Open Bug Bounty ID: OBB-1083173
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:
      a. verified the vulnerability and confirmed its existence;
      b. notified the website operator about its existence.
Affected Website: |
onlaynaptek.az |
Open Bug Bounty Program: |
Create your bounty program now. It’s open and free. |
Vulnerable Application: |
Custom Code |
Vulnerability Type: |
XSS (Cross Site Scripting) / CWE-79 |
CVSSv3 Score: |
6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N] |
Disclosure Standard: |
Coordinated Disclosure based on ISO 29147 guidelines |
Discovered and Reported by: |
geeknik |
Remediation Guide: |
OWASP XSS Prevention Cheat Sheet |
Export Vulnerability Data: |
Bugzilla Vulnerability Data |
JIRA Vulnerability Data [ Configuration ] |
|
Mantis Vulnerability Data |
|
Splunk Vulnerability Data |
|
XML Vulnerability Data [ XSD ] |
|
Vulnerable URL:
![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAAA3CAIAAABVZQ1/AAAACXBIWXMAAA7EAAAOxAGVKw4bAAAP4ElEQVR4nO2df0wb9f/Hb6zDAofjRykMOqFoGCGELQtBTNic27JNJFiB4YzoUAkSgguSBRkkiGgY4kAl22LMTBj/yB+ELIQYJGQmdSFzIKu1YtcwhMqgIeVH8cZK13GfP+7rfW9377teS49D9nr81fdx93q/3q/3e7zWV8vztY0kSQwAAAAAJCBAbgcAAACALQvkGAAAAEAqIMcAAAAAUgE5BgAAAJAKyDEAAACAVECOAQAAAKRiU+QYrVb722+/8Q0Bj0DEAADYnMifY37//fe1tbW9e/cih4BHIGIAAGxaPOSYqamp0NBQ5I8cDsf58+f5huLp7e3Nzc3lG4pEwM+NQczyJXLSt4itB+GFLC4uvvPOO1FRUXFxcR999NHDhw99mOLDDz8MCgq6evWqb45NTU2Fh4f7MO96ELO/Pv8zAYD/KL6/j1laWmpqauIbiscvOUZ2fF7++tlsESsuLna5XAaD4fr160NDQ/X19d5amJ+fb29vv3nzZlFRkRQeSkR8fLzdbhe+R8ZzAgCyIHOtbHZ21mKxHDp0CDkEPLLZIvbgwYPR0dFvv/02Li5uz549bW1t3d3d3hohCCI4OHjv3r3bt2/36kGFQpGUlMR8scE89dRTGz8pAGxmROWYr7/+WqvVRkZGvvXWWw6HA8Mwh8ORkJBAEMS2bduuXr3KHLa1tYWGhn7xxRfR0dHh4eGnT59+8OABn+Xe3t5jx47t2LGDO7x///77778fFRW1e/fuTz755NGjR9i/5YjW1latVhseHv7mm29S/rAYHh5+4YUXgoKCoqKiTp48ee/ePQzDLl26dPz4cfqeurq6/Px8AWtcI9Ts3KWxooFh2Orq6nvvvRcaGhofH//xxx9TzjP5448/IiMjf/75Z5HOb3scZACHh4cPHDgQGhoaFxeXn5//559/UvcgnUHOQi3w/PnzUVFRu3bt+u677zAMe/To0blz56Kjo0NCQk6ePDk/P893KjAMCwoK+vvvv0NCQqjh+Ph4bGwshmH37t07fvx4SEjIs88+++WXXwoUsubn51nBRJ4E5MW4uLhff/2VevHLL79QBn/88Ue+ubg3IGPIjQAyUMxKnchzAgBbHs85hiAIg8EwNDR069atmZmZmpoaDMN27txpNptxHHc6nUVFRczha6+9RhDErVu3RkZGRkZGRkdHW1pa+IwLFMrOnDkzMzMzOjra39/f29t7+fJl2h+j0Uj5Y7Vaa2truWZHR0dLS0ttNpvJZNJoNBUVFRiG6XQ6vV7/zz//0HO9/PLLAtaQRpBLY0UDw7DGxsaVlRWj0djf36/X67/55humew6HIy8vr7m5+cCBAyKdd/5LdXX1qVOnkBHLyckpLi62Wq03btzIyspSKpXUdaQzyFmoBZrNZpPJ1NHRkZWVhWFYS0vL4ODg4OCgxWKJjY0dGxvjOxUs7ty5c/bs2QsXLmAYVlFR8fTTT5vN5oGBgY6ODvqeKA6RkZGsYCJPAt/x4FJcXHzkyBEq97AYHh4+cuRIcXExfQUZQ74IsALFROQ5AYCtDynI5OQkhmHLy8vUcGhoKDExkf4RjuPMO6kh9YjVaqWu9/T0pKenU6+tVmtCQgL9CEEQOI4vLCxwh263G8fxiYkJ6ke9vb2ZmZlcf27cuEH5w3KGyfj4eExMDPU6MzOzu7ubvt9isSCt8RkRWBrLAZVKRRAE9dpgMGRkZDDvyc7OLi8vR04k4DxJkiaT6ZlnnrHb7dyILSwsKBQKp9PJNYJ0BjkLtUB6RyjUavXo6CjzisCpoJmenk5MTOzq6iJJ0u12K5VKZtzCwsLo21iQjwcTeRL4jgcSgiCampoiIiIKCwstFgt10WKxFBYWRkRENDU10cHhiyFfBFiBEvNPQOCgAsCWROExCeE4Tn9bJjY2dmFhweMjSqVy9+7d1Ovk5GSr1Uo/PjQ0RN82MDCQkZFBl02Yw7m5OZfLpdVqaSPUv1uWPxqNBunP7du3q6urx8bGXC7X2tra2toadV2n0/X19eXn5/f19WVnZwcGBgpYQxrhWxqTxcVFu92ekJBADdfW1hSK/49zXV1df3//lStX+KLH5zyGYaWlpe3t7ZGRkdyIhYeHFxQUZGZmHj58ODY2Nj09/cUXXxRwhm8WHMeZhSyHw7GwsJCWlsZy0uOpKCgoqKysfP311zEMm5ubwzCMGTf6tri4OL44UCBPgsDx4BISEnLu3LmysrJ33303JSWF+p5bSkpKTk7OxMTEzp076TuRMRSIgEDFT8w5AYAngQ39zH/79u27du2ih9J9o0yn0x08eFCv1xsMhh9++IG+npeXRw37+vry8vJ8M+IRp9MZEBAwMjJiMBgMBoPRaDQYDNSPVlZWenp6urq6ampqkJ8kCcx76dKlxMTEV199lb7Citj3339/5cqVtLQ0l8tVVVX1wQcfCDjj1eq8/ex9dnbWaDRSDgjDrZV5NZFI7t69W1FRodfrGxsbqSuNjY16vb68vPzu3bvMO5ExxLyPAAAA/4fw2xxuQYyucoislV27do0uFDBxu90qlYoud3CHfLUypD/M63NzcwqFgr7HYDDQPpMkmZqaOjg4GBYWtry8LLA6pBGBpbFM4TjOqq5Q9ygUirGxMZIkc3JyKioquGHhc356ejo5OZlZnGFFjIXBYNBoNHzO8M2CrOSo1WqDwcBaCF/caN+YjrFqZdeuXdvIWllZWRmO41VVVXSNkcJut1dWVuI4XlZWhnyQjqHHCLAuij8nALDl8T3HEAShUCjoAjc9pP6BFRQUTE9Pm0ymffv2NTQ00BboYrder09NTaWvs4YkSZaUlOTm5lqtVpPJtH///vb2dgF/lpeXFQqF2Wx2u90kSarV6suXLy8tLVksFp1Ox/wNWF9fn5aWlpOTI7w6pBGBpbGiUVZWlpmZaTKZZmZmWlpaGhsbWdOZzWalUmk0Gllh4XM+Ly+vu7ub/uSfG7GxsbETJ05cv37dbrdbrdaSkhJqjXzOIGdB/gZsamrKyMgwGo3T09PUuwGPOYa1IpIkdTodM27c+5mw7CNPAvIikqKiosnJSYG5ioqKqNd8MfQYAZbb4s8JAGx5fM8xJEk2NDQEBwd3dHQwh62trTiONzc3q9XqsLCwt99+e2VlhWvt7NmztbW1tCnWkCRJgiBKS0tVKpVGo2loaKCSh4A/NTU1tDN6vT49PV2pVMbExFRVVTF9pipF1G3Cq+Maoe5HLo0VDafTWVlZqdFogoODs7Ozqf9xs6Y7c+bMwYMHudeRznPffbIi5nK5GhoakpKSAgMD1Wp1UVGRzWajfoR0BjkL8len2+2urq5WqVRKpVKn09ntdo85hntlenr62LFjwcHBiYmJFy5c8CrHIE8C8uI64Yuhxwiw3BZ/TgBgy7ON5Pz+WidTU1Opqan0V4T52LNnT2dn5/PPP48cSsf9+/dVKtXMzIwPWiMil7YxbFjE/M7U1NS+ffsWFxfldkQqNtU5AQB58fy9Mom4c+eOwFA6BgYGsrKyNl7Myu9sWMQAAAB8RmYtmQ1W9Xc4HBcvXiwsLJRuii2A7J0CZHcAAAB/IWeO2XhVf7o+Lt0U/3Vk7xQguwMAAPgR/+eY+Ph4kZXojVdcXl1dbWtrU6lUvj3OXNoGdBOQRQeeuQurq6tvvPGGwDJ9C0J8fLzAhzF+OQbyyuzT50TeXgMAsBmQ833M1lD1lw5ZdODpXVhdXT1x4oTb7Ra4WYyavc8OrAeQ2QeATYJsOQZU/TchzF2w2WxHjx6lFC0F8K+avR+PwWaQ2Ze91wAAyI7nHMNVO/dKAZ4P31T9kS0DuNr1HlsAfP755yw7rOoKs7gxOzv7yiuvhIaGarXa1tZWZtGDa0fYf659PldZOvDcxgSnT59mhZQ7L3KnBJbD3IX4+Pi6ujrhTWQuCqmK75WuPiaiVYF0MvviXf3rr79CQkJu376NYdj8/Hx4ePhPP/2EfATZawAAnig85xik2rlIBXgBNSrfVP2RLQOQ2vUCov0EQYz8i3DrAYqKiorAwMDx8fHBwcHOzk6PdsTLztN2uK6ydOC5jQm4emvIebk7xbcc7qZ4BfKceKWrj4loVSCdzL54V7VabW1tbWVlJYZh9fX12dnZL730ErZR2msA8B9D+E80kWrnIhXgSR41KnIdqv5IvXSudj1fCwABO3x/u05pbdH+0Lr0fHZ8UFoTcJX5CKsxAWtTkPNyd4pvOdxNQfrAgv4pnyq+eF19UlyrAulk9r1y1eVyJScnNzQ0qFQqWk+B77QDwJOMh7/B5FOMF6kAz6fc7puqP1IvnU+7XkC03yvd9bm5ubW1NaY/wna8kp2nENOtAOM0JmB93sA3L2unBJbD2hSv4Dsn4nX1MRGtCiSV2ffK1R07dly8ePHo0aPt7e3R0dHURY99CgDgCcRzrYxP7ZwLV/+cr3rgx2+UCQjpbzG8akzgA+v8QhffORGvqy+mVQEmpcy+eFcxDLPZbAEBATabjb4CtTIAQODVux5K7VykAjzJUz3wWdUf49FL52rXC7ckQNpZXl4OCAhg1qyYtTJauJevVkbb4fOfz7747gnk440JWKHmq5WxLPAth69TgMhaGQtaFV+8rr7IVgXSyex71QJgaWkpJiamq6srIiKCatZAQq0MAFB4yDFItXORCvB8Nn1W9cd49NK52vUecwzSTkZGRklJic1ms1gsWVlZ9CMFBQU6nW5yctJkMqWlpTFzDNIOn+w80r747gnk440JKJifWHDnRe4UcjncXaD9YVlgzkj/lE8VX7yuvshWBdLJ7It3lSTJ8vLywsJCkiQ/++yzQ4cO8T0FAICHHINUOxepAM9ncz2q/ki9dK52vcc3By0tLVw74+Pjhw8fxnE8JSWlvb2dfsRms+Xk5OA4npCQ0NzczMwNSDt8svNI+151T2A2JuA+y50XuVPI5XB3ATkF31Cgs4BIRLYq2Awy+yMjIziOU++NnE5nQkJCZ2enVxYA4MnBu1qZX0hKSrp58ybfkI9N0kDQbDar1Wq5ZicIQqlUsr5DtR7o5YjcBRZ+3BTfHPDIJjk2APDEIoO2v1yq/n7BYDAkJibKNbvfGxPQy5F9F2R3AAAAKZCtf8x/iE8//TQ2NjY3N3diYqK2tra+vl4WN6jGBKdOnVqnHX8t5+HDh0NDQxqNZp3+AACwlZH7jZRYZCx66PX6/fv3BwYGPvfcc1999ZUsPpAkGRgYmJeXx/2zRG/x13KKi4sjIiJ6enrW6Y+kQK0MAOTF/72WAQAAAIBC5j6YAAAAwBYGcgwAAAAgFZBjAAAAAKmAHAMAAABIBeQYAAAAQCogxwAAAABSATkGAAAAkArIMQAAAIBUQI4BAAAApAJyDAAAACAVkGMAAAAAqYAcAwAAAEgF5BgAAABAKiDHAAAAAFIBOQYAAACQiv8Bl7DEaYzr08QAAAAASUVORK5CYII=)
Screenshot: ![onlaynaptek.az vulnerability](/twimages/screen-1083173.jpg)
Mirror: Click here to view the mirror
Coordinated Disclosure Timeline
Vulnerability Reported: |
3 February, 2020 13:32 GMT |
Vulnerability Verified: |
3 February, 2020 13:44 GMT |
Website Operator Notified: |
3 February, 2020 13:44 GMT |
a. Using the ISO 29147 guidelines |
![](/images/done.png) |
— |
— |
b. Using publicly available security contacts |
![](/images/done.png) |
c. Using Open Bug Bounty notification framework |
![](/images/done.png) |
d. Using security contacts provided by the researcher |
![](/images/done.png) |
Public Report Published |
|
[without any technical details]: |
3 February, 2020 13:44 GMT |