logo
DATABASE RESOURCES PRICING ABOUT US

uk.brandsaver.net Cross Site Scripting vulnerability

Description

Open Bug Bounty ID: OBB-1073476 Following coordinated and responsible vulnerability disclosure guidelines of the **[ISO 29147](<https://www.iso.org/standard/45170.html>)** standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence. Affected Website:| **[uk.brandsaver.net](<http://uk.brandsaver.net>) ** ---|--- Open Bug Bounty Program:| **Create your bounty program now**. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| **[XSS (Cross Site Scripting)](<https://www.owasp.org/index.php/Cross-site_Scripting_\(XSS\)>)** / CWE-79 CVSSv3 Score:| 6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N] Disclosure Standard:| Coordinated Disclosure based on **[ISO 29147](<https://www.iso.org/standard/45170.html>)** guidelines Discovered and Reported by:| **geeknik ** Remediation Guide:| **[OWASP XSS Prevention Cheat Sheet](<https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.md>)** Export Vulnerability Data:| Bugzilla Vulnerability Data JIRA Vulnerability Data [ Configuration ] Mantis Vulnerability Data Splunk Vulnerability Data XML Vulnerability Data [ XSD ] Vulnerable URL: ![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAAA3CAIAAABVZQ1/AAAACXBIWXMAAA7EAAAOxAGVKw4bAAAQe0lEQVR4nO2df0xT1/vHr1hZgQvyG4QaKC5gCEFjCMMFN6dGDSOkQ8T9YJNtxBFSDSPGTUgY6xwyBs4xRsziEuSPSRZDCCGGEeKSzjAHiB1jDAkw6BAaxq+6DqFW7uePm+/J/d57zultoRbn8/qr5/Tc5z7nOff24T4t77OB4zgGAAAAAFyAh7sdAAAAAP6zQI4BAAAAXAXkGAAAAMBVQI4BAAAAXAXkGAAAAMBVQI4BAAAAXMW6yDFqtfrXX38lNQFXAwEHAMBFuD/H/PbbbysrKzt27MA2AVcDAQcAwHXYyTHj4+O+vr7Yt8xm8/nz50lN+bS0tGRkZJCa8v1xaMyaMD4+HhAQ8BhOtFZg14gecBdBWaP5+fm33347JCQkMjLygw8+ePjwoRP233//fS8vrytXrjjnlVtWVs516/RdBgDuwvnnmIWFhfLyclJTPg7lGGA1YNdovQU8NzfXarUaDIYbN250dnaWlpY6amF2drampubWrVs5OTmu8NBFREVFzczM0Mc4fZcBgLtwc61sampqaGho79692CbgatZbwB88eNDb2/vNN99ERkbGxcVduHDh2rVrjhqxWCze3t47duzYuHGjQwcqFIrY2