logo
DATABASE RESOURCES PRICING ABOUT US

mdph33.fr Cross Site Scripting vulnerability

Description

Open Bug Bounty ID: OBB-1073435 Following coordinated and responsible vulnerability disclosure guidelines of the **[ISO 29147](<https://www.iso.org/standard/45170.html>)** standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence. Affected Website:| **[mdph33.fr](<http://www.mdph33.fr>) ** ---|--- Open Bug Bounty Program:| **Create your bounty program now**. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| **[XSS (Cross Site Scripting)](<https://www.owasp.org/index.php/Cross-site_Scripting_\(XSS\)>)** / CWE-79 CVSSv3 Score:| 6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N] Disclosure Standard:| Coordinated Disclosure based on **[ISO 29147](<https://www.iso.org/standard/45170.html>)** guidelines Discovered and Reported by:| **SkyEmie ** Remediation Guide:| **[OWASP XSS Prevention Cheat Sheet](<https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.md>)** Export Vulnerability Data:| Bugzilla Vulnerability Data JIRA Vulnerability Data [ Configuration ] Mantis Vulnerability Data Splunk Vulnerability Data XML Vulnerability Data [ XSD ] Vulnerable URL: ![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAAAjCAIAAADNIk3yAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAJYUlEQVR4nO3cbUhTXRwA8JsvqXMv+bLZTMvJUhGxMWxJWIhI2RgyozfEiFLQIowixUJ68YPCpDAJkaDIEL/1wpCQ2AcZMkRkTBsy92G5tVaEm87mmi/bfT5cnsue3RfvptPs+f8+7Zx7z//c8z9jZzt32x4URREAAAAgCmJ2+gIAAAD8tWCNAQAAEC2wxgAAAIgWWGMAAABEC6wxAAAAogXWGAAAANHyR6wxIpFoamqKqggiADkEAPwJdn6N+fz5cyAQOHLkCGkRRAByCAD4Q2ywxlitVg6HQ3rI7XZ3dXVRFZlTq9XV1dVUxT+T1WpNSUmhP4EqbwiCzM7OnjlzhsfjZWRk1NfXu91uqkqi27dvJyUlDQwM0PS+JTmMeEI3Y8PERq9fmvnakcj0DSOYneiNEQAakX+OWVxc7OzspCoytxvXmE2Sy+VZWVkmk0mv1/t8vqamJqrKEE6ns7e3d3x8vK6ujib+luQw4gkF2wBmB+wWcTvb/ffv381mc3l5OWnxr7SystLc3Hzt2jXsTWVbW5tcLietJLb1eDwsFot+E+z/kEMAwG7B6HPMs2fPRCJRWlra5cuXsT0ct9udk5Pj8Xj27NkzMDAQXHz69CmHw+nu7s7IyEhJSbly5crv37+pIqvV6lOnTsXHx4cUa2pquru7scqpqamEhAR876ixsfHw4cM0R1taWuibt7S04BeAbSA8efJEJBIlJydfvHjR6XS2tLTw+fy0tLSrV68uLy9jZ3779u306dMcDic/P39oaCi4OdVgiXlDECQhIeHWrVvYWrK2tjY4OFhRUUFaGZIrp9MZkuSuri4+ny8UCl++fElMKfOhLS8vNzY28vn87Ozsx48f+/3+kPlFEGRlZaW+vp7D4Rw6dOjhw4d+vx8hbL/gO11YPenlEZEmlqpHKqQ9UkXw+/337t3LyMhITk4+f/680+mkmS+agYd0RxU2rMghSBuGzA7ziQZg+228xng8HoPBoNPpJiYmHA5HW1sbgiA8Hs9kMrHZbJ/PV1dXF1ysqanxeDwTExOTk5OTk5N6vV6lUlEFp9ooUygUGo0GqxweHg4EAiMjI1hRo9EolUqao3K5nL55yEcEbIBjY2MGg8HhcBQUFMzPz09PT4+Pj8/Nzd2/fx877ebNm1wud2Zm5uPHj8EvhVSDJc1bsPfv37NYrImJiRcvXtBXYtLS0kKSbDKZjEbj69evy8rKSFPKcGjNzc0Oh0Ov14+MjKjV6r6+vpD5RRCko6PD6/VOT0+PjIxotdr+/n6qOcW7Jr08IqrEbr5HqggqlUqj0Wg0GrPZnJmZOTMzg1DPF1UQYnekYSOIHDwi0obE2WE40QDsAJTW3NwcgiBLS0tYUafT5ebm4ofYbHbwmVgRa2Kz2bD6d+/elZSUYI9tNltOTg7exOPxsNlsl8tFLDocDhaL5fP5UBSVyWR37typra3FgnO5XJvNRnN0dXWVvvnq6mrIABcXF7Hi2NhYTEyM1+vFxysWi1EUXV9fT0xMDB7Uvn37aAZLkzec1+vVarVFRUX9/f30lVRJxlNHmlLmQ2Oz2RaLBatXq9WlpaUoYX7T09M9Hg/22GAwyGQy4jlzc3PBaSFeHhFVYql6pELaI1UEgUCg1+uJzUnni2rgxO6IYSOIzKQh+t/MM5zokMkCYHtsfD+GzWbj+yGZmZkul2vDJomJidnZ2djjgoICm82GN9fpdPhpnz59kslk+PeIgotCoTAvL0+n0xUWFjocjgcPHuTl5fn9fo1GU1lZmZ2dTXM0Pj6evjm+NYcPkMfjYY+zsrK4XG5SUhJ+wfPz8wiC/Pz5E0GQ4EFtONgN85aUlHTixAmVStXe3t7Y2EhTSYrNZhO/ghWSUoZDW11dFYlE+BCw16xgCwsL8/PzOTk5WDEQCMTFbfDMIb08IqrEbr5Hqghut9vlchUXFxObE+eL5jJCuqMKG0Fk+oZUY99wogHYEdt6zz82NlYoFOJF+m+UyeVyjUZjsVgUCgWPx5NIJFqtFt/poj/K5ISdsra2ZjAYjh49ihVzc3MdDgdpZQTBo/StPJ/PFxMTMzk5ib8OxsRE95dVm++RPkJsbGw0LoNh2AgiA7BLReVp7fP5vn79ij02m80HDx4knuP3+4eHh/EXxJAi8u8tGfxFU6lUfvjwYXR0FFsk6I8yOSEsAoEAQZDgQYU12GCBQOD48eMLCwvBTUgrw71IYg6ZEAgEe/fu/fLlC1Y0mUz4m2ucUChksVgul+vAv7D3CqmpqV6v99evX9hpdrs93GumSixVj8xRReDxeKmpqQz/BIH5ZYQVNqzIAOxu9FtpVBvuKIp6PJ64uDiz2RxSxHZazp07Z7fbjUajRCJ59OgRHgG7R4KiKHbXAa8PKWIEAoFAIMCa2O12LpcrkUgYHt3wBKyeZoAhRaVSGTyo4BsPxMHSh1UoFJcuXbLb7QaDobCwsK+vj6oyOGPof+/HEPfWQ3LIfGgNDQ3V1dU2m81oNEql0t7eXpQwv01NTaWlpUaj0eFwqFSqjo4OrF4mkzU0NPz48cNsNpeVleFpYb71T5pYmh5JkfZIFaGzs1Mmk