Security Researcher UR13L Helped patch 2 vulnerabilities
Received 0 Coordinated Disclosure badges , found a security vulnerability affectingursensollen.de website and its users.
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:
      a. verified the vulnerability and confirmed its existence;
      b. notified the website operator about its existence.
Affected Website: |
ursensollen.de |
Open Bug Bounty Program: |
Create your bounty program now. It’s open and free. |
Vulnerable Application: |
Custom Code |
Vulnerability Type: |
XSS (Cross Site Scripting) / CWE-79 |
CVSSv3 Score: |
6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N] |
Disclosure Standard: |
Coordinated Disclosure based on ISO 29147 guidelines |
Discovered and Reported by: |
**UR13L Helped patch 2 vulnerabilities |
Received 0 Coordinated Disclosure badges ** |
|
Remediation Guide: |
OWASP XSS Prevention Cheat Sheet |
Export Vulnerability Data: |
Bugzilla Vulnerability Data |
JIRA Vulnerability Data [ Configuration ] |
|
Mantis Vulnerability Data |
|
Splunk Vulnerability Data |
|
XML Vulnerability Data [ XSD ] |
|
Vulnerable URL:
![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAAAjCAIAAADNIk3yAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAKEklEQVR4nO3dbUhT3x8A8JstW3rnQzrzYaaLmhFSEmNZ2AMiJTZkkb3Ip4JEI0RKKsyilkmKZlCB+CYoX9i7sBEyYkgM2QuztWyZiYw1dK1lpnarba3d34sDl/u/7p5t5sq/fj+vds7O/Z57vof5dWezVtE0TQAAAABhEPGvbwAAAMCyBTUGAABAuECNAQAAEC5QYwAAAIQL1BgAAADhAjUGAABAuCzdGiOVSl+/fs3XBEsHbA0AgM8SrTFv3rzx+Xw7duzw2wRLB2wNAAAjQI358OGDSCTy+9Ts7GxLSwtf8w9pNJri4mK+JmDvC2aP/nCK+Pj4gMP++dZ8/vy5rKwsISEhLS3t3Llzbrcb9X/58qWiokIsFqelpV26dOnXr1/4OG63+/jx46FmMkzJB2DZWPj7mJmZmZs3b/I1/xDUmP8X/3xrKisrhUKh2WzW6/XDw8NXrlxh+n0+n8lk6u/vf/78eVNTEyaI2+0uLCz0er1/5ZYBWEloLKvVSpJkME9hRobKbrfHxcV5PB6/TUD/b7YXMfOcKeLi4vBj/vnWUBQlFAopikLNwcHBzZs3o/6IiIiZmRnUPzAwIJPJMHGsVmtzc/MCMhmm5AOwbAT1PubOnTtSqTQhIaGiomJ2dpYgiNnZ2czMTIqiVq1a9fDhQ3bz9u3bIpGovb19w4YN8fHxJ06c+PnzJ4rz4sWLvXv3ikSitLS0o0ePvnv3zu90Go3m4MGDa9as4TSPHDnS3t6OOl+/fr127Vp0MwRB1NTUXLhwAT9gy5Yt+MvZ98A5A2EOjlB/S0uLWCxOSUm5f/8+37rcbvepU6dEIlFGRsa1a9d+//7NXN7R0SGVSuPj48vKyph74EvO9+/fa2pqxGJxenr69evXURyMUOdlm5ycPHTokEgkysrK6unpwcdkbw2Kz7fpu3fvXrdunVgsPnbs2OTkJOr/+PHj4cOHRSKRVCrt6OhgzuX45vIrOjr658+f0dHRqOnxeCIjIwmCmJqaioqKio2NRf0SicTpdGLiZGRkXL58GTMAs0DC3wsEPx6AlSNwjaEoymQyGQyGwcFBu93e0NBAEERsbOzo6ChJki6Xq7y8nN08cuQIRVGDg4NDQ0NDQ0NGo7GtrQ2FUiqVJ0+etNlsAwMDeXl5QqHQ74x8B2VKpVKn06HOp0+f+nw+rVaLmjqdrqioCD9ApVLhLw8yZRRFjY6Oms3mBw8e5OXl8a2rqanpx48fw8PDWq1Wr9d3dXUxlw8PD6N82my2xsZGfHLq6ursdrvRaNRqtRqNprOzE397oc7LVltbGxMTMzIy0tfXx64xfDHZO8W36Uajsbq62uFwmM1miURSW1vLzBUZGTk+Pq7T6bq7uwPOFYzm5ubKysrgx4eEb4F+XyCY8QCsLPi3OVarlSCIubk51DQYDJs2bWKe8ntWhi6x2Wyo//Hjx3K5nKbp6elpgUDgcrnmz2Kz2TIzM9FjiqJIkpyenp7ftNvtUVFRKIJCoaivry8tLUUzxsTEeDwe/ACbzYa/nLNwzurQwRFaHXN7mHUlJiYyZzgmk0mhUMzP58DAAMonXxCv10uSpMViQU2NRpObm0tjz8pCmpczl1AoZG8cc1bmNyZ7a/g2nWN8fDw5OZmZi1lXwLmCoVarCwoKvF7v/JwEc+43/yrOU34XyPcCCTIhACx7goBFiCRJ5tQoNTV1eno64CVCoTA9PR093rp1q81mIwgiPj6+pKQkNzc3Pz8/NTVVLpfv37+fCWswGNDjZ8+eKRQK5uSE3UxJSZHJZAaDYdu2bXa7/erVqzKZ7Pfv3zqdrqCgYM2aNfgB6enp+MsDrotJCPsLV37X9fXr16mpqczMTDTG5/MJBIL5+ZRIJCiffMlxOp0ej0cqlTLJRD+8+IQ6Lxs6TWJvHD4mZ6f8bjpBEK9evbp48eLIyIjH4/H5fD6fD83l8/nY6wp4/3hPnjzp7u4eHBxcvXp1MOMXgG+BfC8QvvEArChBvYAXy6NHj16+fGk2m+12e319/Z49e+7du0cQxOrVq1NSUtAY/DfKioqKdDqdxWJRKpWxsbE5OTl6vZ590oUfEPDyxVpXY2NjRETE0NAQ8yMyIiLAsSRfckLicrlCnXfBMYP8RplKpaqqqurq6hIKhRMTE4WFhYt+/2/fvj19+rRWq01ISAi8HgDA34R/m4M5cwjyrKy3t9fvKYHJZJJIJJxOr9ebmJjIHKFwmjRNGwwGhUJRXFzc19dH03RnZ2ddXV1ycrLdbg9mQMDLGXNzcxEREezDJeasDP89ImZdJEkajcbg8+k3yALOyhY8L+esrLe3lxkzPyZna/g23el0CgQC9rpQTDSX1WpF/eyzMr/3jzE9Pb158+aenh52Z6jfK2NWEeRZGbNA/JlqwFcBAMvewmsMRVECgWBsbIzTRK+ukpKSiYkJs9