logo
DATABASE RESOURCES PRICING ABOUT US

dan.inspihitek.com Cross Site Scripting vulnerability

Description

Open Bug Bounty ID: OBB-1049221 Following coordinated and responsible vulnerability disclosure guidelines of the **[ISO 29147](<https://www.iso.org/standard/45170.html>)** standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence. Affected Website:| **[dan.inspihitek.com](<http://dan.inspihitek.com>) ** ---|--- Open Bug Bounty Program:| **Create your bounty program now**. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| **[XSS (Cross Site Scripting)](<https://www.owasp.org/index.php/Cross-site_Scripting_\(XSS\)>)** / CWE-79 CVSSv3 Score:| 6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N] Disclosure Standard:| Coordinated Disclosure based on **[ISO 29147](<https://www.iso.org/standard/45170.html>)** guidelines Discovered and Reported by:| **H_chabik ** Remediation Guide:| **[OWASP XSS Prevention Cheat Sheet](<https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.md>)** Export Vulnerability Data:| Bugzilla Vulnerability Data JIRA Vulnerability Data [ Configuration ] Mantis Vulnerability Data Splunk Vulnerability Data XML Vulnerability Data [ XSD ] Vulnerable URL: ![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAAA3CAIAAABVZQ1/AAAACXBIWXMAAA7EAAAOxAGVKw4bAAAPnUlEQVR4nO2dbUxTVx/Ar1ChwK3y0lZe6niZQUIIc4QwtqEzuihhDekQcXPdrJMwJA0jhLEBhjFMkCCYzW3EDzNRZzY/LMYQsjDDzNIRNgWxdoVBxxyU10FB6i5YoHKfD/d57nNz33rBXqDs//vUc3ru+b+d03/vafvvJhzHEQAAAAAQAa+1VgAAAADYsECOAQAAAMQCcgwAAAAgFpBjAAAAALGAHAMAAACIBeQYAAAAQCzWRY6Jjo6+f/8+VxNYZcD/AAC4i7XPMb/99tvS0tJzzz3H2gRWGfA/AABuxEWOGRwclMlkrE/Z7fYzZ85wNYXT1NSUmZnJ1STVCAoKWsHktEm4bHnKCXlmpj4lxEVuV3K5sPr/6VlxBFe8rsSAJzoPHz48fvy4QqGIiIj48MMPFxcXxQsldeGtwKtrvsaAfxUrv4+ZmZmpqanhagpHSI5xC5GRkTabbZUnpI5ZsYtWE/H8vzI8wmkIguh0uoWFBaPReOvWrfb29srKyrXWiBO3bwQA4EGytuLHxsYsFsvevXtZm27H19d39Sd0u1DxENv/G5XHjx93dXX19vYGBAQgCHLu3LmjR4/m5+eLJE4ikcTGxlIfLBcPWpOApyPoPuazzz6Ljo4OCQl5++237XY7giB2uz0qKgrDsE2bNl2+fJnaPHfunEwmO3v27LZt24KCgo4dO/b48WOumZuamg4cOLB582Zmc2Rk5ODBgzKZbOfOnd988w15SUdHx4svvujn56dQKA4fPjwyMoL87/a/oaEhOjo6KCjorbfeIvSkQjva4hrc0dGxe/dumUwWERFx6NCh33//nRjPtIh25sD0EnUMzWMIgszPz584cUImk0VGRn788cdPnjyhKdzd3R0SEvLzzz8z/fbkyZOysrJt27YFBAQcPnx4amoKQZDZ2dn33ntPoVBs3779k08+ISakGhsQEHDkyJGpqakPPvhAoVCEhIQcP358dnaWGQ5+k8+cOaNQKMLCwi5evMgllyuCNKdRT3uYRjGdxoQZL6Kfy73M9cNqFKuHuQLt5+c3NDREJBgEQfr7+8PDw3lCyarbl19+efDgQfKSioqKY8eOsZocERFx9+5d4sHt27eJzh9++IF1MAk5gHUj8K+NsbGx1157TSaTRUdHNzQ0sB7QcW0c