logo
DATABASE RESOURCES PRICING ABOUT US

amediateka.megacom.kg Cross Site Scripting vulnerability

Description

Open Bug Bounty ID: OBB-1028385 Following coordinated and responsible vulnerability disclosure guidelines of the **[ISO 29147](<https://www.iso.org/standard/45170.html>)** standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence. Affected Website:| **[amediateka.megacom.kg](<https://amediateka.megacom.kg>) ** ---|--- Open Bug Bounty Program:| **Create your bounty program now**. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| **[XSS (Cross Site Scripting)](<https://www.owasp.org/index.php/Cross-site_Scripting_\(XSS\)>)** / CWE-79 CVSSv3 Score:| 6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N] Disclosure Standard:| Coordinated Disclosure based on **[ISO 29147](<https://www.iso.org/standard/45170.html>)** guidelines Discovered and Reported by:| **devl00p ** Remediation Guide:| **[OWASP XSS Prevention Cheat Sheet](<https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.md>)** Export Vulnerability Data:| Bugzilla Vulnerability Data JIRA Vulnerability Data [ Configuration ] Mantis Vulnerability Data Splunk Vulnerability Data XML Vulnerability Data [ XSD ] Vulnerable URL: ![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAAA3CAIAAABVZQ1/AAAACXBIWXMAAA7EAAAOxAGVKw4bAAAVTElEQVR4nO2df0xT1xfAK1Z81PLDCpUfdQIaZIQw5tChU0fQKWGd6RgiM0wQjaJxaIhzgswxdMwhGuccIU4NGqLGGNcQYphhxnSGTMRaGbKuQVZqrUyxFq1dpaX9/nG/u3l5v1ooLU7O56937zvv3nPuve+dd+9777wJTqeTBwAAAABewG+sFQAAAABeWcDHAAAAAN4CfAwAAADgLcDHAAAAAN4CfAwAAADgLcDHAAAAAN7i5fUxMTExt2/fZksC4wfo+v8Q0FkAhZfUx/z+++8Oh+ONN95gTALjB+j6/xDQWQAdFz6mt7c3MDCQcdfAwMA333zDlvSQxsbGlStXsiW9Sm9v79SpU3mctmNcWu1OIeOBEbcDd9e/JM07AjWePHmybt26sLCwqKiozz//3GazDatkPEpHBVyLh8VydJZvDGHj2bNn27ZtmzlzZkBAwJw5c7799tuhoSEO+d7e3gkkZsyYUVpaivqIbAhZbOLEiTExMXv37sUlj+4l8b/LyOcxJpOpqqqKLekhY+hjMDNnzuzv7+eWGV2rATpj0vU+oKCgYHBwUKVSXblypbW1dc+ePYxi7gzClweOzhpbQwoLC3U63eXLl3U6XW1tbXNzs1Kp5D5EKBRarVar1WqxWC5dunT16tXKykoezRAsZjab5XJ5U1MTviDAxeH/ODnRarVCodCdXRySw8VgMISEhAwODjImvY1Wqw0JCXFfmNvqUWyW/zQjaweXXf+SNO9w1bBYLBKJxGw2o2RbW9vs2bOHW6P7o9Qler1+7ty5aGP+/PkjK2Rk5+noGsKIxWLh8/kmk8n9Q+gdeu3atfj4eHfEEhIS2PaOT9yax3z33XcxMTHTpk375JNPBgYGeDzewMBAdHS02WyeMGHCqVOnyMlDhw4FBgYeOHBg+vTpU6dOzc/P/+eff1A5N27cWLx4cWBgYFRU1EcfffTHH38wVtfY2Lh8+fJJkybRkzdu3FiwYEFAQEBYWNiqVavu37/P+3f2evDgwZiYmClTpqxevfrx48efffZZWFjYtGnT1q1b9/z5c1TUixcv1q9fHxgYOHPmzC+//BLPau/fv79ixYrAwMA5c+acOXMGZZInxYz1UhqBo3zEnTt3pk2b9uuvv3KUScZzux48ePD+++8HBgbGxMQcPHgQL0owVj00NFRaWjp9+vQpU6asWrXq8ePHSPj58+ebNm0KCwubMWPGV199NTQ05L5ijFDagU1JctejGhkHFQW6aT/88MOKFSuwwO7du/Pz89kaDVX0zTffhIWFRUREnDhxgt4jbGrQTxM2+YCAgHv37k2ZMgUd2N3dHRkZuXr16q+//hqXtmDBglOnTpEHIeMo5eh9esex9UhUVNTNmzfRxvXr11Hmzz//zCbPKIA7yzeGuFQPyzgcDh6Px+fzGWXYhj0FgiCsVivP1booQRB2u51Huzi4o+0rC7cL0mq1PB6voKDAYDB0d3enp6cXFRWhXWq1Gs0T7XY7OdnT08Pj8bKzs3U6XXd3d2JiYkVFBTpELBYfP37caDT29PQcOnSop6eHsdLMzMyGhgbGZF1d3cmTJ00mU19f3/bt22UyGVYyLy9Pr9drNJpFixaFhoYinTUaTVpaWnFxMTq8rKwsNze3p6enq6srLS3t6NGjKF8mk5EVRjdW5NsQxnrpjUAvHxdiMpni4uKOHTuG7WIrk9L4ntiVlZUlk8n6+vq6u7uTkpLwDSNj1VVVVSkpKR0dHXq9vri4WKFQIOHCwkKpVKrT6To7O+fOnXvkyBH3FSPbwtYObEqSux7VSB9U9FtFuml6vZ4giKdPnyKBxMREuVzO1mioorVr1/b19TU3N6vVanqPMKrBeJqwyZNRq9WRkZFtbW0XLlxISUlBmQaDgSAIk8lENpBxlHL0Pr3jUH4oDScT4eHh6enp7e3t9F1tbW3p6enh4eHkTNxZvjGEQz26hitXrpRKpdeuXcNzRwzjsKeMK5PJJJVKt2zZQtlFEXv48GFGRsbOnTtRknxx4Nb21cYtH4PPz9bW1tjYWLyLca0MHaLT6VD+xYsX0YAzGo18Pt9qtdJr0el00dHRaNtsNguFQqPRyJgk093djcYQqhHPha9du+bn52exWLDOeCEiNDQUDzKVSoWWBex2O0EQZIXpPoaxXroMvXwskJmZicYoI+QyMaNiF3bk2C62qsVisVKppOy12+1CoRAX0tjYmJqa6r5iZFsY24FDSXLXsw0q7uUIbFpqauqFCxewPBqEjI2GKmIcb9xqMJ4mbPIYvV4fGxt77tw5p9NpsViCgoKQcG1t7cqVK8kGso1SNkMYOw5XSoHRWLPZXFVVJRKJcnJyNBoNytRoNDk5OSKRqKqqiny9JneWbwxhVI9Nw6dPn+7atSsuLo7P58+ePbuiogLdFDpZhj3qOOyD/f3916xZg0qj+BgsJhKJCIIoKirClziyJJu244HhPY8hL55y+BiCIHB+V1eXWCxG27m5ucnJySUlJTU1NVevXsUydrvdYDCg7YsXL6anp+NdlKRSqVy2bFlkZCTqVEZnQFnhxUmj0UgeNyKRCCmGbrXICtOLZayXIsNYPhIoKyvz8/M7efIkuW3ZynSn8d20y9/fn24XY9Umk4nP5+MTD0MpRKPRhIeHu6kY3RZ6O3AoSe56tkFF9zGMrbp///6CggKn03n06NGcnByORuN2Wm6qgVuA41xApKam4umF0+nMzc1FyWXLluEJHCqZbZS62fuo49js4sBoNMpkMj6fj5J8Pl8mk9GfbVDOU58ZQlGPQ0OE1WptbW1NTU0tLy93Op1sw16r1QoEAuSA6+vrw8PD8S0UxcdgMYPBQCmHPpbo2o4HfPp9zNmzZ48fP56UlDQ4OFhSUvLpp5+i/IkTJ0ZERKBt7jfKZDLZkiVLFAqFSqW6dOnSsGq3Wq1+fn7t7e0qlUqlUnV0dKhUKjePdadetvItFsvFixfPnTu3a9cutEzvuS0e2sVW9cSJE0eshkvY2oGNkb1RxmhaVlYW2m5qasrKyuJ5NhhGiwcPHnR0dOCzgMfj5eTkyOXyJ0+etLW1uWn7CAwJo8Emeffu3a1btyoUCvRKFY/Hq6ysVCgUW7ZsuXv3LlmS0lm+MYSuHoeGiMmTJy9YsODIkSPnz5/HmYzD3s/PLyoqKioqKj8/PzQ09Pjx44w6YLGIiAju04dR23EBtwsa2TyGR1ofkMvllPUBhEqlkkgklEy73R4aGornxZTkw4cPybcAKpVqWPMYp9MpFAoZl4PIk3e5XE4plq1eetX08rVaLZ/P7+rqcjqdUql069at3LZQjvXcLq1