mck5OjVqtpmh4ZGSksLOzv75+amrLZbFVVVUqlkomMPorQ6/XZ2dlMJ6eJJCUlJSUlofETExMxMTE5OTnBD8A/y/5ERKFQVFVVORyOsbGxvLw8vhrDt67Tp0/n5uai9yVtbW1NTU2YfGKSU1VVVVxcbLPZzGbzzp077969S9P03NycQCAYHR31er3sx6HOy1mySqVibxwzZn5MztbwbTpKeGdn58zMzNjYmEqlYmKWlJSoVCqr1Wo2m7dv346Zi+bn9XoLCgrq6upcLOipwsLC8vJyu92Otu/KlSuYOMwqOJvLRONbIL7G+E0IACvKwmsMTdNqtToqKurBgwfsZkdHB0mSra2tSUlJcXFxlZWVP378oGna4/Go1WqZTBYZGZmUlFReXu5wODiznD9/vrGxkYnPaSKlpaUlJSVMUy6Xc8bgB2Ce5Sx2fHw8Pz+fJMlt27bdvXuXr8bwrcvlcp09e1YikURFRRUVFaFf+fnyiUkORVHV1dWJiYkSiUStVqNCQtN0Q0MDk3z245Dm5fRPTEwcPHiQJEmZTHbr1i12HeLE5GwNijN/02ma1uv1crlcKBQmJyfX19czMR0Oh1KpJEkyMzOztbUVMxfNb/6nU0wcp9NZWlq6fv361NTUhoaGYP6IB/MnX3wLxCfWb0IAWFFW0TS9uIdvHz58yM7O/vbt2wKuzcrK6u7u3rVrl98mWDo4W/Mnm04QxPv37/ft2/fp06fFu8FFFuoC/zAhACwbf/Uz/4Dev3+PaYKlY3G3xmQybdq0aREDAgCWiKVVY8DKcePGjdTU1OLiYovF0tjYePXqVcxgsVjst99isQT/T1IuShAAQEigxoB/48CBA2fPnj1z5szGjRvr6upOnDiBGWwymfz2h1QbFiUIACAki/95DAAAAIAs0f+jDAAAwDIANQYAAEC4QI0BAAAQLlBjAAAAhAvUGAAAAOECNQYAAEC4QI0BAAAQLlBjAAAAhAvUGAAAAOECNQYAAEC4/Ac43v+CGcmungAAAABJRU5ErkJggg==)
HTTP POST data:
![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAAAjCAIAAADNIk3yAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAOkElEQVR4nO2cf0hb1xfA0xjjI33VLLwGF90WLbPSSqbS2cyJuHYMESlBRLqSdeJEnMgqIiMTCcGWTESGcyIy+kcQ1+0PETeKk5KVLRMRl0pqg7Mhc1FCyDTNossk03Tv+8f99vK+7728RJdUu+/5/JXcd+4959ycd8+7P16O0TQtAgAAAIAUID5sAwAAAIB/LZBjAAAAgFQBOQYAAABIFZBjAAAAgFQBOQYAAABIFZBjAAAAgFQBOeb/l/v377///vuHbQXAz97e3ttvv/3bb78lKJ+Xl3f//v2UmgQABwByzP8vjY2NarX6sK0A+ElPT5dKpV1dXYkIP3jw4O+//37llVdSbRUA7JenkWPW1tZOnDiReHlyla6trT333HMp0hJXuwBbW1sff/xxihqPq/HRo0dLS0sdHR2i2H312WefnTp1KiMjo6Sk5Ntvv2UacOwJaWlpeXl5169ff/z4Mfcq5tNPP0WX0tLSfvzxR5Y7WCmr7gsvvPDRRx/t7e3xes21Ni8v7/jx4+fPn//uu+9YkrGajeupgNK47nD74dixYydOnPj555+x/BdffHH69Olff/2V+xN0dHRYrVZRAnzzzTeXLl1KRFKA5AbtDz/8UFJScvz48ddee+3BgwcHturRo0fvvPPOyZMnc3JyWL