logo
DATABASE RESOURCES PRICING ABOUT US

paint-inspector.com Cross Site Scripting vulnerability

Description

Open Bug Bounty ID: OBB-1077683 Following coordinated and responsible vulnerability disclosure guidelines of the **[ISO 29147](<https://www.iso.org/standard/45170.html>)** standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence. Affected Website:| **[paint-inspector.com](<https://www.paint-inspector.com>) ** ---|--- Open Bug Bounty Program:| **Create your bounty program now**. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| **[XSS (Cross Site Scripting)](<https://www.owasp.org/index.php/Cross-site_Scripting_\(XSS\)>)** / CWE-79 CVSSv3 Score:| 6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N] Disclosure Standard:| Coordinated Disclosure based on **[ISO 29147](<https://www.iso.org/standard/45170.html>)** guidelines Discovered and Reported by:| **sardhara_badal ** Remediation Guide:| **[OWASP XSS Prevention Cheat Sheet](<https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.md>)** Export Vulnerability Data:| Bugzilla Vulnerability Data JIRA Vulnerability Data [ Configuration ] Mantis Vulnerability Data Splunk Vulnerability Data XML Vulnerability Data [ XSD ] Vulnerable URL: ![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAAA3CAIAAABVZQ1/AAAACXBIWXMAAA7EAAAOxAGVKw4bAAAQ7ElEQVR4nO2df0xT1xfAr1hqgcev2lakdVK2OTTGNYR1urHF+WuEMVI3RcfYRCWKhjhCcFOyuY45NFoWh6bjj5k4QzZjDDHEELdUtzSEKSIU1nVYUWutpUPAopUVqLzvH3d5ed++Hy0/iijn81fvfeeec+7p7Tt99/WdziBJEgEAAABACAh70g4AAAAAzyyQYwAAAIBQATkGAAAACBWQYwAAAIBQATkGAAAACBWQYwAAAIBQMXVzjFKpbGtr42oC05BJXgOw5ABg/EzRHPPnn3+OjIy8/PLLrE1gGjLJawCWHABMCAFyzO3bt6Ojo1kP9ff3HzhwgKs5Turq6rKzs7maUw2eKNHhD1GQSkLKxL6JEwteA+OJ0qjGUkvu/v37mzdvlkqlcrn8s88+Gx4eDp1R5qjbt2/Hx8ePdvhoOXr0qFKpjIqKevXVVy9cuBBqc8D0guTFZrMRBBHMIR7JMaBWq3/99Veu5hTE6/UGlAkYomCUhJSJfRMnFrwGxulh8BGmllx2dnZubq7D4ejo6EhPT9+zZ8+oLI7NYWqUzWaLi4sb7fBRUVVVlZycfPHixZ6enjNnzkgkkoaGhpBaBKYVUzHHOJ3OuLi4oaEh1ubTy1Q+g2OmrIfUGpgcDylzAwMDCoXC4/Hg/qamphdeeGFUqsbmsMPhSE1NxS/UavVoh4+KxMTEixcvUs3q6uqsrKyQWgSmFUHdj/nuu++USuXs2bM/+uij/v5+hFB/f39SUpLH45kxY8aPP/5Ib3777bfR0dGHDx+eM2dOfHz8pk2b/v33X6znypUrb7zxRnR0tFwuf//99//++29Wc3V1dWvWrAkPD/drrl279vDhw7izra1t1qxZ2BmE0Pbt23fv3s0v8OKLL/IPp/uANyu4ZrFs2bKIiAipVLp+/fq7d+/S90Pw68rKSqVSGR8f/+GHH7JGjDnrYJRwxZDH28HBwa1bt0ZHR8+fP//LL798/PgxQujx48d79+6dM2dOVFTU+vXre3t7mR4+evRo+/btUql03rx5X331FR6IDR04cEAqlc6dO/f48eN+s2DVzKMKzzEqKmrDhg29vb27d++WSqWzZ8/evHnzo0ePuJYEHVblXV1d77zzTnR0tFKprKysxNtNQUaYbi4iIuLOnTtRUVG4v7OzMzEx0W/7i76dFTA+TG7duhUVFdXa2ooQ6u3tjY+P/+233+Ry+dWrVxFCcrn88uXLWPKXX34JqI2SYa6TDRs2fPPNN5TksmXL8CfX6XSmp6dT/Vu2bDl27FhAQwAQJIFzjMfjMZlMjY2NTU1NTqdzz549CKHY2NiOjg6CILxeb15eHr25du1aj8fT1NTU3Nzc3Nzc0tJy6NAhrCorKys/P99utzc0NKSnp4tEIlaLXDdjsrKyDAYD7jx37tzIyMj58+dx02AwZGZm8gtoNBr+4cyJs86ipaVl27ZtLpfLbDYrFIqioiLmwPb2dhwxu91eVlbGjFgwYWcq4Ykhl7fl5eUDAwPt7e3nz583Go3V1dUIoUOHDhkMBoPBYLVaExMTLRYL08Ndu3Y5nc6Wlpbz58/X1dXp9XrKUEdHh9lsPnHiBP3chGHVzKPKZDI1NDSYTCan05mSktLT09Pe3n7p0iWbzUZNGfHekGNVXlRUJBQKOzs7DQbDyZMnRxVhLnPXrl0rLS3V6XR8b1ug+EgZKJXKsrKy4uJihNC+ffsyMzPfeustVs35+fkrV67EuYfJlStXVq5cmZ+fj5vMdZKTk3P27Fl8tKury2QyaTQaj8cjEonoyTs8PHz+/Pn8cwSAUcB/mWOz2RBCDx48wM3Gxsbk5GTqEOteGR5it9txf21tbVpaGkmSfX19AoGAdUPcbrcnJSXh1x6PhyCIvr4+ZtPpdEZGRmINarW6pKQkNzcXW4yJiRkaGuIXsNvt/MOZE2fOwo/Ozs6EhAR6KPwi1tDQwBUxZqgDKuGKIY+3EomE2uoxmUx440Umk7W0tPD44PP5CIK4efMm7q+rq1u6dClliHp3mDA186tyu93UHMPCwgYGBnCzsbGR2pWirwG/GLIq9/l8IpGI6qytrcW3NIJ8m/xWIMbhcCQnJ586dYrpA/2WCTM+fsIOBiRJDg0NpaSkaLVaiUTicrm4YuvxeCoqKsRicU5OjtVqpfqtVmtOTo5YLK6oqMDvNes6GRgYwJ8CkiT1en12drafe6WlpRKJRCKRUKEAgPEzuvsxfh8nrhwjEomofovFIpPJ8OuNGzeqVKqSkhKdTvf7779TMj6fz+l04te1tbUrVqygDvk1VSrVxYsXXS6XQqFwu90ymczn8/3www/vvfdeMAIBh9OnwzWLlpaWVatWJSYmSiQSsVgcFxfnd/IKMmISGiTjDMilhDWGXN729fUhhCgrYrFYJpO53W6BQODz+UgGlF2n0ykUCql+q9WakJDAdMwPVs1BqvK7uU1v0teA3yhW5X6dFouFNcdwWfdbcpilS5dWVVUFHMuMT5D3Y/AVNmWCh76+Po1GIxAIqB6BQKDRaKhsjWFdJxs3bsQmVq1aVVNTQ5Kkw+GgVo7b7XY4HJcuXQr1rwyAaYVgMq+Zfv7556tXr5rNZqfTWVJS8tprrx