logo
DATABASE RESOURCES PRICING ABOUT US

hiroatupunaupf.e-monsite.com Cross Site Scripting vulnerability

Description

Open Bug Bounty ID: OBB-1049675 Following coordinated and responsible vulnerability disclosure guidelines of the **[ISO 29147](<https://www.iso.org/standard/45170.html>)** standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence. Affected Website:| **[hiroatupunaupf.e-monsite.com](<http://hiroatupunaupf.e-monsite.com>) ** ---|--- Open Bug Bounty Program:| **Create your bounty program now**. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| **[XSS (Cross Site Scripting)](<https://www.owasp.org/index.php/Cross-site_Scripting_\(XSS\)>)** / CWE-79 CVSSv3 Score:| 6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N] Disclosure Standard:| Coordinated Disclosure based on **[ISO 29147](<https://www.iso.org/standard/45170.html>)** guidelines Discovered and Reported by:| **g0bl1nsec ** Remediation Guide:| **[OWASP XSS Prevention Cheat Sheet](<https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.md>)** Export Vulnerability Data:| Bugzilla Vulnerability Data JIRA Vulnerability Data [ Configuration ] Mantis Vulnerability Data Splunk Vulnerability Data XML Vulnerability Data [ XSD ] Vulnerable URL: ![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAAA3CAIAAABVZQ1/AAAACXBIWXMAAA7EAAAOxAGVKw4bAAAPTUlEQVR4nO2dfUxb1RvH78rLClzGeGnHKJOXGUbIwogiomI0m5loCMHINjfRMUeQLUwr4lzRKDaGGYQtTrMsRg0zJvOPxRDiH5Ogxkpwbgy7rjJWGZZSGM7yNu+20hX6++P+cnO99557Ty+9bYfP56+e0/PyfZ5zbp/eU+7DCp/PRwAAAACAAqhCLQAAAABYtkCMAQAAAJQCYgwAAACgFBBjAAAAAKWAGAMAAAAoBcQYAAAAQCnCIsZkZWVdvHgRVQQA5QjDzaaQpPCxNHyUAEEg9DHm0qVLi4uLmzZtEiwCgHKE4WZTSFL4WBo+SoDgIBFjRkdH4+PjBd+am5s7fPgwqohPV1dXeXk5p4iaV0SPDGRrDgdee+21mJiYkydPhlqINOxVCyufc/ZeEJDcwOKSZHuSGXZmZmbPnj0ajUan07355pt37tzB1s4VII+A+BxHhqR/mEFGR0cTExOXKAlA4hPFbreTJInzlkhLcYqKirq7uzlFkdHcbreMWQSRrTnkuFwulUplNpu9Xm+otWDBrFpY+Zyz94KApPmSkuR5khm2vLx8165dTqdzaGiopKTk0KFDmCPImFRcyRKR/ByQlMo0sNvtq1evXrokQJAQn5Vdu3bNZrM9/vjjgkVBVq5cGQRhYQ5FUbGxsZs2bYqIiAi1FizCcNVwNluQUWj/M8Pevn17YGDg008/1el0GzZsOHLkyOnTp/0aKjIyMicnx18BfCWyR2BY+o5ibFmiUYA4WDHmo48+ysrKSk5OfuGFF+bm5giCmJuby8zMpChqxYoVJ0+eZBePHDkSHx//4YcfrlmzJjExcffu3bdv30aN3NXVtXXr1qioKMEif172PTL9+vDhwxqNZu3atZ9//jlBEDdv3nz55Zc1Gs26devee++9hYUFgiDOnz//0EMPxcTEaDSabdu2jY+P803g3H0zt890Pd8cVHvmrfb29qysrMTExOeff54Wj1Li79RTU1Ns5Wx/zs/P7927Nz4+PiMj491336XN58NWGBcXt2PHjqmpqTfeeEOj0SQnJ+/Zs+fmzZt0S0F/ihv46KOPxsfH63S6Z5999vLly2wDOT7HFLywsGAwGNasWRMXF7dt27apqSkcYeJ2cTaboGyUNpFF5OxGQeWCGxtTkjxPMsPGxMSMjY3FxcXR9cPDw2lpaQRBjI+PP/nkk3FxcevXrz969KjIwZFOp7tw4QJT/O6771AtBRtIGsj3mKBj2cdcgtcI3z98qYwtOp3u119/xbQIsw3AIB1jKIoym819fX3nzp2bmJg4dOgQQRAJCQlDQ0MkSbrd7qqqKnbxmWeeoSjq3Llz/f39/f39AwMDra2tqMEFf4wRmZevbWhoyGq1dnR0lJSUEATxyiuvTExMDAwMnDlzpqur6/jx4wRBDAwM1NbWTk5OWq3W9PT0+vp6vgniHsA0h93FYrHQ4h0OR1NTE10vqMTfqZOTk1HKjUbjrVu3LBbLmTNnTCbTiRMnREY2m829vb1ms3liYiI3N9flclkslrNnz9rtdkawoD9FDCwrK6uurnY4HL29vSUlJWq1mj0p3+c4gltbW3t6enp6emw2W1pa2uDgoLgwHLuIf282QdkobahF5O9GQeUiG1tSkjxPCv4EcuXKlcbGxra2NoIg6uvrV61aNTQ01N3d3dHRwbTR8OAMUl1dvWXLFnbUYTh//vyWLVuqq6vZlZIGojzGcSwbwWuE7x8RqZgWoYwCJBA/SrPb7QRB3Lhxgy729fVlZ2czbwn+HkN3cTgcdP0333xTWFhIv3Y4HJmZmUwXiqJIkpyenuYXUfOyJ6XbMN19Pp/X6yVJcmRkhC52dXUVFxdzLBoeHk5NTeWbwDeHPqJFmYNqzxff29vLOE1Qib9T87swpKSkUBRFvzabzUVFRfw2zMizs7OMQpVKdevWLbrY19d37733+tD+RBk4PT0dGRnJPygX8TOOYK1WOzAwwK4RFyZpl+/fmw0lG0cbexE5u1FQucgFhSNJhic5VxmN0+nMzs7++uuvaWeq1Wr2NmN2spMHRw9FUS0tLUlJSdu3b7fZbHSlzWbbvn17UlJSS0sLIwnTQJTHOPpxPm04/hGUygfVDGUUIEmkZBAiSZI5yUlLS5uenpbsolar161bR7/Ozc11OBxM976+PqZZd3d3UVERc2POKeLMS5Ik+77++vXrHo8nKyuLmZregr/99tvBgwcHBwc9Hs/i4uLi4qKkCTjmiMAWn56ezoj3V4lfU8/MzLhcrszMTLq4uLgYGfn/9WV/A/37779phQkJCYzCVatWxcTE0MW0tDSXy0Wg/YkyMDExsbKysri4ePPmzWlpaYWFhY899pg8wQxzc3PT09P5+fnsSnFhknYR/95sgrJFtKEWkbMbBZUT6I0tKUmeJzmXFU1lZaVer9+xYwftTIIg2NuMaabT6UQmJQgiLi7OYDDU1dW99NJLeXl59F+p5eXllZWVjYyMMAuBaaCIx0SO7zCvEUGp+M1QRgGSSMeYABIREbF27VqmKHJQFlgqKipqampOnDihVqudTmdpaakSs4RcidvtVqlU/f39zOeLSvX/s1Cz2RzAiUQ4derUhQsXrFbrxMREQ0PDww8//PHHH6MaiwjmEPA/beBsNr7spqYmlDa/FhFfuaQkeZ7kX1bXrl2zWCy//PKLpCT+4Rj9BYXN1atX33nnHZPJZDQa6Rqj0djW1rZ//36j0bh+/Xp8A99//31CgbUWkYrfDGUUII34bY74iRDOWVlnZydz98rG6/WmpKQwxx2cosjxEeqswIc4Qrl+/XpkZCTTxmw2C5pw48YNlUrFPv8RPLBizEG1FxGPUuLv1IK205AkyTlqEERkWdlFkSMpke5sA9PT032iq4YjWKvVms1mdo08YWy72JsNJVtQG2oRBVeErxylEFOSv54UHNbr9bJrOGdlnZ2d+GdldXV1JEk2NDS4XC52vcvl0uv1JEnW1dWJKOEbKOkxTiX+NYKSimmRoFEADvJjDEVRkZGRzJElU6RXvbKy0ul0Wq3WgoKC5uZmZgTmBNZkMm3cuJGp5xTlxRifz1dTU1NeXu5wOKxW63333Xfs2DGfz6fVao8fPz47O2uz2SoqKlAmFBUV1dTUTE5O2my2kpIS9ge9oDmC7cWdhlLi79TsKdiH2nV1dcXFxfR3w9bWVqPRyF1RKYWcoqA/Ud0HBwdLS0t/+OEHl8vlcDhqamrKyso47Tk+RwlmG9XS0lJUVGSxWJxOZ319vclk8lcYp8jZbCjZKG2Ciyi4G/nKUQoxJfnrSc6wDJwfQioqKtjbDP9hkaqqKrvdjnrXbrdXVVXRrzENlPQYMzI7xgheIxz/iEvFtIhjFICD/Bjj8/mam5tjY2M7OjrYxfb2dpIkP/jgA61Wu3r16hdffJH50ZU9WmNjY1NTEzMUpyg7xlAUVVtbm5KSkp6e3tzcTD+iaDKZCgsL1Wp1ampqQ0MDyoTh4eHNmzeTJJmXl3fs2DH2jILmCLYXdxpKib9Ts68x9lxut1uv16enp8fGxj799NOor434MUbQn6juHo+nubk5JycnOjpaq9VWVVVNTk7y27N9LiiY097