9aUlQItA8kBzr1eDwekiQTL0+uUo/HI5fLU6RFgEgkIixwYPeTUpH3M7OvhoaG1Gq11Wrd2Ni4deuWQqGw2WxM+UgkEolEdnZ2HA5HWVlZb28v9yomGo2iSyKRKD8/PxwOM63CSlktO53O8vLynp4eXq9Z1ubn59+9ezcQCExMTFAUNTs7y3Kct9lEPI2lNK47SOPKyopcLsdd0dHRcfXqVSyv0WgsFgvvT5D4D11WVnbnzp1EJIVJYtBmZ2dPTU0Fg0GTyXTu3LkDm1RTU3PlyhWv17uysqLVavGvliwVAu0DSeFfm2O8Xm9paSn6UFZWliIt/4Sjk2N4+0qlUt29exfXHRwcrK2tjWXA7OzsmTNn4prn8XhkMllpaWlrayuzUGBUnZubKyws5L3ErMiydnR0FFsr3Ox+PWVZK+wOb4nP5yNJ0uPx0DQ9PT2dn58fjUZ5f4IEf2ifzyeXy3d3d+NK/nMSjz2KorxeL03Tt2/f1mg0B1MXDofFYnEoFEJfZ2dnCwoKkqhCuH0gKcTPMQsLCxUVFSRJqlSqurq65eVlVpwxb6FoNGowGJRKpUwmq6+vDwQC9JO4HBwcVKvVCoVCr9ejHxWV9/X1KZVKuVx+9erVnZ0d1E4kEmlqaiJJ8sUXXzQajegpmKZpn89XU1NDkqRarR4YGNjvBGVmZiZxAa7jvA4iL8xmM0VR2dnZN2/epBm3IvrQ39/P8jEUCuGppMViiWXbwsKCVqslCIKiqPr6enRHsfqft6+4VrE0Cg8WSJg5bC0uLubn56PP3Lp2ux3fnMI5hiRJp9NJEAR+7hbOMXa7HekVGO651u7u7qJBPG6z+/WUa62AO7FK2tvb29raaJqurKz8/PPPefuKVzuGGS2jo6MNDQ3oc4JBS/NFSLKCFmE0GjUaTVtbm0ajcTqduHx1dVUmky0uLtI0HQgE5HI5M8EL9wCrJ2OpGB4efuutt/DX7u5u5sQx8faBpBB/P6a2traxsXF9fX12draiooIgCAHh/v5+q9VqtVpdLpdKpVpeXkbl4XDY4XDMzc0tLCz4fD6DwYDL7U9YXFzs7+9H5b29vTs7O0tLSzMzMzabbXR0FJW3t7dLpVK32221WsfGxrDekxx4zWtsbLx48eK9e/e4l3766aeLFy82NjYKO87rYDgcXllZcTqdFouloqKC1XI4HF5YWGD5mJWVtbKyghZw9Hp9LNsWFxdbWlr8fr/T6czNzW1vb+daHquvWFZxNQoQDocJgkhPT8clmZmZ29vbvMKbm5s9PT06nU64TczZs2dNJlNTU9PW1paw5O+//240Gpubm/drbXp6+ksvvZRIs/vylJfE3cEYDIZbt259/fXXHo+HGXKJwA1U5mZM4kErEozbfxK0CJIkV1dXLRbLzMzM2bNncXleXl53dzfaCDQajTU1NW+88YYo4Vs4ERU6nc5ms/3xxx+4f+rq6g6mAkgCwikoGAxKJBLWKq1A8lcqlegJhSUvEom2t7fR17m5OfxkKhKJ1tfXUfnk5CReVKUoCq9xo+V+mqaj0ShBEKurq1ge6/Vy4HUnHA6bzWaFQtHQ0OByuVChy+VqaGhQKBRmsxkr5XWc10HkRTAY5O0iAR9Z3chrGxO3252dnc2tyNtXwlZxG2HBvbq6usrah6AoiqIohUJBEERrayvuK+ZVRHt7O6vZaDSq1WrR0yV3hwO3LBaLq6urY5mEKzIvdXV1oep4LrLfZlmexp3HCLjDrYJpbW0lCGJkZISn9xkVmdp5AzUcDpMkiX7oxIOW5ouQJAbtzZs3NRqN3++vqqpCXe12u5VKJbq6u7tbWFhoMpkoivL7/aiQ9xYWGGqEVWi12omJCdwC6hOuCpjHPAXir5Vdvny5uLi4s7NzYGDg+++/p2P/8KFQSCKR4HUtpgCvvMfjIQgCly8vL6MQCQaDzEFKoVCgcp/PJ5VKmfIHC4hgMKjT6SQSCfoqkUh0Oh1ekxVwnNdB3sGaebvy+hirIsu2xcXFN998U6VSoX7gDqmx+krYqlgCGK/XyzSbpmm3201RFK4rk8nQXerz+bgdgq8i8EDGVOpyuWQy2dTUFHeHA1e02WylpaWDg4O8BuOKTGtDoZDX652fn2fGhkCzcT1NJMfEcodbBbO0tEQQhPAeO0s7b6BOTk5euHABf00waGO5lpSgpRlZzefzURRlNpvn5+eLi4uxADovNzQ0JOA+Vx3v4yyvir6+vsbGRpqmh4eH8ULivtoHkoUk7kTnyy+/vHfvntPp9Pl8nZ2d5eXlwmf209LS9j2Z+l8ikYhYLLbb7RLJf80Ti+Os6XGnvZubm7ySv/zyi9FotNlsvb29qKS3t3dgYKCtra23t/fUqVNYkuv4jRs3RMlwMBZc23Q6XXNz8+joKEEQXq+3urqaVeUAfZUI6NFvb28PLyJtb29nZmZiAbFYnJOTE6u68FXEyy+/bDabW1papqenY9XNyckZGhpqamq6du2aTCaLRCKPHz/G/R8Oh2UyGcvarKysrKysjY0NdClus8KeCihN0J1YZGZmSiSSjIyMRIQRvIHKOrV8FIJ2c3MzGAyWlJSIRKLnn3/eYrHodDq73c5cjvP7/WKx2O/345LEb+FEVNTV1aHPt2/fxuuKXBV2u/0gPgP7Yl8ZyeFw5Obmbm9vi8VivPY1OzvLfLhwOBysWgLzGBFjSj41NYWn5CRJcmf3aK0M7+UeYK2stbWVJMnOzk607YkJBAIdHR0kSTIPCHEd53Uw7jwmlo+silzbNjY2mM+GDoeDO4+J1Vf/cB5Dc05bDQ0NCZy2iqs61qWqqiqtViuwNjU/P49XvZRKJfNE8sjICF7yUqlU6LEdMTAwgC/FbVbAU2Glcd3BYtyn40QOaHFlWIEajUYpisKrxywEgpa38aQELf3kPmUunbW0tIhEIrwtHwqFsrOzv/rqK4VCgU4l0DFu4VjnvuKqoGm6qKjIarXK5XI8UnFVwLmyp0CcHLO8vFxdXY1eO1hfX29ubka3X1lZWXNzs9/vd7lcFRUV+BYym81lZWVLS0ter7e9vR29ZyCcY9BxKafTWVxcbDKZkExra6tWq0WPY/39/fjdi/r6ep1O5/F4nE6nRqPZ78RWr9czjxux8Hg8er1e2HGug4nkGF4fw+GwRCLB9wmvbUqlcmRkJBQKuVwunU6H/N3e3pZIJCsrK2gBhLeveK1ialxfX2etEbHAb40EAgE0HAi8NcL1Pdb7MdzND5Iked+PiUQiy8vLlZWV6AgWTdPDw8MFBQU2mw29BKNQKPDoj9+P2djYGB8fVygUc3NzsUxiNSvgqbDSuO5gsYPlGLfbzRvhOFBtNltRUREuTzxoeQ1IVtDSNN3W1lZeXu50OgOBgMViQUfX8KsnbW1taP3qxo0bVVVVwp1QXV2t1+t9Ph8aapiNCKign5w6Yz4u7Kt9IFnEyTG7u7smk6mgoEAqlSqVSr1ej/bo3G73hQsXSJI8c+bM0NAQ8+zyhx9+SFEUQRA6nY55ShK3ydqq5R6RpGkavaqWm5srk8lqamrwk5rf76+trUVnl/v6+lK3eBrLca6DcXNMrPPZNE2bTCaZTIaOgfJis9nOnTtHEER2dnZnZyf212Aw4Iq8fRVrCMMaI5EI60mQCxq4pVJpcXHx9PQ01zte0AjFItaeCk3To6OjrD1