Fjhi8fMM8888/hPCgAuRVaO+fLLL9VqdVBQ0Jtvvmk2mxmGMZvN0dHRFotlw4YNV65cETYvXLjg6+v7+eefh4WFBQQEHD9+/MGDByTLLS0tBw8e3LRpk6gpqhtgaxe///57UFDQTz/9hLX82WefiRzgbZ4/fz4kJGTLli3ffvstwzDd3d27d+/28vIKCQk5evTovXv30Mjq6mq1Wh0QEPDGG2/ws2YY5t69e4cOHfL19Y2Li/vuu+/Q6bq7u/fs2ePr6xsZGXnkyJE//viDZPzYsWOffvopOnD37t18SWd5efndd9/19fWNior66KOPHj16RPIZxYTkJNaaaMmk8cdOgeQYJW4ibx89enT27NmwsDAfH5+jR4/Ozs5SrisvL6+//vrLx8eHHzA8PBwREYHC7uPjs23bti+++IJSyJqdnRVN899//33vvfdCQkK2bt368ccf8/5jOyMjI2/fvs2/+OWXX3iDP/zwA+lcCDQGG0NsBKSxElbqsHcQdgUBYJ1jP8dYLBaDwdDZ2dnV1TU5Ofnhhx8yDLN58+bBwUGWZZeWlnJycoTNV155xWKxdHV19fT09PT09Pb2VlZWkow7XSgzm82ZmZkVFRV79uzB+tzzfwgdsFgsg4OD/f399fX1qampDMP09vaeOHHCZDL19/erVCqtVotG9vX18bM2Go3FxcV8v1ar9fPzGxgYuH79ujDHpKen5+bmGo3GmzdvpqamKpVKkvHs7Ozm5mb+qKmpKYPBoNFoGIbR6XSLi4t9fX1tbW16vf7SpUskn4XTxDqJtSZaMmnAsVMgOUaJm8jbysrKjo6Ojo6OoaGhiIiIgYEBNFJ6XQm5e/fu6dOnq6qqUNgHBwfb29vr6+vRmBAJQUFBommeOnVqcnKyt7e3ra2tpaWlrq6O1IklNzd3//79fO6R0t3dvX///tzcXEoMKRGgrKz0DsKuIACsdzgqY2NjDMPcv3+fb3Z2dsbExKC3WJYVjuSb/CFGo5Hvb2pqSkpK4l8bjcbo6Gh0iMViYVl2bm5O2pQa9/f3F/anpaUVFBRQfJY6wPej00kZHh4ODw+XzvrmzZv8rG02m1KpFFrmvZqbm1MoFEtLS5RIIuOLi4t+fn68kbq6uoyMDH5AcHCwxWLhXxsMhuTkZLrPJCfp1oRRFQacMgWsKUrcRN6Ghob29vbSnRdeVzwTExMxMTGNjY0cOez8MBGiadpsNpZlR0dH+WZLS0tKSgq2UzpxFKXy8vLAwMDs7OyhoSHUPzQ0lJ2dHRgYWF5ezseHFENKBISxknMHiVYQANY/CrtJiGVZVLaKiIiYm5uze4hSqdy6dSv/evv27UajER3e2dmJhrW3tycnJ6O6h6hJoaSkpK2t7fLly446wLKsyP6dO3fOnDkzMDBgtVpXVlZWVlbQSDRrlUrFz3p6epphGKFl/kVAQEBWVlZKSsq+ffsiIiKSkpJefPFFknEvL6+0tLTm5uaTJ082NTXxfwLPz8/PzMxER0fzBldWVhQKBclnBNZJujUhwoCTpkAyRYmb0Fuz2Tw3N5eYmEh3XnpdZWVlFRYWHjt2jBJ2hmEiIyOxkUFMT09brVa1Wo2OHRsbw3aSLPj4+Jw9ezY/P/+dd96Jj49Hv3OLj49PT08fHR3dvHkz34ONIT0CpJUlXcAA8MRhP8esIRs3btyyZQtqOlcoW1xcbGpqamxs1Gq1mZmZ6A53Do1Gk5eXd+nSJaVSOTExcfjwYefsXL169fbt2/39/ZOTk0VFRc8///xXX31FMp6dnV1bW5uTk9PV1dXU1MQwzNLSkoeHR09PD0oGHh7O/xxDpjVRwLFTIJlyKG6Ofvc+NTXV19f3888/2x0ZEhIi6vn7778dOpccRkZGSktL9Xq9TqdDnTqdrqqqqqCgQKfTbdu2je+UxvDcuXOM4xEAgP8O9MccUs0K+xb2Sb+5uRk96Qux2WzBwcGoXiFq3r9/38PDQ1gIQrUyhUIxMDDAcVx6erpWq8X6jHVAWmeYnp5WKBSoaTAYRBU50axFRZvm5mYUDSEGg0GlUpGMcxy3tLQUGBh48eLFzMxMNIBlWWxFhVQboSyNHGuigGOnQDIlM248oaGhBoPBIedtNpvQMUrYH0OtLD8/n2XZoqKimZkZ0VszMzOFhYUsy+bn50sPRDGUEwFO3h0EtTLgicP5HGOxWBQKBapQoyZ/h2RlZU1MTPT39+/cubOsrAxZQNVqvV6fkJCA+kVNjuOSk5Pz8vJMJtPQ0FBqaqr0U2xwcFCpVPb19YkskxwgfQLW1dUtLCwMDQ1pNBp6juE4TqPRCC3z/QMDA4cPH75x48bMzIzRaMzLy0tPTycZ53n99df9/Py+//571JOfn5+SksL/CVxZWanT6Ug+8zOlf0xjrQmXTBRw0hRIpuTEjae8vDw5Obmvr29iYkKr1er1ervOC1eTEnYSIuN5eXkZGRlGo7G/v3/Xrl01NTWkTiw5OTljY2P00+Xk5FBiKCcCnCTHYO8g0U0HAOsf53MMx3FlZWXe3t719fXCZnV1NcuyFRUVoaGh/v7+b7311uLiotTa6dOni4uLkSlRk+O44eHhffv2sSwbHx9fU1OD/RQ7derUCy+8IOrnX1dWVoocwH4C6vX6pKQkpVIZHh5eVFRkN8dMTEwcPHiQZdnY2Niqqiq+32q1lpWVxcbGenp6hoaG5uTkmEwmknGe5uZmlmVRZDiOW1paKiwsVKlU3t7eaWlp/F/Z9E8iytJgrQmXTBRw0hRIpuTEjcdms505cyY4OFipVGo0Gv5pgO68NOXwYff29o6JiUFhJyH9acOJEyeCg4NVKlVZWZnNZiN1rhJSDOVEgJOsLPYO4iQ3HQCsczZwHLe2xbfx8fGEhIR//vmHPiwuLq6hoeG5557DNgFX8+QGfHx8fOfOnfPz8+52xFXIvIMA4IngsX7nL+Tu3buUJuBqIOAAADwG3KwlA6r+6xC3r4LbHQAAYK1wZ44BVf91iNtXwe0OAACwhqx9jomKipJZSnaL4vJaKf8/hh0E3CLkLlyF5eXl1157jTJNVwTB7mUQFRVl98uYdaKT79xmAfLvIABY/7jzOQZU/em4RcgdrcLy8vLhw4dtNhtlsBw5eqcdWA2gkw8A6wS35RhQ9V+HCFfBZDIdOHCAl6SksLZy9Gt4GawHnXy3bxYAAG7Hfo6RypU7KuGOhaTqzxB010mC5wxOfJ6ue8+Qlf/RAGFxY2pq6uWXX/b19VWr1dXV1cKih9QO3X+pfZKrIiH3r7/++tChQ+jwkpKS48ePi0IqPS92pSjTEa5CVFRUSUkJfRGFk8LK2tsVxhcNsLvXgPQyw87RCZ18+a7++eefPj4+d+7cYRhmdnY2ICDgxx9/xB6C3SwAAJ4q7OcYrFy5TAl3qfQ6MksplJF010lbBmDF5ym69yTlfxJardbT03N4eLijo6OhocGuHfm68ciO1FWRkLtGo9Hr9ahM39LSkpmZKbKDPa90pUjTkS6KQ2CvE4owvkgVX+qAfJ18ikg+I1snX76rarW6uLi4sLCQYZjS0tK0tLSXXnqJoV7tAPD0Qv8XTaxcuXwJd6ycFEdV9SdpSVEEz6Xi8xTde4ryP0WjDPmDhOVJdij+k3YroLgqPCQlJeXatWuoX7Qo2PNKV4o0HemiYH0Qgd4lydpjhfGlqvhSB+Tr5GOvRid08h1y1Wq1bt++vaysLDg4GAkikK52AHiasfM/mCTJd5kS7iTpdYqqP0V3HSt4ThKfJ+nek+yQmJ6eXllZEfpDt+OQbjwPxVUhGo2mtbX1yJEjra2taWlpou8bSOcVrRRlOvL3VpBCuk6wwvhSVXypAw7p5FNE8hnZy+2Qq5s2baqtrT1w4EBNTU1YWBjfaXejAQB4CrFfK7t69erly5cTExOtVmtRUdHJkydJI6UC5qTqwRr+ogyJzxsMBoPB0NfXZzAYnDO1zsnMzLx+/TrDMK2trdJC2epZ5Q+6SNfJyMgILwSJhPF1Op1ery8oKBgZGaE4QDLoOp18+a4yDGMymTw8PEwmE+qBWhkAYHDoqYeXK5cv4Y6tHtBV/WXWyoSC51LxefqWBFg7pN0E+OISUt4l1cqQHZL/lN0KZO6ewHFcQkJCR0eHv78/soMg1cpEFkjTIUn9y6yViUCy9iRhfKkqvsy9BqSXGdYHJ3Ty5bvKcdzCwkJ4eHhjY2NgYCC/0wQHtTIAwGEnx2DlyuVLuGOxq+qP1V2nCJ5Lxeft5hisHexuAhzHZWVlaTSasbGx/v7+xMREYY7B2iHpxtvdrUDkqlTIvbS0NDExEanuc/9fA196XuxKYacjXQXkj8iC8IzoXZKsPV0YH6niSx2Qr5MvJ8fI0cmX7yrHcQUFBdnZ2RzHnTt3bu/evaSjAACwk2OwcuXyJdyx2FX1x+quUwTPpeLzdh8OpMr/HGE3AY7jTCZTeno6y7LR0dEVFRXC3IC1Q9KNl7NbAX33BL4MiJp2ReyxK4WdjnQVsKcgNSlbA8hE5l4D0svMbo5Zc538np4elmX5Z6OlpaXo6OiGhgaHLADA04NjtbI1ITY29tatW6QmiXWyA+Dg4GBoaKi7zm6xWJRKpeg3VKsBTUfmKohYw0VxzgG7rJPLBgCeWtyg7f9Eq/obDIaYmBh3nb29vT01NdW5n35hQdNx+yq43QEAAFyB2/aPeYL45JNPIiIiMjIyRkdHi4uLS0tL3eKG2Wyura199dVXV2lnrabz8OHDzs5OlUq1Sn8AAPgv4+4HKbm4seih1+t37drl6en57LPPXrx40S0+cBzn6emZmZkp/bdER1mr6eTm5gYGBjY1Na3SH5cCtTIAcC9rv9cyAAAAAPC4eR9MAAAA4D8M5BgAAADAVUCOAQAAAFwF5BgAAADAVUCOAQAAAFwF5BgAAADAVUCOAQAAAFwF5BgAAADAVUCOAQAAAFwF5BgAAADAVUCOAQAAAFwF5BgAAADAVUCOAQAAAFwF5BgAAADAVUCOAQAAAFzF/wBdnpIiL7TGZAAAAABJRU5ErkJggg==) --- **Screenshot:** ![uk.brandsaver.net vulnerability](/twimages/screen-1073476.jpg) **Mirror:** [Click here to view the mirror](<http://1073476.openbounty.org/mirror/>) ### Coordinated Disclosure Timeline Vulnerability Reported:| 23 January, 2020 13:59 GMT ---|--- Vulnerability Verified:| 23 January, 2020 14:12 GMT Website Operator Notified:| 23 January, 2020 14:12 GMT a. Using the ISO 29147 guidelines| ![](/images/done.png) ---|--- b. Using publicly available security contacts| ![](/images/done.png) c. Using Open Bug Bounty notification framework| ![](/images/done.png) d. Using security contacts provided by the researcher| ![](/images/done.png) Public Report Published [without any technical details]:| 23 January, 2020 14:12 GMT