01PT9vt9ps3b2q1WppckQYh7Y4YlnjmhpFRZs/M4NlhONFLS0txcXEmk2l9fZ0mkwBsrcg/xyQnJ7e3t0skEuy7rXjx7du3bDa7pKREKpWWlZUVFxe3trZiTaxWa3p6OvaYyU8vKysrT548mZCQgCDIgQMH8vLygj+F0B+lPyH4Shh6/vz50tJSQUHB2bNng38CSTVYGq9evUIQpKioSKFQ1NbWXr9+naoyrOuMeKOsp6dn//79Uqm0qqqqurr6xo0bCGF+e3p6SktLq6qqxGLx6OgonoGhoSGLxSIWi5VK5YULFyLonSqxVD2GNS7SCK2treXl5RUVFWKx2G63FxYWRhCEKKywVJEZznjI7DDB4XDu3r0rlUoHBwcZNgFg8/agKLq1Ea1Wa1FREb5/QiU/P//NmzfHjh0jLe4WDAe7PXZpDgEAf7Ed+53/7OwsTRFEAHIIAPjT7PB/yYD/CT6fT1pvsVjC+qPGrYoDANgesMaA7WAwGEjrw10YtioOAGB7bP39GAAAAAADP/sCAAAQLbDGAAAAiBZYYwAAAEQLrDEAAACiBdYYAAAA0QJrDAAAgGiBNQYAAEC0wBoDAAAgWmCNAQAAEC2wxgAAAIiWfwCq6K69KL0d8QAAAABJRU5ErkJggg==) --- HTTP POST data: ![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAAAjCAIAAADNIk3yAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAMiElEQVR4nO2cb0xbVRvAL6WUa1f+rLYdpcwB041MgrVOhrrxwRmzmGWp0U1NyFY3gmxBRwgauqBWTNiC00y2ED5Mg8ucfphkEoNTkZhrQ1Cw6WqDtWGs1NrMrVTAO+xY8b4fTt7zXu7/AWV75/P71HvPOc+/Ppyn95x7SGMYhgAAAACAFKC61QYAAAAAdyxQYwAAAIBUATUGAAAASBVQYwAAAIBUATUGAAAASBVQYwAAAIBUATXmX8eFCxf2799/q60A/seNGzdeeOGFP/74Q2H/oqKiCxcupNQkAFgqoMb863A4HIWFhbfaCuB/ZGRkaDSaxsZGJZ1//vnnf/7554EHHki1VQCwJKS2xkxNTR0+fHgBA8fHx7OyshamFI8dHx9fuXLlwoQsUrU0yx8WrHFiYsLn89XX1wsKPH78+Nq1azMzMx988MEvv/ySozrtv6SnpxcVFb399ttzc3OcJsz777+PmtLT07///nuOKPy9cMauXr3a6XTeuHFDzF/Od3r8+PGioqIVK1Zs2rTp22+/FbSWL1bCU2mNsu7w45CWlpaVlfXLL7/g/h9//PH69esvXbrEVlRfX9/X10cooKenZ8eOHUp6SqAkkRacpQAwDyaVhEIhnU63nAPZY0OhUG5u7sKELJhEIiHbZ/nDwo4JWwL7sr29vbCwsK+v78qVK2fOnNHr9RRFcXomEolEIjEzM+P1esvLy1taWjhNmGQyiZoIgiguLqZpmi0Kfy8csX6//9FHH21ubhbzlz22vb29uLi4v78/FoudPXvWYDC43W4lYiU8ldYo6w7SGAgEcnNzcSjq6+t3796N+5eVlXV1dUl8EdKUl5d//fXXSnpKI5uoi/kbBADMHVhjIpGIzWZDH8rLyxcmJKXcPjUGx4phmPz8/P7+ftx07Nix7du3S6h2u90bNmyQtioUCmm1WpvNVltby77JqTHsIQMDAyUlJWKt7LEcgzs7O7HB0mIlPJWtMdLuCN6JRqM6nS4UCjEM09vbW1xcnEwm2ZEX1CtINBrNzc2dnZ2V7bl4oMYAS4LMWhl6pn733XfRisRzzz03MTHx6quvGo3Gu++++8UXX7x27Rrqee3atZdeesloNK5evfqtt96am5ubmpoqLCykaTotLe2jjz6