09ehQhNHPmzLlz52IZ/l8tZ2ZmGgyGmzdvZmVlxcbGqlQqo9FI3+niFwg4PBg0Gk1BQUF1dbVIJHI4HBkZGWOLhslkGsMorhiy4vV6w8LCmpubBYL/3uiwsP92R2fOnDkG68Ew4Zon+ZfrTHNdXV3t7e1//PHH+JVLpVK/nnv37iGEXC5XWFiYy+XiH37jxo19+/YZjcby8nKqs7y8XKfT7dy5s7y8/Pnnn8edrOskJyfn2LFjeXl5TU1NtbW1CCG8NTo8PBweHh4bGxsbG9vd3R0ZGTn+mQLAf/CnoLFdxyDavs3Zs2dZd5lMJpNCofDr9Pl8EomE2uXwa5Ik2djYqFars7Oz6+vrSZLU6/W7du3CX12DEQg4nD4d1ll0d3fTv0KaTKYxX8cwLQajhDWGPDEnCIK5LSaTyUwmE48PPBtc/N/KmZqDVMV1HeO3BoLfK7PZbLiTa6+M1TpzyeFOes+DBw/CwsLo+2zBX8ew7pW53e6EhIRTp06JxWKLxcIV28LCQoIgSkpKenp6/A719PQUFxcTBFFYWMgcSK0Tr9crFouPHDlCv3BPTEykbyrodLqMjAwuHwBgtIw9x3g8HoFAQO0LU018vlu3bp3D4TCbzSqVSqvVkiRpsVgyMjLwz/DtdntBQQH9J5J479hoNC5evJjq9GtiZDKZTCbD8g6HIyYmRqVSBS/Af5TawuaaBdag1+vdbrfVatVoNMHnGL+I8YSaSwlXDHm8LSwsXLp0Kf4+e+jQofLycpIkKyoq1Gp1e3u7w+EoKioyGo1MDwsKCrKzs+12u9lsTk1NxXssrDmGvu/PqjkYVVw5xm8NPHjwQCAQdHR0UDtyrMrXrVun0WhsNpvZbF6yZEnwOYZ1yZGMB2vUanVBQYHL5bJarenp6Tw5hukwk507d+bk5JAkuX///uXLl3OJ5eXlUYmTFZvNlpeXR/J+1nJzc2NiYk6fPk2Nop6P6e7urqmpEYvFjY2NPFYAYFSMPceQJKnVaiMjI0+cOEFvVlZWEgRx8OBBmUwWFxf38ccf4xu5Q0NDWq12wYIFQqFQJpPl5eVRtzcpK6WlpWVlZZR+vyYmNzd33bp1VDMtLc1Phl+A5yjzHMScBUmSRqMxLS1NJBIlJCSUlJQEn2OYEeMKNZcSrhjyeOv1eouLixUKRWRkZGZmJv4+7vP5Pv30U4lEIhKJNBoN/Xsx5aHH49m2bZtEIlEoFFqtFp8iA35PZ9UcjCquHMNcA3v27KHHkFW5y+XKysoiCCIpKengwYPB5xjWJce8juzs7FyxYgVBEIsWLaqqquK/VPVz2I/m5maCIPA1qNfrTUpKOnnyJKtk8PB81s6ePUsQBLU8MFVVVUlJSUKhMDU1lf6sDACMnwA5ZgyM5ym5BQsWXLp0ias5mUzZpxFZebq8HRXjXwMdHR3U7zUmwRwAAHQm9Z5/QK5du8bTBKYh418DJpMpOTl50swBAEBnitZdftppa2vbsWMH19Hh4eEPPvjgn3/+mUyXphVff/318ePH7927d/ny5bKyssLCwiftEQBMUyDHhIT8/PykpCSuo+Hh4UKhsLS0dBI9ml4sX75cr9crFApcsGDTpk1P2iMAmKbMIElyYjXevn178eLFDx8+nFidKpXq/v37E6hzYunv79fr9Xv37kUI9fb2ymSygYGBWbNmIYTu37+/a9eu+vp6kUiUl5e3f//+8PDw1tbWzMzMrq6uJ+04AABACIHrmInB7XZXVFTg1x6PJzIyEicYhNCWLVtGRkba29sNBoPRaMRiYrHY4/E8MXcBAAAmBcgxoWVwcPDcuXN6vV4uly9cuFCn050+ffpJOwUAADBJBM4xzNrp/HXRg9eD+5ml8nH/3bt333777ejo6Jdeeumnn37i0cxV2Z610Pp46sxzGeKp2+/1ekdGRoRCIW6KRKKBgQHmFIIp2w4AAPDUETjHsNZO56mLPio9iLtUflFRUUxMjMViqa+vp+cYZnV0xF3ZnllofZx15lkN8dTtj42NTU1NLSsrGx4efvjwoVarTUtLYwaHv2w7AADA0wr/4zOs9aB46qKTHM8DchWt8gOXysfyIpGIXqyeepSaWfGJq7I9s9D6OOvM85TQ53mG3GKxqFQqoVCISw3if/D1k+Eq2w4AAPBUE+A6pru7e2hoSKlU4mZKSgo+zxIEQf0VoEKhwDXkx6AHIdTa2rp69Wq5XC6VStVqtdfrxfIIoXnz5lHylCo5A4SQSCSiC9vtdvyaIAjqPwr53SAIIjY2lppRTExMREQEbiYmJvb09ODXXIZ4WLhwYWtra3d39/79+9PS0lavXs2UiYqK2rt3b2dn59DQ0KJFiwLqBAAAeCp48vf8NRrNm2++aTQaTSZTfX19QHnWvbKpT2Rk5JEjR/bt28clcOPGDVxEkl62HQAA4KkmQC0ZmUwmFApv3bqFv/t3dHTwPFo4Bj337t1zOp1ffPEFFqMuF2QyGULozp07+KLBarVSqph/u+Lz+bxeL134ueeeC9F0gjTE5MSJExKJ5N1332U9umPHjpqamm3btlmt1tmzZ4/KJQAAgClLgOuYmTNnbty4sbi4+M6dO3/99ZdWq83NzQ1G7+D/gxBi1SOVSsVi8ffff9/f33/9+nWtVkvZzcjIKCkpuXv3LpanNLPulSGE6MJZWVkTOx06rIYkEonX671+/TpCKCwszOfz0Yc8fvz44MGD9Fn4fD7qf8MQQh6Px2w2V1ZWQoIBAOCZIuAdG2bt9IBV2ZlWqqurWWuwk2yl8nG/w+FYs2YNQRALFizQ6XQ8///KVdme9dcH46kzz1NCn6RVxfd6vSKRiH7r/uTJk6mpqXQ3zpw5s2TJkkCxBwAAeLqZ+Foyk08oqteM09Ann3xiNpsvXLjAenRwcDAlJeXzzz/funXrRPsIAAAwhZhatf2fGXQ6HfO+EcWsWbNqampef/31yXQJAABg8nnyvyt7JgkPD3/llVd4BCDBAAAwHYAcAwAAAISKZ+F+DAAAADA1gesYAAAAIFRAjgEAAABCBeQYAAAAIFRAjgEAAABCBeQYAAAAIFRAjgEAAABCBeQYAAAAIFRAjgEAAABCBeQYAAAAIFRAjgEAAABCBeQYAAAAIFRAjgEAAABCBeQYAAAAIFRAjgEAAABCBeQYAAAAIFT8D0HjNla5M2LsAAAAAElFTkSuQmCC) --- **Screenshot:** ![paint-inspector.com vulnerability](/twimages/screen-1077683.jpg) **Mirror:** [Click here to view the mirror](<http://1077683.openbounty.org/mirror/>) ### Coordinated Disclosure Timeline Vulnerability Reported:| 28 January, 2020 21:53 GMT ---|--- Vulnerability Verified:| 28 January, 2020 22:04 GMT Website Operator Notified:| 28 January, 2020 22:04 GMT a. Using the ISO 29147 guidelines| ![](/images/done.png) ---|--- b. Using publicly available security contacts| ![](/images/done.png) c. Using Open Bug Bounty notification framework| ![](/images/done.png) d. Using security contacts provided by the researcher| ![](/images/done.png) Public Report Published [without any technical details]:| 28 January, 2020 22:04 GMT