r9R48eDAlJUWtVldUVNBfMP0SxilyNhtKNsqZgosouBv5ylEKMSX560nOsIJu8fl8Tqdz69atsbGx2dnZbW1tSjyQiGmgpMcYE9j7X/Aa8fE+oICQIBFjZIA6xuGQk5Nz9uxZVDF8wDRnmU29vAnDzaaQJBnDok4+g68EB7hGwp+g/ubP5sqVKyJFAFCOMNxsCkkKH0vDRwkQZEKfd/lu5OLFi/v27RNpcOfOnZ07d/711184o0GqcwAAlisQY+RQXV3NPIsgSFRUVHR0dGNjo+RQkOocAIBlTOBjTEZGxj///ENgpwEPq2TvfGhz2CKnpqYsFoter2fazM/P79y5k2OsXq/v6emRHF/kqSDGk5IsD1cD4UBGRsbMzEyoVeCCf40AoULB+5iMjAzmsWoRZmdnW1palJMRENgi6ZzHTNrX+fn50tJSr9fL6ZKUlERRlOTIAXnydDm5GgCA5YSyZ2VhmNE94ExOTj7xxBN0bkF/CatU5wAAAAFHOsbITsHNz8MvLwW3eHZ9nNz+mCnf8UWyycjIeOutt/A9zjZQMtV5kF0NAAAQWKRjTDik4EZl18fM7U9gp3zHFCkPfmJwnFzuIc92DgAAIB/xx2eWkoKb80w+ITcFN6ovf8YlpnzHFCn+4LFgjWBicJxU50F2NQAAQGCRuI9hUnC//vrr7e3tP/30EyGatDxQKbiHh4c9Hk9eXp54X8zc/gR2yncZafxxyMvL83g8IyMjBoOB+S+EgqnO2X4mQuFqAACAACJ9Vnbq1KnPPvssPz/f4/E0NDQcOHCArlc0BTedDk88BfddhNFoNJlM+/fvv3r1KlPJT3Uu6GcCXA0AwF0L1t+V3X///bt37zYYDF988UVnZ2dCQkJSUpK/j6a73e6xsTH6tc1mu+eeewSb7du3r6CgIDU11WazGQwGv/pqtdro6Og///yTLg4NDYk/KSlbpL8YDAabzabVagsKCugEAQsLC99++y3nr5Y5fiYIIviuBgAACCASMeby5ctPPfXUjz/+ODU1NTY29sknnxQUFBAEodfra2trL126ND4+fuDAgZ9//hlnsoaGhvHx8d9//725ubmsrIyuTElJcbvdf/zxB12kKMpqtba3tycnJ0v25RAREfHcc8/p9fqxsTG65a5du3CE+SVSpVLxn4bh4/V62f/VMTk5+ejRo1arlX5opq+vLzU1lTnWQ/mZCIWrAQAAAob4zzVLScHN/51cXgpuVF/83P6YKd8xRbrdbrVazfmRnC/m9OnT+fn5KMdipjr3BdfVAAAAgWWFz+cLQiQbHR3duHGjvKwPS+mr0ESvvvqq1Wr9/vvvUQ3m5+dzc3PffvvtvXv3CjbYsGHDl19++eCDD8qXiyBo7gIAAJAkZLn972ra2trMZrNIg5UrV3711VePPPIIqgGkOgcA4L8A5F2WQ1RU1AMPPCDeRiTAAAAA/EeAGAMAAAAoRZB+jwEAAAD+g8B9DAAAAKAUEGMAAAAApYAYAwAAACgFxBgAAABAKSDGAAAAAEoBMQYAAABQCogxAAAAgFJAjAEAAACUAmIMAAAAoBQQYwAAAAClgBgDAAAAKAXEGAAAAEApIMYAAAAASgExBgAAAFAKiDEAAACAUvwPBqmBcYX8oTUAAAAASUVORK5CYII=) --- **Screenshot:** ![hiroatupunaupf.e-monsite.com vulnerability](/twimages/screen-1049675.jpg) **Mirror:** [Click here to view the mirror](<http://1049675.openbounty.org/mirror/>) ### Coordinated Disclosure Timeline Vulnerability Reported:| 25 December, 2019 14:29 GMT ---|--- Vulnerability Verified:| 25 December, 2019 14:38 GMT Website Operator Notified:| 25 December, 2019 14:38 GMT a. Using the ISO 29147 guidelines| ![](/images/done.png) ---|--- b. Using publicly available security contacts| ![](/images/done.png) c. Using Open Bug Bounty notification framework| ![](/images/done.png) d. Using security contacts provided by the researcher| ![](/images/done.png) Public Report Published [without any technical details]:| 25 December, 2019 14:38 GMT Vulnerability Fixed:| 1 February, 2020 14:42 GMT ---|---