S0DI3N+d0OletWrVixYqdO3dOTEzw+1y/fn3fvn1ZWVlr1qx588030SqNIBaL5aeffkIffvjhB3Tzq6++kvYUdxgaGtqyZUtWVpbFYnnmmWfwKgffSBScw4cPG41Gs9n8wQcfsJcg0Od33nln1apVK1eu3LNnz99//00QBD8sgrYNDQ098sgjd911l9Fo3Llz5++//64kJnyTOBo/++wzwVhNTU1Fo9HNmzfjpsrKypGREYmIkSSZTCalo0oQhEqlOnXqVFdX1zfffCPbmSAIjUYzOzsr241v8N69e0+cOCErdgGesrlZdwiCMJvNDoejra2NIIgjR440NTWlp6fjyEvDyY2enp4nn3wyIyODEElUJVlKzF9PXkyWAoAs8vsxNE17vV632+31eqPRaElJSSwW8/l8g4ODoVDo0KFDqNsrr7wSjUY9Hs/58+d7eno6OjpycnICgQBasqiqqpJQ0dbW1tfX19fXFwwG8/PzBf/gW1paZmZmfD7f+fPnKYrq7OwkCMLIQ0yFw+HYunWr4F/10NDQ1q1bHQ4Huty+fbvD4QiHw263e/PmzSRJShhJ03QgEPD7/V1dXexpC4fuxx9/HB4eHh4e9ng8aJbhh0XQNo/HU1NTc/nyZb/fX1BQUFdXpzAmfJPYGp9++mnB+NA0TZIkmrwQ2dnZ09PTYvG8evVqc3Oz3W4X68Dm/vvvd7lce/funZqaku75559/vvHGG9XV1bIy+QZnZGSsWbNGVuzNespHuTuYpqamM2fOfP7556FQCGeaNJy0RLA3YwQTdZmzFADkkX7MQQvQk5OT6NLtdqtUqpmZGXQ5MDBw7733MgyTTCZ1Ot3Y2Bi639PTU1FRwSh+3DaZTB6Ph6OXM9BgMOBFcLQZwDBMhIeYCpqmW1tb9Xr9rl27gsEguhkMBnft2qXX61tbW5HweDyuVqsFl6oFjSQIIh6PC5qNWsPhMLrs7u7euHGjoHeCtrEZHR3Ny8vjD+THhG8SR6PYN8K/PzY2xl7wQZINBoPBYNDr9SRJ1tbWokCxmxB1dXUcsclksqKiAm1L8Hc4sFiVSrVt2zYJq/BYdlNjYyOSUFxcLCtW2lPZtTJpd/hDMLW1tSRJdnR08IPP0ctPSwRN0zqdDn25YomqJEuZ+fmwVFkKAILI1xjOziRn3kGX0WhUo9Hg+8FgUHBOFGRyclKtVqMtYjG98XicPYvp9XqTySTvHI94PG6329VqNbpUq9V2ux1XUMTzzz9vtVobGhqOHj363XffKTeScycUCpEkiZtGRkawzYJh4djm8XieeOKJ/Px85C9/YhWMiWwJEesQiUTY1jIMMzo6ajAY2BK0Wi0q5NFolB0KdhMCz2icqVOr1Z47d46/w4EHUhRls9mOHTsmEWE0lm3w5ORkJBIZHBxUIlbaU4U1Rswd/hCMz+cjSVJsp50tWTAtGYbp7u5+/PHH8SU/URVmKTM/HxaTpQAgy+1yPiY9PV2iNZFIqFSq4eFhr9fr9Xp9Pp/X6yVuZq2MIIiLFy/W1dVRFNXS0oLutLS0UBR14MCBixcv4m6ffPLJyZMny8rKZmdnGxoaXn75ZYVGLga+bXa7vbKykqIor9fb29vLHyIWk4WBVkXYb/dOT09nZ2ez+6hUKovFYrFYzGYzJxS4CSH4yvh9993X2tpaU1MTi8XExm7ZsqW9vb2jowM1abXaRCLB3nujaVqr1XIMzsnJsVgsGo0GNUmLlfZUQqNCd8TIzs5Wq9WZmZmyPQXTkuC9tSyWqMuZpQAgy9LUGJPJpNFoLl26hC4DgYDyU345OTl6vV763LLZbNZqtfF4HM8aZrOZIAgvDzEJ+/fvt1qteXl5wWDQ6XSim06nMxgMmkwmq9XKPvr+0EMP7dmzx+l0fvjhh+fOnVNoJJ9EIvHbb7+hz8Fg8J577lFo29WrV6PR6Ouvv7527VqLxYL3hJTEZGHk5OTk5+e73W58B702tmCBghw8eHDDhg2Ce0sY9EscfTYajXq9fnBwELdSFFVWVoYNHhgYwE39/f2oSVqstKcSGhfmzgIQTMu5ubkvvviCczKGk6jLnKUAoAjpxxyFa2UMw1RXV+/YsSMcDvv9fpvN1t7ezjAMTdNqtVp29ba1tbW8vNzn80UiEfRDaXp6Wq1WBwIB/OBfW1tbUVHh9/uj0WhbWxs6maGcqqoq9PKomJtVVVUMw4yMjGzbtg0duQiHw9XV1fitVr6RsmtlBEE8++yzkUjE7/dbrVaXy4WaOGERtM1kMnV0dExOTgaDQbvdjuLMCQs/JmJLYVhjOBzmrBRh8KmRWCz26aefCp6PEYuexPkY/uaHTqcTPB+TSCRGRkYqKysPHDiA+584cWLdunUURaFDMHq9Hh+Cwedjrly5cvr0ab1ePzAwoESstKcSGmXdwd34a2XS68ajo6OCQ1BaMgxDUVRpaSluEktUJVnKzF8rW0yWAoAsS1ZjaJquqakxGAwFBQUulwvXBpfLpdVqu7q6JLQkk8nXXnvNYDCQJGm322OxGMMwTU1N7IHoLFtBQYFWq33qqafw+wVLy+zsrMvlWrdunUajMZlMVVVVly9fFjNStsbodLojR46YTKbc3Nzdu3fjdyUYBWGhKGrjxo0kSebl5TU0NOA4s8PCj4nERIY0njx5kiRJsaqPZm2NRmO1Wnt7e8Vc44DmKQ5o80NwVGdnJ2fPH2MymWpqaqanp9n933vvvcLCQo1GU1pa2t3dzTEYNdlsNvaRF1mxEp5KaJR1B3e72Rpz9uzZsrIysVaGYRobGw8dOoQvxRJVSZYy82vMYrIUAGRJYxgmRU9I/3LGx8dLS0v/+uuvW20Il4MHD/r9fvZ/XgFuLdevXy8pKWlubt63b59Yn/Xr1586dWrTpk1Lq/q2zVLgjkF9qw0AlpujR48u5u0AYMnJzMw8ffr0Y489JtHn119/XTZ7AGAJWb4aI/bS19jY2IL//SWwADIyMh5++OFbbQUwD+kCAwD/vyxfjRH77QwFBgAA4E4F9mMAAACAVHG7nMEEAAAA7jygxgAAAACpAmoMAAAAkCqgxgAAAACpAmoMAAAAkCqgxgAAAACpAmoMAAAAkCqgxgAAAACpAmoMAAAAkCqgxgAAAACp4j9JrvI/CtYNhgAAAABJRU5ErkJggg==) --- **Screenshot:** ![mdph33.fr vulnerability](/twimages/screen-1073435.jpg) **Mirror:** [Click here to view the mirror](<http://1073435.openbounty.org/mirror/>) ### Coordinated Disclosure Timeline Vulnerability Reported:| 23 January, 2020 13:48 GMT ---|--- Vulnerability Verified:| 23 January, 2020 13:57 GMT Website Operator Notified:| 23 January, 2020 13:57 GMT a. Using the ISO 29147 guidelines| ![](/images/done.png) ---|--- b. Using publicly available security contacts| ![](/images/done.png) c. Using Open Bug Bounty notification framework| ![](/images/done.png) d. Using security contacts provided by the researcher| ![](/images/done.png) Public Report Published [without any technical details]:| 23 January, 2020 13:57 GMT