4Y5lnZO52QHPwnWOwTDMaDS2t7ffuXNndHT0o48+QhBk69atvb29KIo6HA6tVkttvv766xiG3blzp7Ozs7Ozs6urq66ujmtynoMyvV6/ZcuWnp6e77//nppjurq68vLyxsfHzWazSqXS6/WkniaTidDTarWWl5fzG8U1WK1W63Q6q9Xa1taWlpYmlUqJ8fwWsXqJCs1jCIJUV1fPzc2ZTKaWlhaDwXDhwgXqeLvdnpWVVVtbu3v3bqb+dXV1ra2tra2tFoslPDy8p6cHQZDCwsLR0dGurq6WlpampqbGxkaqbm1tbUajcXR0NC4uzmazmUymX3/9dWBggGo71f9cJmMY1tvbazabL126lJaWxiOXK4JcMI1iOo0Ja7x43Mu6fphGsXoYERDovr6+kpKS+vp6nlCy6qbRaAwGwz///EPGIisrS8GAy3s6nW7//v1E7qHR0dGxf/9+nU7HfErg2tDr9T4+Pv39/a2trVeuXBEeCOGOZbWUa7MDngTOy8DAAIIgjx49Iprt7e0xMTHkUyiKUkcSTeISq9VK9F+/fj05OZl4bLVao6KiyEswDENRdHp6mtl0Op1SqZQ6SWBgIFO9/v7+0NBQpp5tbW2knlwasg6enp6WSCQOh4PpBKZFXBNyeYnmMblcjmEY8dhoNKakpFDHZGRkFBQUME0mUCqVXV1d1B6n04mi6IMHD4hmU1NTamoqqdvMzAxprJeX19zcHKnqjh07iMdU//OYjCAIGTIeuVwRZC4bMrJMo5jjabDGi4DVvTSI9cM0ikcZrkATDA8Px8TEXLt2DecNJZduqamp3333HXmtw+EYZsDlCgzDampqgoODc3JyLBYL0WmxWHJycoKDg2tqakiJtHXrcm0QoSRDzLoZeTaOEMcSruO3lNzsgGfh+vMYFEXJw43w8PDp6WmXl0il0u3btxOP4+LirFYreXl7ezs57ObNmykpKeR9N7U5MTGBIAh1EvKqe/fulZaW9vT0LCwsLC0tLS0tMfVUqVT8enINDgoKys7OTk1N3bdvX3h4eHJy8iuvvMJj0Yq99PDhQ5vNFhUVRTSXlpYkkv/HoqKioqWl5auvvmK91m63T09PJyYmUjsnJiYWFhaio6NJJYkdTui2detW0tgtW7b4+fmRqpIf/9LCwWUyiqLUoxIuuTwRFG4UE+ob+cnJSa548biXdf3QjOJRhj/Q2dnZRUVFR44cIXuYoeTRTaPRNDc3Hzp0qLm5OSMjw9fXNyIigt8hJAEBAWVlZfn5+e+++258fPzi4iKCIPHx8Wq1+sGDB+QCYJrjcm1MTEwsLS1RQ8ychysQwh3LainXZgc8iFX9zN/b2zssLIxsruwbZRqNJjc398KFC1KpdHh4OD093b1Kfvvtt3fv3jWbzaOjo8XFxS+99FJJSYl7RSAI4nA4vLy8Ojs7ydcXL6//nlvOzc1dv3792rVrer0+KyuL69XB29vbvSqth2+UuTTKaDTSepjx+vzzz3ncK3z9LNfDY2NjJpPpl19+IXtYQ8mjW1ZWFnGg1NzcTBxtMQ/HJicnuRT4888/KysrDQZDdXU10VNdXV1fX19QUFBdXf3ss88uy5zlInzjsDqW1VKxNzuwGvDf5vCcbAg8K7tx4wZ5VkbF6XTK5XLyBpzZpJ603Lhxg5A7MTEhkUjISYxGo8sTGFYNXQ4m51epVFwWCZmQ56wMRVHW0xiJRNLT04PjuFqt1uv1rIoplUqj0Ujt4Tkr4zGWbNL879Jkl3K5Ivjo0SMvLy/qQSX1rIxmFKtEHoh4EY9Z3cu6flhFCFGG5kyn00n6AecNJatuBAkJCa2trYGBgYSLhJ+V5efnoyhaXFxss9mo/TabraioCEXR/Px8mhXC14ZUKh0YGCD6uQ6uqZAbR6BjWS3l2uyAZ7HyHINhmEQiIU9+ySbx8pSdnT08PGw2m3ft2lVVVUXOQJ7YGgyGhIQEsp/WxHFco9FQJ6G+EjU2Ns7MzFgsFo1G4zLHkBKFbK2enp709PRbt27ZbDar1Zqbm6tWq7ksWm6OoXksPz8/NTWVeN9XV1dXXV1NG9/b2yuVSk0mE80QHMdrampSUlJMJtPw8LBerzcYDDiO5+bmZmZmWq1Ws9mclJR0/vx5ft2oTZr/XZpMhVUuTwRTUlJyc3PHx8ctFktaWhrZz2oUzWk0WOPF416cbf2wGsWqjMt3J9QY8YSSSzccxysrKxMTE0krhKPVask0wGRgYECr1dIUE7g2cBzPzs7WaDQDAwNmszkxMZH5Ws+1cQQ6lgvWzQ54FivPMTiOV1VV+fv7X7p0idpsaGhAUbS2tlapVAYGBr7zzjvkp4jU2UpKSsrLy8mpaE0cx4eHhw8cOICiaGxsbH19PSnXYDAkJydLpdLQ0NDi4mL+HMN6G8Fj1MLCQlVVVWxsrI+Pj1Kp1Gq14+PjxHimRcvNMTSPORyOoqIilUrl7++fkZFBvAWmjS8sLNyzZw+z3+l0lpaWyuVyqVSq0WiIt64YhuXl5cnlcpVKVVVV5XQ6XUaQbNL879JkKqxyeSLY39+/b98+FEXj4+PPnz9P9rMahTOWGRXWeBFPsboXZ1s/rEaxKiP8RZknlDy64ThOHAayGusuVpBjxsfH1Wo1iqJRUVG1tbXM13qejUMbyRVlVlg3O+BZbMJx3L2Hb4ODgwkJCeRXMLnYuXPnlStXXnjhBdbmukKgRR4Nzf//BpPXJ7Ozs3K5fHR09OmLJ4lEX1/fnj17/v7777VWBPAM1ux3/n19fTxNYJUB/68Tbt68mZaWtm4TDIIgRqMxJiZmrbUAPIa1r7u8Ubl///7Jkyd5BiwuLr755pvwfhAgsdvtX3zxRU5OzlorQuf06dMXL16cnJy8fft2eXm5eGVygI0H5Bix0Ol05G8gWNm8ebOPj48YX4wGPBTy06+1VoTO3r17GxsbVSqVVqstLCzkKnIDAEzc/3nMvxa73d7Y2FhWVoYgyNTUlFKpnJubI4sPzs/P63S65uZm6occ9+7dy8jIGBsbWxuNAQAARAbuY9wGtQo9hmH+/v7UBJOenu50OmmXBAcHYxi2qloCAACsIpBjVoPx8fFXX32VWicRAADg34DrHMOs3M5fG59Zt5xZ4lt4iXjWkUyWVYvepVE8dc65BPFXoY+MjKyoqFhWYFyWagcAAFj/uM4xrJXbeWrjs9YtZ5b4Fl4injmStQy48Fr0PEYJqXPOKkhIFfplwVOqHQAAwGPg/4kmazUq/kL6zLrlzBLfwkvEs5YHZ5Y2El6Lnt8ol3XOuQThvKXJuDqpPcw/PmCWagcAAPAsXPwGk6tyO1dtfK665bQS38we/tL0tGuZZcAHBwcF1qLnN0pIDXyXdf5XBu2PD1hLtQMAAHgWbv6dP2vd8oWFBfdKYZYB7+zsdK+I1Yf2xwcIW6l2AAAAz8JFjlEqlT4+Pn/99Rfxrr+3t5f/d4VhYWH+/v7T09PPP/882Tk4OOhSj2UJYv6JiNPpdDgcQ0NDxB2GxWJ55pln3GUUDeGCnoaTJ09evXo1Ly/PYrGEhISIIQIAAEBsXHzm7+3t/cYbbxQVFQ0NDXV3d1dVVR09epT/Eq1WW1BQ0N3dPTY2dvbs2dOnTwvRY1mCIhgQ/cXFxSMjI8TlarXajUbRYBUkl8sdDscff/yBIIiXlxfz1zBMnE4necM3OztL/UIahmFms7mhoQESDAAAnovr75V9+umnoaGhSUlJ6enpmZmZBQUFLsenpqamp6fv2LHjp59+Ev4lq+UKooGiaHJyclJSUlpaWmJiYmlpqUiyuAQFBAScOnVq165dly9fViqVCIIQ+YYHo9FI3gbZbDa9Xk8+9fXXX0dGRgrXCgAAYB2yQWrJrFoteuGC3n//fbPZ/OOPP3INmJ+fj4uLO3Xq1IkTJ5Y1MwAAgKewZrX9Nzz19fXMz42o+Pr6Xr169eWXXyZ7iL9wBwAA2DDAfcx6ETQ/Py+RSLy9vd0+MwAAwFoB9zHrBbKAJgAAwIZhg9zHAAAAAOsQqLsMAAAAiAXkGAAAAEAsIMcAAAAAYgE5BgAAABALyDEAAACAWECOAQAAAMQCcgwAAAAgFpBjAAAAALGAHAMAAACIBeQYAAAAQCwgxwAAAABiATkGAAAAEAvIMQAAAIBYQI4BAAAAxAJyDAAAACAW/wHybwOu+HT26QAAAABJRU5ErkJggg==) --- **Screenshot:** ![dan.inspihitek.com vulnerability](/twimages/screen-1049221.jpg) **Mirror:** [Click here to view the mirror](<http://1049221.openbounty.org/mirror/>) ### Coordinated Disclosure Timeline Vulnerability Reported:| 24 December, 2019 20:24 GMT ---|--- Vulnerability Verified:| 24 December, 2019 20:35 GMT Website Operator Notified:| 24 December, 2019 20:35 GMT a. Using the ISO 29147 guidelines| ![](/images/done.png) ---|--- b. Using publicly available security contacts| ![](/images/done.png) c. Using Open Bug Bounty notification framework| ![](/images/done.png) d. Using security contacts provided by the researcher| ![](/images/done.png) Public Report Published [without any technical details]:| 24 December, 2019 20:35 GMT