW1srLS1tbm5ua2tjZqCkpKS9vZ38btXTp0/v37+flZVVU1NTVFT0ywn9FdShqWtRqVRarbajo4N4uRIMBmlvbmh55oq/deuWVqttaGhQqVQvX74klx/9Gru7u2tra+vq6lQqldvtLisr44qkzh/hvh1cfjUeALCd4nAc/7M9ulyu8vLyb9++8YeVlJQ8fPhw7969rMVtE+Vs/xmxynOUfvV2/L/dPgD+cyJ/r0wgHz584CkCgUCeAQDbKfb/7zIAAIB/FewxAAAAhPLn38cAAAAABPg9BgAAgFBgjwEAACAU2GMAAAAIBfYYAAAAQoE9BgAAgFBgjwEAACAU2GMAAAAIBfYYAAAAQoE9BgAAgFBgjwEAACCU/wFf5/V0Cs+pnwAAAABJRU5ErkJggg==)
HTTP POST data:
![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAAAjCAIAAADNIk3yAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAM5ElEQVR4nO2cb0xbVRvA72rBjrYO+m8d1AhzwSUuyMgkbDIzN7I1DVkadKhb3aoSxNoQRtCwarA2hBHEL0aXfZimmmXuw0JIsxhciH8qWZB1teu6ig3OrumaCm1D5x3rGPO+H8773vd6e+/tH1oY4/l96jn33Oc8f87tc89zb7uGIAgMAAAAAPIAb7kVAAAAAB5aIMcAAAAA+QJyDAAAAJAvIMcAAAAA+QJyDAAAAJAvIMcAAAAA+QJyDAMVFRVXrlxZbi1WAOCojLhy5crbb7/NMeDevXuvvvrqX3/9tWQqAUC+gRxD5+rVq//8888zzzyz3Io86ICjMkWv15eXl3MMKCgoKCws7OrqWiqNACDvpMgxN27cEIvF2R1dYkhlbty4UVJSkrUcm822f//+XCnDQTweP378+OKFHz16dO3atV999VUWohZDdo7K4ZpZZKCXAGqIo9Go2+3u6OhAzZmZmUOHDkml0rKysqNHj969exf1d3R0jI6Ocov96aeftm7dKhQKt2/ffvXq1cVoGI1GX3vtNblcXlZWduzYsXv37uV2Cjb5wCqCSEUikWA75Pf7RSJRSglLA6mM3+8vLi7OWk5tbe2FCxcWrw+H3xCL8R4pPBKJ8Hg8l8u1sLCQnaisyc5ROVwziwz0EkA1lma4Wq1+4403QqHQ1NTU7t27u7q6GIcxolQqh4eHY7GY2Wzetm3bYjTUaDQHDx4MBoOTk5N1dXUffPBBbqdgkw+sHlLnGA4eqBwTDAZramrQh9ra2uyEhEKh4uLi+fn5nKrGTE68t1whyNpRkGMIgsBxXCAQ4DiOmhMTE5s2bUoexoZMJgsGgwRBnD9/vqqqKmv1cBzn8Xizs7OoOTY2VllZmcMpOOQDq4cMamWXLl3auXOnWCwuKyt78cUXf/vtN+rIa9euSaXSn3/+mRy8ffv2tWvXyuXyAwcO3Lx5k5T2ySefVFRUlJSUHDp0KB6Po/F379598803xWLxE0888eGHH96/fx/1379//9ixY+vXrxcKhQcOHIhGo2yqlpWVXb58GX345ZdfUOd3333HbSBtgM1m27t3b0FBAZu9yfogo44fPy6Xyzds2PDFF19g/y7cicXijz/+eP369SUlJUeOHLlz5w6GYfF4vLy8HMfxNWvWoDJX+qqSwqPRKFUIoybJgaBGQSgUvvzyy9Fo9N1335XL5VKp9PXXX799+zZ3UGiOun379ltvvSWXyx9//PGPPvoIDeOINRXGcxnVRv03b97ct2+fWCx+6qmnzpw5w+EuNs8zeimlCRyOSj/EJEKh8M6dO0KhEDXn5+cLCws5Ik7DYDBoNJp33nnHZDLRnPDnn38KhcJff/0VLY+SkpIffviBzUWRSKSoqGjdunWoqVKppqenU07x+eef79u3j2y+//77R44cyVQ+sHrI4Jl/Y2OjXq8PBAJjY2P19fUCgYA8FI/Hm5qa+vv7d+7ciXqcTmdra2s4HPZ4PCqVymg0on4cx91u98WLFycmJgKBgMlkQv0Wi2Vubs7tdo+MjNjt9pMnT6L+gYGB0dHR0dFRn89XWlrq9XoxDJMnwaazXq/fs2cPyj00Ll26tGfPHr1eT+2kPmNgtJdRHxzHJycnPR6P1Wqtr6+nTYTj+MTEhMPhcDgcTqdzYGAAw7B169ZNTk6KRKJEIqHT6bJQFcMwqVRKE5KsCWMgcBx3uVxjY2MulysUCm3evDkSibjd7vHxcb/fnzIoNEe1t7eHQiGn0zkyMmKz2U6cOEEazhhrKmznsq0fo9H42GOPeb3eb7/9lvrdx7gkGD3P6CUOE9JxVJohZqO3t/fw4cPJ/WxLQiQSXb9+3Wq1joyMPP3009RDFRUVJpMJPfXp6enRaDQvvPACm3844JhCq9Xa7fa///4bNW02W1NTUxZTAKsF7m0OuXOPxWJ8Pp/2jIE8qtFoDAYDm5CpqSmlUonGYxh269Yt1D82NrZx40b0WSaTkaUDl8tFFrsUCoXT6aQJDCbBNjWO4319fRKJpLm52efzoU6fz9fc3CyRSPr6+shJ0WCRSBSLxdjsZdQHGYXOSvYMOhoIBFD/0NAQWd2mVUXSV5WtAsOoCRUUCDSMWsHg8Xhzc3OoefHiRbJuwxYUqqMWFhbQ9xE6ZLPZ6urqCPZYUxVmO5dRbTReIBBQnUnWypKXBJvnk73EbUJKR6UZYrYimNlsbmhoIB+n0UpqyUvi1KlTVVVV4XB4165darUa+UehUJAC5+fnN2/ebDabZTJZOBxm80+ySmTtMeUUdXV1586dIyWgy4QxBIzygVVFujmGIIhXXnmlurq6s7NzcHDwxx9/JI+aTCYej/fll19ST3Q6nQ0NDaWlpTKZTCKRoLXFtuZisRiGYbL/IZFI0IKenZ3l8/mLf5odi8W0Wi2fz0dNPp+v1WrJ7w6SoaGh3bt3k81kexn1YfzuoOYYgUBA9nu9XvJaZTwxHVU5ckyywORAcF/5KYNCc1QoFCosLCRP9/l85P0E4yzUfrZzGdVG42nO5PjOYvN8spcyNSHZonRCzBid4eHhjRs3RiIRqljaMNqSIO9yQqGQTCbr6+sbHx+vrq6mnoLeTPv000/ZnMM4F2lRyin6+/v1ej1BEJ999llzc3Om8oFVBT/9Hc8333xz+fJlj8cTCoU6Ozt37NjR1dU1Nzc3NDR09uxZo9HY1NRE1l61Wm1LS8vJkycFAkEwGFSr1RySE4kEj8dzOBx8/n/14fH+X8R75JFHaOOTt+EzMzNswv/444+enh673W6xWFCPxWIZHBw0GAwWi+XJJ58kR9Jexk22t7e3l1GfXJG+qumTUSCocAQlJ693c5Op2slLwuFw5E273HDt2rW2traRkRGpVMo2hrYkZmZmYrHY1q1bMQzbsGGD1WrVarUOh4NWoQ2HwzweLxwOkz3pXzLpTNHU1ISa58+fJ0u4KzEEwFLAnYLYNvgul0ulUvn9fj6f7/V6CYJobGw0Go3o6PT0NHnbhQZz72MIghCJRMk1MYIgFAqFy+WidaZfK2traxOJRJ2dndRbRYIgIpFIR0eHSCRqa2tDPQsLCzKZjCyYMNrLqE/KfQxGKaQMDw+z1crSVzX9fQxjINK8PSdYgkJzFEehKeU+hu1ctvVDq5UNDw+nXysjPZ/spUxNSLYonRDTpMVisU2bNp05c4bmXuqw5CWBPEDWzQiCaG1txTDM4/GQPbOzs0ql8uzZsxKJBF2bjP4hWN77SmcKgiC2bNkyOjpaXFxMlkOTp4D3ygAi/VqZ1+tVq9Xff/99JBIJBAItLS2NjY3U62FyclIgELjdbtRUKBQnTpyYnZ31+XxarTZljmlra6urq0ObhoGBAYvFgvr7+vpqa2vdbncwGDQajXa7PSPzdDqd3+/nsE6n06HPdrt9y5Yt5CFGexn1SSfHvPTSS8Fg0OPxVFdXm81mNAbHcT6fT17M6auaUa0sORDp5xjGoNAcRRBES0vL/v37A4GAx+OpqalBJRq2WW7dusXn8ycnJ1HJkfFcRrVRv1arpTqTu1bG6HlGL2VkAq2ZZogDgQBZUltYWGhoaGhvb09QQIempqbIWRiXhMFg2LFjh8fjiUQiVqtVJpMplUrq704MBgOqX/X29u7atYvNPwi1Wq3T6UKhkM/nq6+vR3JSTkEQRE9PT1VVFbooMpUPrCrSzTHz8/Nms7mysrKwsFChUOh0unA4TLsI29vbn3/+efTZbrdv27ZNIBAolcrOzs6UOSaRSHR0dKhUqqKiIo1GQ71Nfu+992QymUAg0Gq1tHv8HNLV1WUymcgmo72M+qTMMSKRqL+/X6FQFBcXHz58mHxoTBCE2WwuKiqyWq0ZqZpRjkkORPo5hjEoNEcRBIHjeGtrq0wmU6lUZrMZJQ+OWbq7u0mrGc9lVBv1B4PBvXv3ikSiysrKwcFB7hzD6HlGL2VqAvHvHJNOiBOJBLk/QGmJCin53Llz3L9HSSQS3d3d5eXlAoGgpqbm9OnT169fLyoqQrdfDodDJBKhTVUikSgvL//66685pE1PTx88eFAikZSWlnZ3d6MfPHFPgXC5XBiGpVy6jPKBVcWifoP5MFFZWTk+Pp5zsWzFxpVLnhyVc5bM8+lP1N7eTn2pJBmUFU6dOpUj1fII+hkpx0uMAIDI4Jn/w83vv/++3CqsDMBRWTM4OIhu/9l49NFHT58+/dxzzy2ZSllz4cKF+vr6B/z/4oAHAfjfZQBYIgoKCp599lnuMSsiwcTjcfTW8nIrAqwAIMcAAJAZ5JOn5VYEWAGsIQhiuXUAAAAAHk5gHwMAAADkC8gxAAAAQL6AHAMAAADkC8gxAAAAQL6AHAMAAADkC8gxAAAAQL6AHAMAAADkC8gxAAAAQL6AHAMAAADkC8gxAAAAQL74D1ltZLywKbpEAAAAAElFTkSuQmCC)
Screenshot: ![pdkamnik.si vulnerability](/twimages/screen-1023605.jpg)
Mirror: Click here to view the mirror
Coordinated Disclosure Timeline
Vulnerability Reported: |
26 November, 2019 03:29 GMT |
Vulnerability Verified: |
26 November, 2019 03:37 GMT |
Website Operator Notified: |
26 November, 2019 03:37 GMT |
a. Using the ISO 29147 guidelines |
![](/images/done.png) |
— |
— |
b. Using publicly available security contacts |
![](/images/done.png) |
c. Using Open Bug Bounty notification framework |
![](/images/done.png) |
d. Using security contacts provided by the researcher |
![](/images/done.png) |
Public Report Published |
|
[without any technical details]: |
26 November, 2019 03:37 GMT |