Open Bug Bounty ID: OBB-1059724
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:
      a. verified the vulnerability and confirmed its existence;
      b. notified the website operator about its existence.
Affected Website: |
sthopeleadershipacademy.org |
Open Bug Bounty Program: |
Create your bounty program now. It’s open and free. |
Vulnerable Application: |
Custom Code |
Vulnerability Type: |
XSS (Cross Site Scripting) / CWE-79 |
CVSSv3 Score: |
6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N] |
Disclosure Standard: |
Coordinated Disclosure based on ISO 29147 guidelines |
Discovered and Reported by: |
Fadavvi |
Remediation Guide: |
OWASP XSS Prevention Cheat Sheet |
Export Vulnerability Data: |
Bugzilla Vulnerability Data |
JIRA Vulnerability Data [ Configuration ] |
|
Mantis Vulnerability Data |
|
Splunk Vulnerability Data |
|
XML Vulnerability Data [ XSD ] |
|
Vulnerable URL:
![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAAA3CAIAAABVZQ1/AAAACXBIWXMAAA7EAAAOxAGVKw4bAAAZsUlEQVR4nO2df0ybxxnH3xKHOOaFgGMcYpwUaOZaFmMsY4h1dGMpShFDyKWUZowllLKUMY8hRjPKKsooooiSqk3TCFWp5FVRyh9RhhCqWORlGUIsJcR1mOcRxBhh1GHEcYE41HEItz9OPd3eH+fXxg4Q7vOX39f33n2f5x6/5/fe9573MQAAQ6FQKBRKGIhYawEUCoVCeWShYwyFQqFQwgUdYygUCoUSLugYQ6FQKJRwQccYCoVCoYQLOsZQKBQKJVys3zEmOTn52rVrYpsUykYkuDBeD8G/HjSsFVJs38z+IbNOx5i///3vKysr3/rWtwQ3KZSNSHBhvB6Cfz1oWCuk2L6Z/eMXP2PMjRs3oqOjBb9aWFh46623xDZXSW9vb2FhodjmGoKbSXBOSAhV/Tdu3IiLiwurnnC7QqzRkNj10AgujNdD8EMNQfTy6vso6ND68ssvX3rppfj4+MTExN/+9rf3798PTgDyP1LCN2o99NG6JfjrmPn5+ba2NrHNVbJux5jQmvnI8Pjjj7tcrrVWsd7Z6GPMmvRy0I2Wl5f7fD6bzXbx4sWhoaGmpqbgBEjx/3roo3XLepwru3nz5vj4eE5OjuAmZX2ybdu2tZawrgkujNdD8OMa1qSXg2j0q6++slqtH374YWJi4pNPPvnOO++cO3cuiKZx22UymU6nwz/wy1D4SBpj3nvvveTk5J07d/7sZz9bWFhgGGZhYSEpKcnj8Tz22GN/+MMf8M133nknOjr67bff3rVrV1xc3JEjR7766itYz5UrV55++uno6OjExMTnn3/+n//8p2Bzvb29Bw8e3Lp1K2fzueeee/vtt+HOa9eubdu2DYphGOaVV1559dVXyQW+8Y1vkA/nyOCr5Vgt5hyGYe7evfvKK6/Ex8fv2bPn97///YMHD5ivr7UFPXPv3r2XX345Ojr68ccff+ONN2B5DoJlrly58r3vfW/79u3x8fEvvPDCF198AQt/8cUXzz77bHR09JNPPnn27FlyJVDYW2+9FR8fv3v37o8++ojQWYL24tMIhN4XlPrgwYPXXntt165dUVFRL7zwwu3bt0NiF1Ry/Pjx5OTkqKioF1988fbt26+++mp8fPzOnTtfeumlu3fvwmM/+OCDZ599FlX1u9/97siRI7jnCb3JcdrNmzd//OMfR0dHJycnHz9+HJ9RQWEsXRj/qIAcKyZGLNjEepyjAe9xaEVcXNxPf/pTFAwBxd6///3vqKiozz//nGGY27dvx8XF/eUvf8GdjzfKVyjmlu3bt//nP/+JioqCB05MTGg0GoKvxMDPRYmJiVevXoUfPvvsM8Eyf/rTn8gV+i3w6OF/jPF4PDabbWhoaHh42Ol0NjQ0MAyzY8eOsbExlmW9Xm9ZWRm++dxzz3k8nuHh4ZGRkZGREavV2tHRAasqKCgoLy+fnp4eHBzMzs6Wy+WCLYpNlBUUFFgsFrizr69vZWWlv78fbloslvz8fHIBo9FIPpwjg6+WY7WYcxiGqampcTqdVqu1v7+/t7f31KlTyJmCnmlpaVlaWhodHe3v7x8YGOjq6uK7RbCM1Wo9evTo7Oys3W7XarUmkwkWNplMMTExDofj008/xX/nYg15PJ6xsTG73W42m7Ozs8U6S8xeHDEbxaR2dHRYLBaLxTI+Pq7RaBwOR6jsgmoHBwdtNpvT6dTr9S6Xa3R09PLly1NTU42NjfBYo9E4MDBw584duNnb21tUVIRbROhNjtNMJlNkZOTExITFYvn444/xSvColiiMf1RAjhUTIxYDYj9PsYkgj8czOjoKg2F6ehrJDqiPkpOTGxsba2trGYZpamrKz8//0Y9+xG+LoFDMLYjr16/X19d3dnYSfBXPg2w7Dl6mvLz8mWeegUMRhytXrjzzzDPl5eXk2h5BAJGpqSmGYRYXF+Hm0NBQSkoK+oplWbwk3ISHTE9Pw/3nz5/PyMgAALjdbplM5vV6+a1MT08nJSXBzx6Ph2VZt9vN33Q6nQqFAtaQmZlZV1dXWloKW4yJifH5fOQC09PT5MNxSWJqcavFnLO8vMyy7OTkJNzf29ublZVF8AwAQKVSeTwe+Nlms2VmZvI9LFgGZ2JiIiEhAQqQy+V4Q7GxseSGGIZBPhczX0owEGwUlAoAUKvVVquVX2aVdkEl8/PzcOfg4GBERMTS0hISv2/fPtREVlbWuXPnkCG44eTexJ0G5aGSuDw8jKUL4x8l3bEEMYIxIBbwHA1iwT84OIiCP6DYAwD4fD69Xt/c3KxSqWZnZzkCUKOEmCS4ZWZmJiUlpbu7m+ArWIwD4J2LBOGfr9ra2pRKZUlJyfj4ONw5Pj5eUlKiVCrb2tqQBzYPMr+DEMuy6FpVo9G43W6/h8jl8j179sDPer1+enqaYZi4uLji4uKsrKwDBw5oNJqMjIwf/vCHqNqhoSH4+cKFC5mZmei6Ht/cvXu3TqcbGhoyGAxOp7OpqUmn0z148MBiseTm5m7dupVcYM+ePeTDcRMIav06Z25uzufzJScnIw/AX4KYZ7788kuXy5WUlAT3r6ysyGTcfhEr8/nnnx87dszhcPh8vpWVlZWVFSiAYRi8IXIl0BB8YkfMfCnBIGijmNSFhQW3252WlsapJCR2sSy7Y8cOuFOr1cbExGzfvh2Jx+8kG43Gvr6+559/vq+vLz8/H78BQOhNjtPm5uZWVlbwkugrTlRLFMY5KiDHiokR85VYj3M04ODBoNVqUfAzAcbe1q1bT548mZube+LEiV27dvEbgogpFHMLpLi4uLa29sUXXyT4imGYxMREfosE28XKREVFvfbaa1VVVRUVFQaDAT7MZjAYCgoKJicnUadvKvyPMSHkk08+uXr1qt1udzqddXV1Tz311Pvvv88wzJYtW3bv3g3LkJ8oy8/Pt1gsk5OTBQUFO3bsSE9PHxgYwGe6yAX8Hi5Fbcjxer0REREjIyPoVxcRwZ3DFCtjNBorKyu7urrkcvnMzExeXt4qG0Lwza+vrw/aRrLULVu2SC/MR9Aun88nXVtRURGc7Orr6wvHbEZYnygLVQwIBnyonpgix97s7GxERMTs7Cy5kkBj8ubNm6Ojo3/729/QHjFfockxxK1bt4J7ouxf//pXU1PTwMBAS0sL3NPS0tLZ2VldXd3S0vLEE0+QK3wEIV/m8CfE0JWvxLmynp4ewYt6m82m1Wo5O5eXl1UqFbrA52wCAIaGhjIzMwsLCz/99FMAwKlTp2pqahISEpxOp5QCfg8XA6nlTBcIOkfiXBnuGZZl+fNFnPr5Zebm5mQyGS4SCcDnK3p6elCvSWlIzHwpwSBmo5hUAIBarbbZbCG3i6CWvwkASE1NtVgssbGxaP4HQuhNjtOgvKmpKbiJpok4YSxRGP+ogBwrJkbQV3xgjxOUE4I/oNgDAMzPzyckJHR3dyuVSofDwflWLDhRTBLONsvLy/jZgxCE/Lky/smHD79MVVUVy7J1dXUulwsv6XK5amtrWZatqqoiVPhIEvwY4/F4ZDIZmnNEm7DXi4uLZ2Zm7HZ7enp6c3MzAMDhcOTl5V28eNHlck1PT1dWVhYUFKCa4TTrwMBAamoq2snZhKjVarVaDcvPzMzExMSkp6dLL0D+Fs32iqnFrSY4p7KysrCwcHp62m6379+//8SJE+Dr0wTfMwCAqqqqrKws+Aeto6OjpaUFALC4uCiTycbGxpaXl8XKqNXqU6dOzc/Pj4+PG41GJMBoNOINof2ClfB/xoLmSx9jBG0Uk9rW1paZmTk6OjozM2MymQYGBkJiV6BjTFNTU1paGopJfN5frDf5577i4mKj0Tg1NWW329PS0mATnDCWKIx/VKCOFRQj6CuxHicoJ1gRUOwBAKqrq0tKSgAAra2tOTk5HP+jhsRiUswt/H4k+IqP4MnHb5mysjI0rvOZmpoqKysj1/noEfwYAwBobm5WKBRmsxnfPH78OMuy7e3tarU6Njb28OHD8H6mz+drbm7W6XSRkZFqtbqsrAzd30Ot1NfXNzY2ovo5m5DS0tLi4mK0mZGRwSlDLkD4FjeWoBZZTR6Ajx49qlKptFptc3MzHCRgeb5nAABer7e2tlar1SoUivz8fPTPqKGhAXlYsMzAwEBGRoZcLk9ISKirq8P/lx08eJBlWZ1O19nZifYLVsI/XQqaL3GMEbNRTOry8vKxY8dUKpVcLjcajfAP4OrtCnSMsdlsDMNAV3OOJfQm+H9mZ2cLCgpYlk1KSmpvb4dNcMJYojDBowJyrKAYsRgQ7HGCcoIVAcXeyMgIy7LwQsTr9SYlJX388ceCDRFiUtAtgr0s5is+giefIMpQ/IwxQeB34oWATqe7fPmy2OZGZzWe2ShsXBs9Ho9cLic/RBQQY2NjarUaBBvGnKNW6VgkZjUa1gSy4eGLNym2rwf/rH8e6j1/v1y/fp2wSaGEjwsXLmRnZ4cwAZrNZktJSWGCDePQBj8Ss4YaNhZSbN/M/pHOeswlQwkf165d+8UvfkEocP/+/Z/85Cf//e9/H5qk9cDCwsLJkydLSkpWWc+bb7750Ucf3bp167PPPmtsbKyqqgqJvEdATHDcv39/aGhIq9WutRBK8NAxZnNRXl6O1igIsnXr1sjIyFU+przhQLP5q6wnJyfn1KlTWq22rKyspqaGk5PmIbOuxATH0aNHTSYTzUK7sSFPpW3c6fVHjKA7AiaKhp9dLldERAR60mZubq60tFSpVGo0mtraWrTfarWi9c8PX/ClS5fS09MVCkVWVtbo6GgQFdbW1srlcnj3HjcffP10FkQmk6WmpsIV4MGpdblcZWVlKpVKo9E0NDTgqSLErIBwVD0cODfAyQoJleBnD61WiwznfAV599134YFms1mv18vlcr1eDx/Mk9IWJ60Av+MIiIU3AMDr9R46dEiwcghMO8Lfn5eXBwCYnJwsLCyMjY1Vq9WVlZUwZYNYJRT/9/wFs79QHjJBn7IJzwLl5eVVVFQ4nc6JiYkDBw7U19evsq2QCE5ISOjp6XG73c3NzfhaB4kVwnHUZrMJPv2FUsV4vd65ubnu7m6VStXX1weCivP8/PzS0tKZmZmxsbGsrKzXX3/drxUB2RJaOGMMWSGhEuRAmHwMGY5/hYC98OGHH2q12r6+PpfLdenSpX379qEHl/22xW+X03FiiIW31+vNyckpLi4WrNzr9ba2thYWFgpaBEdTg8Fw7Nix2dnZyclJo9GIUlIJVkIJ/XNllHAQ8jEGPkaFsicNDw+jNFlrO8aoVCqYLaqvry8tLS3QCsWWBotV0tXVlZ+fH4ROj8cTERGBpx3T6XR+rRCT8RDgjDFkhYRKOMoHBwf1er3gVwitVnvhwgW0abVaFQqF38xdhL9HwF/HkcO7tbUVr3B2dhZeoEAMBsP58+fFLOIv5ISrs8UqoUidK4MfOjs7k5KSFApFSUmJy+Wqr69XqVRKpbK8vBx1p9PpzM/Ph0/l40/H4wwPD2dnZ7Msq9FoioqKHA4HrL+trU2lUiUkJJw+fRoAsLy83NDQoFarFQpFcXExZ+kszuTkpEKhgKuIXS5XbGzsxYsX8QKEJQ7QqNjY2NLSUnTK8Hq9FRUVLMvu3bu3qakJL4+LFJRNaItTUpDh4eGsrCy5XK5SqeDiMsALd4ny5ufn0ZU7f0EPzuDgoMFg4HQ6h/7+fjHN/DJBn0bhWsjq6uq0tDS73Y728yvkOwFPQWY2mznmC1ZitVr37t3LP5357SnyMhcxKwAAHFUnT548ePAg+raxsfHw4cOw8o6ODsGlVPyuFwNfqtLW1iZFod/lOxwHjoyMoJklwR6H9nJyzg4PD69yjIEdR64BgYe3WIVImEqlQrN/CoWipqYGLtyura2F3jYYDCdPngQALC0tVVVVHTp0iFAJJYBnl1FC8qWlpYqKCr1eX1BQMDo6Ck+pjY2N7733HoNlFPd4PJwc6YiCgoK2traioqL5+fmenh6UoxtmSrfZbPC+NMr6rlQqOzo6HA7H008/LZhZCGUI/+tf/yqYIbympmZubs5qtS4uLh4+fFipVP7qV79isPzkHo+noqKisbHxgw8+YLA85F6vt7q6uqur65e//KWgSP4eQluckoK2wPTjRUVFXq+3vb3dZDL98Y9/5BSTKA++jCAjI8PlcslkspmZGbHObW1t9XvHu7y83GAwdHR0fOc73+F/e+XKlYaGBofDcfPmTXI9ZGDilomJiYmJCZTFThBBJ+D2btmyBd8UrESpVC4uLnJ2SumpkZGR4KzgdApc6njnzh2YX7K3t7e1tZXBUtb7fD6j0djR0fHGG2+IWS0YSAyWZh9WIlGhdBYWFpqbmwXT/SHgJQUn5+x3v/vd4FpE4B0nZj5CSnhDzGZzaWkpUru0tMSyrN1uX1xcNBqN77777m9+85u+vr709PT6+vrl5eV9+/bxI4FTyWaHPATh1zGMhITkhIziCEKObs4KOMGs74JZuAExQzg5gRg/PzmQnAOfv0d6KniCLQiUfpzzt0uiPODvzyCkubk5NzcX/SPGi3Feu8DPWw5EUpcHdx1z+vTptLS02dnZnJwcOPMwMTEBFw/yK5TyQgS/c2Xwfzr/9rLfniL83ydYISiD/2aBqQBfAyEYSIQ0+9L9zL+OYRhG9TWRkZGlpaVQD+crlUplMpkEfS4RcuhyMgsQfkec8BarEADg9XpjY2PROcfr9eJLLHt6eqC3a2pq9u/fPzw8fOHCBa1Wy7nS5VRCCWyuDN8vmADD6XRGRkai/Q6HQ3Cu7NChQ+np6XV1dZ2dnZcuXeLXDwCYn5+XyWTkqQAO8BVk/KdWOKrGx8cFT9zICpilHP1UlEql2GmOv0diWwSsVmtubq5Go4FNQ0n44dLlAX8/VABAT09PSkoKPg+JF1teXuYkDHW73UajEZ+SlslkRqMR/f8QbAs/9YjtAdi/CqfTqVKp2traLl++DBPKcSqU6ITgxpjgbvzgWT7FrBA8tr29vby8HAAA1+jAAnK5HBVwOBzQOjGrBXE6nZxKpCj0+0tXKBTwPG42mxMSEtAfTfwrCBynZ2ZmcBnSkT7GEOCHt1iFAIDu7m7CramxsbGEhASfz6dQKNCTeGfPnuU8MUGuZBOyNuv8pefo5md9J1wXS8wQ7peAcuCvBkFb/KZqD6G8f/zjH1VVVf39/Tt37hQsgL92gRHKW85IS10Os4GR99y6dcvtdn/7299mGGb37t1ms9loNI6MjMCs+xxC5QS32x0TE+O3mPS5soCsgEh/s4CY1X4ni1apECciIgK+beXIkSOdnZ2nT5+GU8H4Vzjwyuz+/fv43NHVq1f1ej16F3IQ4B0nZr7f8OZgNpsrKioIBVZWVtxut8/n++Y3vwn3pKenc6ag/Vay6SAPQYFexxAyioshmDcews/6DsSviwkZwiWmZ8eNYqXlwOfvkZ4KXtAWsfTjnMMlygPEP4Nut3vfvn1nz56VUg8Qz1sOQpS6HAYPPgt39OhRhmHgHWm+KilOkPhcmd/rGH5PiT1XRrZCrAnOmwWmAnwNhJS5MpRmn6xwcXExIiICn0Am3PPv7u7WarVw3pv8XJnFYkGbdrs9tM+VCZovFt5iFcLrrbm5ObTHYrHgV5/nz5+Hc2VyuXxiYgLthD9wsUooIR5jgHhGcYSUvPEQwazvYghmCEdISc+OWyExB76gbOmp4AURTD8uJc+/YBP4ywimp6fRrMXy8nJubm5NTQ3++D/8amJiAk8gjfJqk/OWQwF46vIgVpxUV1c/9dRTdrvd5XKZzWb4ZBdcfsHxgEQncN5AgW54eL1el8uFllkEMVcGAMjLyysrK3M6nePj49nZ2Wh9DMEKQVWA92aBqQBfAyGGWJp9ssLMzMzKysrZ2VloF/m5MoPB0NXVxfEtYX3MwMCAwWBobW31615+p/A7TuxYQniLGdLe3m40GvE98/PzKpWqqanJ5XJZrdbU1FT4WzaZTAcOHJicnLRarTqdDv1ABCuhhH6MEcsojpCSNx4imPVdEMEM4XgBKenZcSsk5sAXO61LTAUviFj6cb95/gm39OGBXq8X/YGd4i1LRg2dO3cOTSiH5IatdLxeb0NDQ1JSklwu379//5kzZ+BT6fDvBe4B6U7A30Ax9f/LxQ0GA3+dv3Tl+EpyfJ0/2Qq+KvD/bxZAGgJ6DYQgM+Jp9gkK4aJFlmUNBsOJEyfIY8yZM2eSkpJ8Ph8/ohihdf46nW716/xRxxGOFQtvMUP0en1PTw+nHjiFyLJsSkpKR0cH8p7JZFKr1Xv37u3s7PRbySbnMQDAqubaiFy/fv0HP/jBZkuwuJ759a9/bbfb//znP4sVuHfvnl6vf/31119++WWGYW7cuJGamnrnzp2HqHEzcvfuXZVK5XQ6YeJn6nbKI0N47/kHl1GcEj46Ozv5N9txtm3bdubMme9///toTzjeb0/hEPI3C1Ao64TQX8e8+eabGo2msLBwcnKytLS0qalpIyZ8pUDu3bsHFzOutZBHmYWFhaKiokOHDv385z+HezbPdQz/kTDI5OQkXJRK2eiE/jomJyentra2urp67969GzSjOAWxbdu2tZbw6KNWqwsKClb/ZoGNiNhVNR1gHhnCez+GQqFQKJsZ+o4yCoVCoYQLOsZQKBQKJVzQMYZCoVAo4YKOMRQKhUIJF3SMoVAoFEq4oGMMhUKhUMIFHWMoFAqFEi7oGEOhUCiUcEHHGAqFQqGECzrGUCgUCiVc0DGGQqFQKOGCjjEUCoVCCRd0jKFQKBRKuKBjDIVCoVDCBR1jKBQKhRIu/gcZZ5lN+r9tMQAAAABJRU5ErkJggg==)
Screenshot: ![sthopeleadershipacademy.org vulnerability](/twimages/screen-1059724.jpg)
Mirror: Click here to view the mirror
Coordinated Disclosure Timeline
Vulnerability Reported: |
3 January, 2020 20:08 GMT |
Vulnerability Verified: |
3 January, 2020 20:23 GMT |
Website Operator Notified: |
3 January, 2020 20:23 GMT |
a. Using the ISO 29147 guidelines |
![](/images/done.png) |
— |
— |
b. Using publicly available security contacts |
![](/images/done.png) |
c. Using Open Bug Bounty notification framework |
![](/images/done.png) |
d. Using security contacts provided by the researcher |
![](/images/done.png) |
Public Report Published |
|
[without any technical details]: |
3 January, 2020 20:23 GMT |