Wi5J4UYKtarFYrFKp6IUwrpWNYB7D2A5sSlK6nm1Q0RfE2Vo1MTGxpaUlJCQEr2gxNprLeYw7apDnMRzngt1upzyStFqtIpHo8OHDWVlZFH3YRimbIZ6vlRUVFQmFwpKSkv7+fnJ+f3//9u3bhUIhfjRL6SzfGMKmHqOGlMcwCoUCr/kzDntKh547d04ikaBFMI7nMRyFcGj7yjNyH2M2m/l8Pl5bxEn8nFOv13d2diYnJ6PnnF1dXRkZGVeuXOnv79fpdBs2bJBKpbhk1H8KhSIxMRFnUpJOp1MsFtfW1ppMJo1GI5PJhutjioqKUlNTOzs7DQZDdXV1ZWUlykcPIbHC9GIZ66U3Ar18ciFqtZogiI6ODu4yGddzR2ZXdna2TCbTarWdnZ3kx+mMVVdVVc2fPx89/EQ3XEh4w4YNK1eupDzzd9/H0M9MSjswKknperZB9fTpUz6fr1arycvrjK26Z8+epKQk8pBjbDTGqwa5RxjV4PYxdHl6yZg1a9YEBQWdP38eF0V5VE4ZpWyGMHacczjk5eVh309Hq9Xm5eWhbfp56gNDuNUja6hWq8Vi8bFjxwwGg8lkQtpWVVUhMcZhTx8GCQkJdXV1zuH4GPLFwaW2rzAj9zFOp7OiokIgENTX15OTBw8eFAqF+/fvF4vFISEha9euRUuZg4ODFRUVcXFx/v7+YrE4Ly+vr6+PUsuOHTvKyspw+ZSk0+lUKBQpKSkEQYSHh5eUlAzXx1it1u3bt0skEoFAkJmZiW+O9Hr98uXLhUJhXFxcTU0NvVjGeumNQC+foltxcfGSJUvctMVzu/r6+qRSqVAojI6O3r9/P5ZnrNput+/cuTM0NJQgCJlMhm+4zGbzxo0bQ0NDJRIJeljqvmLk2S1bOzAqSel6dDh9UDmdzl27dpEHIVtPoYUXLMbWaPSrBr1H6Gpw+Bg2tenthpDL5UKhkHH1n3GUcvQ+veOc3oF+nr5shly6dCktLS0oKEggECQlJZFfa2Qc9vRh0NDQEB0dPTg46L6PcdKukOMTFz5mBLhsdw7i4uJ+++03tiTgCehubqy1cAFWktL1ngwqhNlsJgiC7YUxNxmuGp6r/Z8AzlOAA+bvksaKP//8kyMJeIJKpYqNjR1rLVyAlRz1rr98+fKiRYt8EBprHALnKcDBWMZdvn379ubNm8dQAR9js9k+/vjjv//+2015z8Ok792798SJE48ePbp+/XpZWVlRUZEnpXkJHyg5MDCA3loe9ZIBAOBmLH1MQUFBdHT0GCrgYyZNmuTv779jxw53hEclTHpaWlptba1EIsnLyysuLkYxVF42fKAkfhwy6iUDAOCCEayvjXiVGQUiRdv9/f1+fn70l45colarMzIygoKCxGJxYWEh+WMrq9Wam5vrsihcndFozMvLE4lEkZGRO3fuROH8Rn0NnfItp5ufwu3btw+/4MtGfX19fHw8QRDx8fHcbw25Y9RoDQ8AAACMT+cx5GDXZrNZIBBMnjx5uIVkZmZKJBK1Wq1UKq1WK15aefHiRUZGBgpIxw2Ozl1YWOhwODo6OlpaWhQKhQ8CcYtEIrPZ7I6kyy8Qf/zxx/Ly8pqaGr1eX1dXd+TIkb1793qiGwpRrlarQ0JCrP/iSYEAAAA+ncewvfaHQ4u7xGq1Hj58GH9G19HRgT/k1Gq1+/btc183q9VKjviNg3KP+jyGbJ2bhbsTJl0ikVy+fBknlUqlQCCgh/wbVr1OlhdqAQAARobreYzLEPRuxkinR8LH4NDiPB7vww8/PHDgANq+ffv25MmTcdyRTZs2lZeXb9u2DcXWttlsDQ0N6enpaO/MmTN3795N0Y0xVDvKtFqtDofD398fSRIEYbFY6OYzhv5mi5rO2BRk6zggR/+m/M6A/kOEgYEBvV6flpaGD3nzzTevXr3KZjKlQdwJks+oGAAAwLBw7WOUSuXGjRv7+vo6OzslEsnWrVspApWVlRaLpaOjo7m5WaFQ1NXVoXyz2axWqzs7O+vr6xctWhQcHIyDXefl5bFVJ5VKW1pa0HZTU5PD4WhubkbJlpaWzMxMtP3TTz8JBIK2trZjx45x609RA+cHBwfPnTu3rKzMZrM9e/asoqIiJSWFfnh1dXVLS0tLS4tGo4mMjOzq6uLxeMXFxQaDQalUNjc3NzY21tbWcjcFNzdu3Fi6dGlBQQHOIS+USaXSgoICnU537dq1RYsWEQSBjCIIAv9iBzFv3jz0SxI2k3GDtLW1tbe3t7e3K5XK6upqbvUKCgqWLl3qjpsEAACgMqxZDwqWTll4cT9GujufyBoMBoFAgN4FmD9/fklJyZo1a5B8UFAQXj6yWCwoJgQK8MBYhUs1urq6kpOT/f39BQIBj8dDS0+UEuihvzkiQTE2BYd6jHHIyWHS2X6IwLH2xW2y1lW0efpa2XgOSw4AgIe4/gbz1q1bO3fu7OrqGhwcdDgc6KdymCdPnvT39+NXkB0OB/7fnFAoHMEnbxEREXFxca2trQkJCQaDYc+ePXFxcUNDQy0tLcuWLcN37gEBAYsXL66uri4vL9+0aRNHgRxqvP7667du3RoYGDh58uSZM2fee+89isDAwIDRaExKSiJnPnz4cHBwMCYmBiXj4+PRhZujKdhISEiQSqU9PT3BwcE48/Lly/Pnz0c6T506NTs7OzU1NT09PTIyMiUl5d133+XxeCgg+QhM5vF4BEHMmDEDK6/T6biVnDJlSmlpaVFRUWFhYUJCgs1m45YHAADAuPYxMplsw4YNdXV1BEHo9fqMjAzyXhyRG19P/fw8fVctMzOzpaWlp6dHKpUGBwcnJycrFAq0UGaz2VQq1bx585BkbGyswWDwsDqBQHD48OGjR4+yCbgZ8X4ETVFZWVlTU7Nly5bKyspZs2ahTMobZWfPnr158yYKFFhSUrJw4cLvv/8eLTnabDbyctnNmzfj4+PdUXW43L17d8+ePeMxLDkAAJ7h4iL46NEjg8HwxRdfzJo1KyoqCj0MIBMRESEQCIxGY9S/4D/BjBj0SAZfamUymVwuv3r1amZmpsPhWLhw4ZMnT5CkRqN57bXXPKyuvr4+NDT0gw8+oO8KDg4WiUSUj+3FYrG/v/9ff/2Fkmq1Gs1dRtAUpaWlGo1GLBYnJyejkAdDQ0NNTU2Ut5bfeuut/Pz80tLSkydPyuVypJhEIlEoFFjmzp07S5Ysccdeq9V67949tO1OA27evDk5OTk8PFyj0ZSWlrpTBQAAwP9xuZpGD5ZOCajufox0crBrnU5H/h0evVKxWIyeQ+j1+qCgoOTkZLRLKpXm5ubq9XqVSpWQkFBbW0s+kP48hq4GOdNut8fGxjY2NuK9FOsYQ3+zRU1nC06O6e7uZnwzGMchp4RJ5/ghwrFjxyQSSVNTU39/v0KhSEhI2Ldvn0uTXUabpz+PGc9hyQEA8BDXPoYxWDo5oLqbMdIRONi11WolCILtGfKaNWuys7NxMiUlBQcPf/jwYW5ubkhIiEQiQVdVMsP1MadPn6Z/mkO2jjH0N1uwcbbg5JgLFy4kJSUxmoyghEnn+CGCk/Sdf1xcHPZzLn0MR7R5J3wfAwDAqDLByRJExAds27ats7Pzl19+8XG9vb29iYmJz54983G9L168iI+PLy8vX79+PZvMnDlzTp8+/fbbb3tJh7GyHQCA8clYxvavqanx/U/Ux5DJkyc3NDS88847HDIQJh0AgFeJsYy7PGnSJPyGmM+w2Wytra0SicTH9SK4HQwAAMArxsv1jzIfsHHjxsbGxuPHj4+1IgAAAK8+Y/k8BgAAAHi1Gcu1MgAAAODVBnwMAAAA4C3AxwAAAADeAnwMAAAA4C3AxwAAAADeAnwMAAAA4C3AxwAAAADeAnwMAAAA4C3AxwAAAADeAnwMAAAA4C3AxwAAAADeAnwMAAAA4C3AxwAAAADeAnwMAAAA4C3AxwAAAADe4n/6C1le7glmnQAAAABJRU5ErkJggg==) --- **Mirror:** [Click here to view the mirror](<http://1028385.openbounty.org/mirror/>) ### Coordinated Disclosure Timeline Vulnerability Reported:| 2 December, 2019 08:59 GMT ---|--- Vulnerability Verified:| 3 December, 2019 07:06 GMT Website Operator Notified:| 3 December, 2019 07:06 GMT a. Using the ISO 29147 guidelines| ![](/images/done.png) ---|--- b. Using publicly available security contacts| ![](/images/done.png) c. Using Open Bug Bounty notification framework| ![](/images/done.png) d. Using security contacts provided by the researcher| ![](/images/done.png) Public Report Published [without any technical details]:| 3 December, 2019 07:06 GMT