Open Bug Bounty ID: OBB-1035843
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:
      a. verified the vulnerability and confirmed its existence;
      b. notified the website operator about its existence.
Affected Website: |
savygamer.co.uk |
Open Bug Bounty Program: |
Create your bounty program now. It’s open and free. |
Vulnerable Application: |
Custom Code |
Vulnerability Type: |
XSS (Cross Site Scripting) / CWE-79 |
CVSSv3 Score: |
6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N] |
Disclosure Standard: |
Coordinated Disclosure based on ISO 29147 guidelines |
Discovered and Reported by: |
geeknik |
Remediation Guide: |
OWASP XSS Prevention Cheat Sheet |
Export Vulnerability Data: |
Bugzilla Vulnerability Data |
JIRA Vulnerability Data [ Configuration ] |
|
Mantis Vulnerability Data |
|
Splunk Vulnerability Data |
|
XML Vulnerability Data [ XSD ] |
|
Vulnerable URL:
![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAAA3CAIAAABVZQ1/AAAACXBIWXMAAA7EAAAOxAGVKw4bAAAQwklEQVR4nO2df0xbVRvH71iHBcrGj1IYdIGShS2EMLMQZAlDZIsu2JCGMZhaB5tECWGIRKeDBJEpmyhkEiTLwswgJhKDhBBicCEzqYRsDFlFRIZdhYpQkR8FCyus475/nLw313vPub1AS3F7Pn/1nHvPc57znLM+67mX79lG0zQFAAAAAC7Aw90OAAAAAI8tkGMAAAAAVwE5BgAAAHAVkGMAAAAAVwE5BgAAAHAVkGMAAAAAV7ElcoxKpfrpp59IRcBZQGABANhk3J9jfv7559XV1QMHDmCLgLOAwAIAsPk4yDFjY2O+vr7YS/Pz8xcvXiQVxdPe3p6WlkYqAiIRmCkEE9i5ubnTp08HBQWFhYW9++67Dx8+XEd3b731lpeXV2Nj4/qcHBsb8/f3X0e/68ZhfBDrXsYAAGBZ/+8Yi8VSWVlJKooHcszmwAQ2JydnZWVFr9ffvHmzp6enrKxsraZmZmZqa2tv3bql1Wpd4KlLCA8Pn56ednjbupcxAABY3LxXNjk5OTIykpycjC0CzoIJ7IMHD/r7+69evRoWFrZv376ampqWlpa1WrNard7e3gcOHNi+ffuaGkokkqioKPaHzeSpp57a5B4BABCVYz777DOVShUYGPjqq6/Oz89TFDU/Px8REWG1Wrdt29bY2Mgu1tTU+Pr6fvLJJ8HBwf7+/tnZ2Q8ePCBZbm9vf/7553fs2MEv3rlz5/Dhw76+vmFhYcePH//1119R5aFDh7y8vIKCgk6cOPHnn39SFJWVlfXRRx8xNg8dOtTY2Pj555+/8MILTGVpaWl2dvbk5OSLL77o6+urUqmqq6uZ7RqsWbS7Ul1drVKpfHx8srKyZmZm3nnnnaCgoMDAwNOnTy8uLqLmy8vLr732mq+vb3h4+Pvvv//o0SOm+cWLF4OCgnbv3n3t2jXO2B89enT+/Png4GAfH58TJ07MzMxQFLW4uPjGG28EBQXt2bPngw8+QKbYcPZ8sJtOv/zyS2Bg4A8//MCPs5eX1x9//OHj44PqDQZDaGgoKdpYZmZm2FNPchhbHxYW9uOPP6IPt2/fRnd+9913pL44N5Cc5EeSH3x23NBn/hLlrGphrwAAEAUtyOjoKEVROTk5ExMTBoMhJSUlLy8PXRoeHpbJZDabzW63s4tGo5GiqIyMDJPJZDAYYmJiysvLSfZTU1O//PJLbFGhUDQ0NMzOzhqNxpqaGqPRSNP0lStXvvjiC4vFYjabi4qKNBoNTdMtLS1xcXGo1cTEhFQqtVgs4+PjUql0YWEB1cfExLS1taWnp2s0GrPZbDAYYmNj/fz80FWsWTR2rVY7Pj4+MjKSmJgol8tRKNBvgsLCQtS8pKTk5MmTRqNxaGgoOTm5rq6OaX7q1Cmz2dzZ2Tk8PMwZe2VlZVxc3MDAwPj4eGFhoU6no2n6zJkzarXaZDINDg4ePHiwtraWPyMymYxdRKNg6i0WS1RU1NWrVwXizMxgaGhob28vKdpyHvypJznscCAMISEhKSkpfX19/Eu9vb0pKSkhISGoiHUSG0l+8NlxQ1exS5SzqgEA2CCicgzzTd3T0xMZGclc4nzZoSJqYjKZUH1rayuTAEwmU0REBNPEarXKZLLZ2Vl+cXZ2ViKR2Gw2Ad8MBgP69llaWtq5cyfqsb6+Pi0tDd2QkJDQ0tLC+La0tCSVSpkvptbWVibHYM2igVgsFlTf3d3t4eGxtLTEhGLv3r3os1wut1qt6LNer4+Pj2eaM6Pjo1Ao+vv72TV2u10mkzEetre3JyQkcFo5zDGpqan5+fnsJpw4I8bHxyMjI5ubm2lytMd5cHwgOSxmIGz3KisrAwICMjMzR0ZGUOXIyEhmZmZAQEBlZSWKrcCS4EeSH3x+jsEuUU54AQDYIBKHP3RkMhmzyRAaGjo7O+uwiVQq3bNnD/q8f/9+k8nENO/p6WFuu3HjRnx8PLPVwy76+/tnZGQkJCSkpKSEhobGxcU9++yzFEXdvXv33LlzQ0NDKysrq6urq6urFEV5eXmlpqa2tbWdPXu2tbU1JycHGdRoNB0dHcePH+/o6EhNTbVYLKurqyqVinGM8QRrFo19165d6LNSqdy5c6eXlxczFvQMeW5ubnp6OiIiAtWvrq5KJBKmOentqfn5+dnZ2djYWHbl1NTUysoK20P0bSie0tLSzs7OhoYGdiUnzoiMjIyioqKsrCyKHO2wsDDh7kgOr2kgPj4+58+fz8vLO3PmTHR0NHrPLTo6Wq1WG41GJv4kJ7GRpASDT5GXKAAAzmVTn/lv37599+7dTFH4jbKvvvqqoaEhNjZ2ZWWluLj47NmzFEVpNJqkpCSdTqfX67/99lvm5szMzLa2trm5ud7eXsZIeno6uqejoyM9PV3AMZJZMdhsNg8Pj76+Pr1er9frBwYG9Hq9yLZrfWYuzNLSUmtra3Nz83vvvYcemyH4r+pNTk4ODAygkCKw0Q7i4URv2dy/f7+goECn01VUVKCaiooKnU6Xn59///59YScRzo0kAABOQ/hnDmlnBnsJu1fW1tbGbESwsdvtcrmc2U7hFDno9XqlUjk1NSWRSNiVjDM2my0gIODy5cvp6enshjExMV1dXX5+fgsLC3a7XSqVjo6OokvMXhnJrMDYOUWZTMbZq+E356NQKPR6PScmDreYFhYWPDw8mN3L7u5uxluJRDI0NETTtFqtLigoYGzyA2u320mhpv8fbXqz9sry8vJkMllxcfH09DS7fnp6uqioSCaTMY8AsU7SuEjygy+wV8ZeorBXBgDOZf05xmq1SiQSZgOdKTIPVMfHxwcHB59++mn2M39mP12n08XExDD1nOLQ0NCxY8du3rw5PT1tMplyc3PVajVN0wqFor6+3mKxjIyMaDQa9pf+yy+/vHPnzq+//prtf1lZWWxsLGpL03RGRoZGoxkdHR0cHGQ/88eaFZ9j8vLyEhISBgcHJyYmqqqqKioq+M05w6dpurKyMj4+Hj2pRv+Lp2k6Nzc3LS2N/6ic3TA+Pj43N9dsNqM3EfjeDg8PS6XSgYEBfmCxnpCiTYLdF8lhUj0frVbLJH5sX1qtVthJfiTF5BjsEuWsagAANsj6cwxN0+Xl5d7e3tevX2cXq6urZTLZpUuXFAqFn5/fqVOnmOfkbGtvv/12SUkJY4pTXFlZKS8vj4qK8vT0VCgUWq3WbDbTNK3T6eLi4qRSaUhISHFxMduZtrY29GCf7T/atmI8NJvNarVaJpNFRERcunSJaY41Kz7H2Gy2oqIipVLp7e2dmpqK/v8u/DVH07Tdbj937pxcLpdKpRqNBv0v3mq1vv7663K5XKlUlpeXo7ebOA3RC34ymSw6Orq2thbrbWFhYVJSEj+w2LGQok2C3RfWYYH6dSPgJD+SDnMMaYnSvFUNAMBG2EbTtHM338bGxmJiYv755x/h2/bt29fU1PTMM89gi85icXFRLpdPTEzwH//eu3cvKSnpr7/+cm6PWw0XBfY/jcglCgDAxnH8XpmLuHfvnkDRWdy4cSMxMRH7fpFer4+MjHRFp1sKFwUWAABADG7WknGpqv/8/HxdXV1mZiZTc+HChWvXrv3999+3b98uKSnJy8tzVl+PE24/AsDtDgAA4CzcmWNcrerP7LYzNcnJyfX19UqlUqvVFhYWZmdnO6uvxwa3HwHgdgcAAHAizs8x4eHhIne6Xa24vLy8/M0337CVEA8fPtza2urp6fnbb7+9+eabGzEuUit+I7hFZ549C8vLyy+99JLAMF0RBKcsA2HH0BLdhPC68SwDANgiuPN3DKj6C+MWnXlmFpaXl48dO2a32wVuFimYvz4HNoIYx0DGHwA2AbflGFD134KwZ8FsNh89evTTTz8VbuJcwXwnLoOtoOTv3rMMAGAr4DjH8AXVsar1WKV6AQRU/bGy8CQ9dgonrc+W5ff393/llVfY2ioURX388cccOwKa+aQTAbB2hP3n2ye5ytGZxx5VwAkpv1/sTAkMhz0L4eHhpaWlwpPIHhRWeF+8bj/fAaxBMTL+1L83qUTK+It39ffff/fx8bl79y5FUTMzM/7+/t9//z22CfYsAwB4onCcY9RqdU5Ojslk6u7uTkxMlEqlFEVZrdbh4eHBwcHr168nJiZSFFVVVdXV1dXV1TUyMhIaGjo0NEQJCl4JbJQVFhZOTEz09/d3dna2t7fX19ejeqvV2tvb29fX19fX19/fX1VVheorKiqWlpYGBgY6Ozt1Ot2VK1fQzQMDAz09Pb29vSaTqaSkhOnLarX2/R+2HRIFBQWenp4Gg6Grq6upqcmhHZL/JLCu7tq1i9GZ12q1Go1Gp9MxD7ra29v5CmzYfvkzRRoOf1LWBHad5OTkHDlyBH3Pcrhz586RI0cYAVO+A1iD2GXGHyMb7LLhhHdNrqpUqpKSkqKiIoqiysrKUlNTn3vuOWoT5d0A4L+E8J9oYgXVsar1fH11mix4JaDqT5K6EtBj50vrc44k6O7uZh9JgLVD+qt+pHLGPxGAZEfAf5Imv4Cr7Cacowo4k4Ltlz9TpOHwJwXrAwfmKkl4X6RuP98BkkExMv5sx8TL+K/J1ZWVlf3795eXl8vlckZugLTaAeBJxsHfYJIE1TnC6SR9dZI4vICqv4AsPFaPnSStzz6SQKlUso8kWJOu+9TUFOlEAKyddejzC7jKhnNUAed5A6lfzkwJDAd7BIBISOtEpG4/3wGsQZfK+K/J1R07dtTV1R09erS2tjY4OBhVOjwKAQCeQBzvlQkIqnPg66uTdg+c+EbZRqT1/1uIP6pgfWzwhS7SOhGp2893gGTQdTL+4l2lKMpsNnt4eJjNZqYG9soAAMOafvUgQXXs/glfX50m7B4Iq/qL3Ctj67HzpfWFjyTA2iFp5pNOBCDZIfkvoMkv8vQE+t9HFXBCTdor41ggDYd0toLIvTIOjPC+eN1+MYc70OJk/GnyXpmAjP+ajhiwWCwhISHNzc0BAQHoPAUa9soAAIeDHIMVVMf+q8Yq1WMRVvWnCbLwAnrsfGl9hzkGawermU8TTgQQsEOStXeoyc9xla8zzzmqgP63RD+/X+xMYYdDOgKAb4HdI3OVJLwvUref7wDJoBgZf5qXY8TI+It3labp/Pz8zMxMmqY//PDD5ORkUisAABzkGKygOvZfNVapHouwqj8tqG+P1WPnS+s7/HFQVVXFt4PVzKcJJwII2CHJ2ovR5Bc+PYFzVAH/qTWnX+xMYYeDPQIA6x62uNbTAfiIPNxBjIw//e8c43QZ/76+PplMhn4b2Wy2iIiIpqamNVkAgCeHte2VOYWoqKhbt26RiiS2yAGFw8PDCoXCXb1brVapVMp5h2ojMMMROQscnDgp63PAIVtk2QDAE4sbtP03R9XfRbj3RACBowrWBzMct8+C2x0AAMAVuO38mP8QFy5cCA0NTUtLMxqNJSUlZWVlbnEDHVVw8uTJDdpx1nAePnzY09OjVCo36A8AAI8z7v4hJRY3bnrodLqDBw96enru3bv38uXLbvGBpmlPT8/09HT+nyWuFWcNJycnJyAgoLW1dYP+uBTYKwMA9+L8s5YBAAAAAOHmczABAACAxxjIMQAAAICrgBwDAAAAuArIMQAAAICrgBwDAAAAuArIMQAAAICrgBwDAAAAuArIMQAAAICrgBwDAAAAuArIMQAAAICrgBwDAAAAuArIMQAAAICrgBwDAAAAuArIMQAAAICrgBwDAAAAuIr/AYdHBw5uuKy/AAAAAElFTkSuQmCC)
Screenshot:
Mirror: Click here to view the mirror
Coordinated Disclosure Timeline
Vulnerability Reported: |
10 December, 2019 14:05 GMT |
Vulnerability Verified: |
10 December, 2019 14:19 GMT |
Website Operator Notified: |
10 December, 2019 14:19 GMT |
a. Using the ISO 29147 guidelines |
|
— |
— |
b. Using publicly available security contacts |
|
c. Using Open Bug Bounty notification framework |
|
d. Using security contacts provided by the researcher |
|
Public Report Published |
|
[without any technical details]: |
10 December, 2019 14:19 GMT |