logo
DATABASE RESOURCES PRICING ABOUT US

real-couchtuner.com Cross Site Scripting vulnerability

Description

Open Bug Bounty ID: OBB-1083264 Following coordinated and responsible vulnerability disclosure guidelines of the **[ISO 29147](<https://www.iso.org/standard/45170.html>)** standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence. Affected Website:| **[real-couchtuner.com](<https://real-couchtuner.com>) ** ---|--- Open Bug Bounty Program:| **Create your bounty program now**. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| **[XSS (Cross Site Scripting)](<https://www.owasp.org/index.php/Cross-site_Scripting_\(XSS\)>)** / CWE-79 CVSSv3 Score:| 6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N] Disclosure Standard:| Coordinated Disclosure based on **[ISO 29147](<https://www.iso.org/standard/45170.html>)** guidelines Discovered and Reported by:| **geeknik ** Remediation Guide:| **[OWASP XSS Prevention Cheat Sheet](<https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.md>)** Export Vulnerability Data:| Bugzilla Vulnerability Data JIRA Vulnerability Data [ Configuration ] Mantis Vulnerability Data Splunk Vulnerability Data XML Vulnerability Data [ XSD ] Vulnerable URL: ![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAAA3CAIAAABVZQ1/AAAACXBIWXMAAA7EAAAOxAGVKw4bAAAPY0lEQVR4nO2dcUwb5RvHb12HBQ5HoQUGXWjnQghZ0CyEoME4t0UJElIZQ43oUMkkBA0SXTaWYK0LmziM4lz2hybb/pl/GGIIMZMQTRpC5sbYiQ1iA9g1yBosCHib0BXOP87f5X5373u9tnftDZ7PX33f9p77Ps9z7Uvf0m+3MAxDAAAAAIAK6BItAAAAANiwwBoDAAAAqAWsMQAAAIBawBoDAAAAqAWsMQAAAIBawBoDAAAAqIV21xibzfbzzz/jhoCW0WaztKNKO0oAQG00usb88ssv6+vrjz76KHIIaBltNks7qrSjBADiQJg15vbt22lpaci7lpaWTp8+jRvGSF9fX3V1NW4YNRLpqI38Sj7oKNWsiAjbWb6qd955Jzk5+dKlS9Gd4vbt20ajMWqpitRHzpWcqOtKy9qABMBI4vV6SZKUc5fEI6OgtLR0YGAAN4waZUUqdeoEqlIDpZoVEWFryKkKBAI6nY6iqFAoFN0pvF5venp61FKVqs/Kyor0AxJ4XWlZGxBn9Ile4xDcuXPH4/Hs27cPOQS0jDabxVdF03RKSkoUW1V6vb6goIB/I0YlMfLQQw/FHkQltKwNiDOyPo/57LPPbDZbZmbmK6+8srS0RBDE0tKS1WqlaXrLli2XLl3iDz/55JO0tLSPP/44OzvbaDQeOXLkn3/+YePcuHHjySefTEtLy8vLO3To0K+//oo8XV9f3zPPPLNt2zbBkH0Pfvr0abPZvGPHjq+++oogiNXV1TfeeCMtLS0/P//9999fW1vjzvX4448nJyebzebDhw//8ccfcjJdW1s7ceJEdnZ2amrq4cOH5+fn2fm7d++++eabZrN5586dH3zwwdrammBDQLB/gosTtpK4sOx8d3e3zWYzGo0vv/wyeziLuAjIWsWSKXvq1NTUF154YX5+/r333jObzZmZma+99trdu3dxvUN2XH7LkFnglCPLK1A1Pz/PrzYyX9xkXl7ezZs32Rs//fQTG/n777+XvqIED+DXB1kcZHbiOvA37pBPN8F1FalUmdqQDYpCG7CBCb/G0DRNUdTw8PD169dnZ2ePHz9OEMT27dsnJiZIklxZWamvr+cPn3/+eZqmr1+/PjIyMjIyMjo62tXVxYaqqqpqaGjw+XxDQ0Pl5eUGgwF5RokPY2ianpiYcLvdFy9eLC8vJwjC6XTeu3dvbGzs6tWrLpfrwoUL7CNHR0ePHj3q9/vdbrfFYmlpaZFTjq6ursHBwcHBQY/Hk5ubOz4+zs6//fbbs7Ozo6OjV69e7evrO3/+fBRx5FRSIiZN02NjY+zhPp+vvb2duwtZBHGtos6UVT40NERR1OzsbGFhYSAQGBsbu3btmtfr5SsR9A7Z8YhaJs4CpxxZXoGqzMxMQbWR+cpvd0NDw4EDB9i1R8CNGzcOHDjQ0NDAn+TXB1kciexw3UQ+3cTXVURS5WuTvsxkagM2MtJbaV6vlyCI5eVldjg8PLxr1y7uLuTnMewhPp+Pne/t7S0pKWEYZmFhQa/XIzdqfT6f1Wplb9M0TZLkwsKCeMhG5u5iMZlMNE2ztymKKi0tFcefnJzMyckRaxaTlZU1OjoqmAyFQiRJTk9Ps8O+vr6ysjJx+vw9enEcmZXEhRUcPjQ0xB2OLAKyVlFnShDE4uIid2qdTnfv3j0ukd27d7O3Bb3DdVx+y5BZIJVLlFegil9hZL7ISbFCLnhnZ2dGRkZdXZ3H42EnPR5PXV1dRkZGZ2cnl6lACa44Etnx6xD26caIriX5UuVrQzYoCm3ABib85zEkSXK7N7m5uQsLC2EPMRgMO3fuZG8XFhb6fD6CIIxGY21tbVlZ2f79+3Nzc0tKSp566iku7PDwMHt7YGCgtLSU23cSDEmS5G9J/fXXX4FAwGq1ssP19XW9/r+Mbt26dezYsfHx8WAwuL6+vr6+LtZpNpu523/++efS0tLCwkJxcbHgYXNzc8Fg0GazcRmxTx4cuDhRVBJ3uMVi4Q7HFUFQKzkKcZmSJLl9+3bu1A8//HBycjKXSCAQYG8LmoXseKQtE2SBU07gyytQFTbfiNqdmpp64sSJpqam119/vaio6P79+wRBFBUVVVVVTU9Pc0UTK0EWRzo7XDeRT7dYpEakTUKYfG3ABiaun/lfuXLl5s2bbrd7dna2ra3tiSee+PzzzwmC2Lp1644dO9jHRPRfyysrKzqdbmRkhHud0un+2/2z2+2NjY0XLlwwGAwzMzMVFRXiwymKEk9u3bo12vxUiRMWZBGCwWDYAxVXKG6WuOPt7e2xtCwK5Wr/L/XU1FRHR4fL5XI6neyM0+k8e/Zsc3Oz0+l85JFHcErExTl16hSh5pUjX2r8tQEbFum3ORI7QjL3yr799lvuDTIfiqIsFotgMhQKmUwmbptCMES+vyZJUry3MDc3p9fr+efidpzC7pVRFCVWJd48WV5e1ul0/M0rwV6ZII7MSuLCSm/NiYugYKbSp+aGgmaJ4Touv2XILJDKcSLFqpTdK2tqaiJJsq2tLRAI8OcDgUBraytJkk1NTdy5JOrDFUdOdoy8p5vgKPlS5WtDNigKbcAGJvo1hqZpvV7PbexyQ/bCqq2tnZmZcbvdjz32mMPhYBhmfHy8oqLihx9+CAQCPp+vsbGxqqqKi8xu/rpcrj179nCTgiHyumxqaiorK2P/4Orq6nI6nex8VlbW+fPnFxcXPR6P3W5nZS8vL+v1+omJCdx3Izo7O0tLS8fGxmZmZlpaWlwuFzvf2NhYXV3t8/ncbvfevXt7enoYhiktLW1sbPT7/R6Pp7y8nP/KK44jv5LIsNIv9OIiIGvF32GXn6nMNUbQLAbfcfktQ2aBVI4TKVYleCSys8hJJPX19V6vF3ev1+utr69nbwuU4IojJztG9DoufroxoutKvlT52uSsMXK0ARuY6NcYhmEcDkdKSsrFixf5w+7ubpIkz5w5k5WVlZ6e/uqrr7KfDweDQYfDUVBQkJSUlJWVVV9f7/f7BWd5991329vbufiCIe51s7W11WKxpKSkVFZWcn8nulyukpISg8GQk5PT1tbGyT5+/Dhfs4BQKHTs2DGTyWQwGOx2O/cXH03TR48eNZlMFovF4XCwS9Tk5OT+/ftJkiwqKurp6eFXRhxHfiWRYaUPFxdB4lUp0kxlrjGCZjH4jstvGbLjSOU4kWJV4k/CxZ1FTsaIQAmuOHKyY/7/dRz5dGMRPENlIl9b2DVGcW3AA0eYNSYKYnkXXFBQcO3aNdwQ0DLabJZ2VKmkRMubTlrWBsQNbX3P/7fffpMYAlpGm83SjirtKAGAeJJg32Uw8NcgCe9CwgUAAKAUiVxjwMBfgyS8CwkXAACAgii/xuTn5//9999yHqmSgb80Stn7x+FnAhLif87vwurq6ksvvSSRphpF2EjW90r9HIAE8p9u8UfL2oC4kcj3MQlZYx4gFhcXOzs743xSrgurq6sVFRWhUEjiwfn5+dyX/BUXEAtyhCWkvACw2UjYGgMG/hqE3wW/33/w4MGzZ89KH6Ksi/sGs75X5OcAAOCBJvwaI3b5jtRxHQnOwJ/AOKvjfMIJvLM9zgmfIIiPPvpIEEfCq//OnTvPPfdcWlqazWbr7u7mb3qI40jrF8fHSRX4n3/xxRfPPvssd/jJkyePHDkiKCnOll/QKYl0+F3Iz88/efKkdBP5SSHd4ONgfa+Uvbx8qb///ntqauqtW7cIgpifnzcajT/++CPyEOTPAQDApiL8GoN0+ZbpuG4WwYWV2CjDOavjfjIA52yPc8KnaXrkf/Dj4GhpaUlKSpqcnBwcHLx8+XLYOJH+EABSqsD/3G63u1wubne7r6+vpqZGEAdnyy/oFC4dcVMiAnmdxMf6XhF7eflSbTZbe3t7a2srQRAdHR2VlZVPP/00IXm1A8DmRfrrM0iXb/mO6zMi2HkJA3+cW5SETzjO2R7phI+LI2F4ZTAYOD29vb18s31xHAn9kZr2Cw4pKyv75ptvuHlBUyRs+fmdwqUjbgpSgwDuXpwbfBys75Wyl49IajAYLCwsdDgcJpOJs6vAXe0AsJkJ8x1MnCG/TMf1vLw8ZFgJA38JZ3WkT7iEsz3SCR8XB8fc3Nz6+jpfj3ScSH8IQFoqH7vd3t/ff+jQof7+/srKSsHnDRK2/PxOSaQj4YEfFtx1Eh/re0Xs5SOSum3btnPnzh08eLCnpyc7O5udxF3tALCZCb9XduXKlS+//LK4uDgYDLa1tb311lu4R4p9v3G7Bwr+RxnnbE9RFEVRY2NjSMf+DUBNTc13331HEER/f794oyx2YvyHLtx1MjU1xfon8v3kXS5Xc3Pz1NSUhABcQFWt72VKJQjC7/frdDq/38/NwF4ZACCI6F0P6/It33EduXsgbeAvc6+M7xMe1tleYKSPjIMz1Wc3lzjDWtxeGRcHpz8K035xnffs2TM4OJiens7F4ZBjyy+RDs55XuZemQDODT4O1vdK2ctHZH2/uLiYk5Pz9ddfZ2RkjI+Ps5OwVwYAYsKsMUiXb/mO60ikDfwZjLO6hE94WGd78RqDjIPz6q+trbXb7V6v1+12FxcX89cYZBycM3ykpv1i//OOjo7i4mLxbyLgzovsFDIdcRc4PYII/DNy9+Lc4ONgfa+Uvbx8qQzDNDc319XVMQxz6tSpffv24Y4CACDMGoN0+ZbvuI5E2sCfwTirS/iEh3W2F7856OrqEsfBefX7/f6qqiqSJK1W65kzZ/hrAzIOzhk+CtN+gf85uw3IDcPa1CM7hUxH3AXkKXBDiR9ukEnU1vfxt5cfGRkhSZJ9b7SysmK1Wi9fvhxRBADYPCjv7R+W6Az8NeITPjExkZWVlaiz0zRtMBgE/0MVC1w60TnPK9iUTWh9DwCbgQR4+z/QBv4URe3atStRZx8YGCgvL1fQ+YpLJ+FdSLgAAADUQFu/H6NNPvzww9zc3Orq6unp6fb29o6OjoTIWFpaOnfu3IsvvhhjHKXSuX///vDwsMViiVEPAAAbmUS/kZJLAjc9XC7X3r17k5KSdu/e/emnnyZEA8MwSUlJNTU14q8lRopS6TQ0NGRkZPT29saoR1VgrwwAEssWhmESvcwBAAAAG5ME/w4mAAAAsIGBNQYAAABQC1hjAAAAALWANQYAAABQC1hjAAAAALWANQYAAABQC1hjAAAAALWANQYAAABQC1hjAAAAALWANQYAAABQC1hjAAAAALWANQYAAABQC1hjAAAAALWANQYAAABQC1hjAAAAALX4F6DJv34Q8wwLAAAAAElFTkSuQmCC) --- **Screenshot:** ![real-couchtuner.com vulnerability](/twimages/screen-1083264.jpg) **Mirror:** [Click here to view the mirror](<http://1083264.openbounty.org/mirror/>) ### Coordinated Disclosure Timeline Vulnerability Reported:| 3 February, 2020 14:37 GMT ---|--- Vulnerability Verified:| 3 February, 2020 14:45 GMT Website Operator Notified:| 3 February, 2020 14:45 GMT a. Using the ISO 29147 guidelines| ![](/images/done.png) ---|--- b. Using publicly available security contacts| ![](/images/done.png) c. Using Open Bug Bounty notification framework| ![](/images/done.png) d. Using security contacts provided by the researcher| ![](/images/done.png) Public Report Published [without any technical details]:| 3 February, 2020 14:45 GMT