/jFKpbGlpwc+hNE1/8sknarVaKpUWFRVNTk6yrEWXSktLWcdh4zYby1NhpXHdwWIHyzETExPCr310dXV1d3fjr4kHLa8ByQpamqYjkYjBYFCr1QRBlJaWjo+PoyPLNpvNbreTJIkmSZFIRK1Wj42NCTS1sbFx5coVhUKhUqkMBgM+ZS6gAgk4HA7RkzPWB2gfSBbHaJpO5tLbU+Thw4eVlZWJ/2ngobC2tlZUVISPUR4prl275nQ6WX+7AhwR/vrrr8LCwp6envfeey+WzOnTp8fGxs6fP59c1Uc5aBPnzz//pCjK5/M9/b+SApjE3/M/sjgcjvz8/MO24hlmYGAAPesBR5CMjIzx8fHXX39dQObhw4dPzZ5njjt37lRUVECCOXSesRxz/fp1lUp16dKl1dXV7u5uo9F42BY9w6Snp7/66quHbQUQE+EEAwiwtbU1PDx8+fLlwzYEeNb+27+qqmpkZCQ3N1ev13/wwQfvvvvuYVsEAMCRA+8kHbYhgOgZ3o8BAAAAjjjP2DwGAAAAeIaAHAMAAACkCsgxAAAAQKqAHAMAAACkCsgxAAAAQKqAHAMAAACkCsgxAAAAQKqAHAMAAACkCsgxAAAAQKqAHAMAAACkiv8A0KrF5wTC/lAAAAAASUVORK5CYII=)
Research’s Comment:
![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAAA3CAIAAABVZQ1/AAAACXBIWXMAAA7EAAAOxAGVKw4bAAARuklEQVR4nO2dfUwT5x/AT2iwlvIqVEHkxWywPwxzagxs6Mw0g7GONPgy4jo1G2HGoLLGEIbOMcyq4kscMkacS9yyzMy4jRhj0DC3VMecYtfVihWdgwLFOSgUCx4EuN8fl13ud3fPc9eXA8Hv56/ey/N9vi/Xe3rPc/1+Z1AURQAAAACADARNtgIAAADAtAXGGAAAAEAuYIwBAAAA5ALGGAAAAEAuYIwBAAAA5ALGGAAAAEAuYIwBAAAA5ALGGAAAAEAuxMeYGUKEhYX53OWjR4927NiRlJQ0a9astLS0AwcOjI2NEQThdrv37duHatXe3u5Ppz7LYWsVKB1kRbqS77///qxZs7766ivRJpgT2tvbo6KifNbBB/DXySQi3Wr5/MOEw9suBOPIIeC3Ar6SbDUEu6PPmTFjxs2bNznSvvvuO6btlPiqPiWIjzEkSZIkabfbIyMj6c+tra3+dPnOO+84HI6LFy86HI7a2tqGhgaz2UwQRH9/v9FoRLVKSkrq6enxp1/f5OC1mrr09vZWV1dfvXpVr9cHyrcMARfIZrpG5Mkn4LcCb7sjSZI5euTIEc75R48elU8ZwGcUomfMnDmTIAilUsl8DgkJ8bm/x48f19fX9/T0REREEASxatWqVatWSWxL9+4/gZIzpfF4PCqV6vnnn6c3A+4TcPL0I7C3Ah+6Y1AoFKdPnzYajXFxcfSe3377zWKx0CcDTxS+r8d8+umnKSkps2fPfvvtt91uN7N/eHj43XffDQsLS0pK+uijj+h5MIbx8XGCIBQK7tjmdruTk5M9Hs+MGTOY2Zt9+/bFxsbGxcV9+eWX7Idf+vPhw4dTUlKioqLeeustRoHu7u7XX389LCwsJSXl8OHDmGkcjBCUVhjD8VYTBHH9+vXly5eHhYXNmzdvzZo1t2/fxjS8fv16ZmbmrFmzYmNj161b19XVxSjM9glBEGNjYx988MGcOXNCQ0PXrVvX29uLjw5Nb28v39sSDSEIoqurKzs7OywsLC0t7dtvv+WfwBaIMlw0lIODg++9915sbOz8+fM//vhjZkKVHxFGzsGDB+fMmRMVFbVp06bHjx+jnCYoGSUB5RNByQyfffZZdnY2s7lr165NmzZxvISKET/6+GtVNBwoE6Q0lIJvtwJ/UCqVWq22pqaG2XP06NENGzYESj4QQHwcYzwej8ViaWpqunbtmtPpLCsrYw5VVlYODQ1ZrdaGhgaTyVRXV8duGBoampubW1BQ8Ouvvw4ODjL7IyIi7Ha7Wq0mSVKv19Nd2O12m8128uTJrKwsvgJWq5VWwOFwlJeX0/uLi4tDQkLu3bvX2Nj49ddfi1ohKASvlaDheKsJgtBqtZs3b3Y4HFeuXMnKymJ+cAk2NJvNRUVFDx48sNlsCQkJxcXFjMIcn1RVVTU2NjY2Nra2tsbHx7e0tOCjQzN79myOXRLDxzg5PDy8paXl/PnzovcmlOGiUdi+fbvT6TSbzQ0NDWfPnq2trRWMCFvOtWvXmpubm5ubzWZzVVUVymmCkjESUD7BXKI6nc5kMj169IjePHv2bH5+PkdbVIwEo4+5VqWEQ9AEr+KIwudbgZ/s3Lmzrq6O/h3Q0dHR0NCwdevWAMoHAgYljba2tsjISOYzQRADAwP0ZlNT04IFC5gzY2JiPB4P/dlisSxbtowjamBgoKysLDU1VaFQPPPMMxUVFaOjo7RYtVrN7sLlcrEV4BxlFLhy5QqtwOjoqFKpvH//Pr3/hx9+YHTmy0EJQZ2PNxxvtcvlUigUJEny5Yu66969e3PnzhX0CUVRGo3GbDZzFMZEB2UX81lQH/YJtJMdDge9iXcyxnBBbdmhVKvVTCjPnj2bkZHB15Yjh63V0qVLBZ2GkoySgPEJ5hKlKCojI+PMmTPMfrYTJMaI+i/6mGsVFQ6OMnwTpMRRkADeCujmMSyio6M5arC7Y/bQpq1YsaKmpoaiqNLS0qKiIo5i/IsEmBTE12MEUavVzGRIfHy8y+WiP/f19fX09CQnJ9Ob4+Pj/GkxeoZh3759w8PDZrPZYDCMjo7u3buX3wXmRRe2AgkJCbQCDx8+HB8fT0lJofc/99xz0q1ghEhvwhguanVUVNTatWszMjJeeeWV+Pj4pUuXvvzyy5iGf/zxR2lpaUtLy8jIyPj4OD3ByPeJ2+12uVzp6elSlJSClPA9fPiQIIj58+fTm3gnowxHacsO5cjICDuU9P0Ig1KpZGvlcDgY+WynYSQLSsD4BH+J6nS6c+fOrVmz5ty5c7m5uZwVBUyMBKOPulalhEPQBK/iiMGfWwFBECqVymKxMJudnZ05OTkSu965c6fBYNi4ceOJEyeampp80x+QGx/HGBQkSQYFBTU3NzPXU1AQcjpu5syZmZmZ1dXVer2eP8ZMIaRYferUqRs3bthsNqfTaTAYXnzxxWPHjqEa6nS6wsLCuro6pVIp+q0LDg6eSEO8RdBwvzWdOHz2SX5+Pj2Bdu7cuc2bN0vv0avoS0GOsAaq06CgoHnz5jGbo6Oj0rt44403SktL169fn5GRkZaW1t7e7qfOgBwEeIyJi4tTqVQul+uFF15AnTM4OBgaGspskiTp1YWFQaPRBAUFtbe3JyUlEQRht9sDIlYUKVYTBLFkyZIlS5YQBJGbm6vVao8dOybY8N9//3U6nR9++CG9iXkJOCIiIjo6+s8//2ReD5sAQzQaDUEQHR0d9E9gKW+v8g0XbaLRaEJCQv7++2/6gcNutzO/iFGQJMnWKjEx0VvJghIkBpfPs88+q9Fofvrpp6tXr54+fVpiK+nRZ8whxMIhaAK9Au9VHL3CZ795hcFgKCoqamxslK8LwE8C/3NGr9dv3br11q1b3d3dBw8e5Dyg3LlzZ8GCBV988UV3d7fb7b58+fLWrVsLCwsJgoiJiSFJ8u7duz53HRwcrNVqS0pK2tvbb926VVFR4act0rXCW3379u3XXnvt559/7u3t7ejoqKmpWbRoEaphbGxsdHT0559/7na77969i7eipKSkqKjo5s2bXV1d27Ztu3z5sn/mChsSHR1NkuSdO3fGxsaCg4NzcnIMBkNXV5eokzGG4wkODi4oKCgpKeno6KB7Yd4awkSErZVWq/VWMkoCPrgMbC/Re/Lz8w0GQ1ZWlvT/A3oVfdocwXBwlOGbgInj8PCwRG3xSPSbP2zcuPHSpUuo/z8M/z8BfLEN8AKJ6zaY9TTOohxJkiUlJQkJCSqVKjc3l1lcZTh//vzKlSvDw8NVKlV6evrx48eZQxUVFSqV6uTJk/wlO9QaNUeBBw8eaLVatVqdnJy8f/9+/Jo/xgo2KK3YTfBWj4yMVFRUpKamhoSEaDQavV7/4MEDTEOTybR06VKlUjl37lyDwSC4ikszOjpaWloaExOjVCp1Ol1PT49Eu1D+RBlSVlZGO4GiqM7OzldffVWtVqemph46dAjjZIzh/K452no8nqKiopiYmISEBObFEE5EOHL279+v0WgiIyM3btw4NDSEcpqgZJQElE8EJbO9RFEUvdLA1lPUakoo+vjzUeFgKyNogmBD0dXyAN4KBL/m0tf88Yrx73V1dXUYuwCZmEFR1EQPaxPFnTt3VqxY8c8//0y2IoDstLe3L1y4kHlXeFIk8BkcHIyJiXE6naJpWgBgujKdc2JaLJYFCxZMthbA08vFixezsrJggAGeZgK85j/p7N27Nz4+Pi8v7/79++Xl5Xv27JlsjYCnFLfbXVNTU1BQMNmKAMBkMt2eY1auXFlbW5uQkKDX67dv385P4AEAEwOzrjPZigDAZDKhY0zAE27zBS5fvvzGjRvDw8N3797dsWOH//KlTHR4ZRc7YdrEzKJ41REnc77PifRRPpEp6XpSUhJ7KeXChQsRERFM9jaCIF566aVdu3YR6NISSUlJTqdT8JBvDA8Pf//99+y/Xkq0/YktXgAAPjDdnmMmBVlT2U8wnMz5AU+kPzG+ys7OzsrKqqyspDd//PHHtrY2OscXqrQE/lBAkGg7FC8AphPTbT1mspCeyl6hUKSmprI/PG1MTNr/I0eOLF68uKSkJDExsayszGg0hoaGYkpL+FN1QjpQ8gB42hB/jhHMHo9JPo/Plk8QxIEDBySmT5eiCRvBnO0EIr08qkd8wvM333zzk08+YTYzMzP5dSQFncMwb968Gzdu0B9+//13eueFCxdwMZAh37ugkpzM+fxE+oKtMHHhZ32XWFtBtEYD3skEQaSlpRUVFZWVlR0/fjw8PJxemUOVlsAf4vQrWKqA7wQp9Sn4pQRQxQsAYIoiPsYIZo/HJJ/HZ8v3eDzN/yElfbqoJmxQOdsF08ujesQnPF+/fn19fT39ubu722Kx6HQ6zjko52DYvHnzqlWr6LFHkIDnexcUyMmcz0+kL9gKFRfREgN4/fE1GqQ4ec+ePZcuXSovL6+urqb3oEpL4A+xQZUqQBVZwNen4JcSwBQvAIApiei/NPnZ4zlwks9jsuV7mz5dVBNOznnBnO2o9PKCPYomPB8aGgoPD6dPqK2tzcvLo7B/jWacg8fj8RiNxujo6PXr17e2tuJP9jnfO14g/Zn/z21R0wSvEFTWdym1FaTUaEDpz6GgoCAxMZG9B1VaAn+IBlOqAFVkAV+fQvC7AHnpgemEyBjT39+vUCg43zSKosxm8+rVq+Pj49klH0SzmLS1tSmVSmazpaVFo9FQFEXnA2fXkKD3i2rC7tHpdIaEhDCHWltbmftOQUHBokWLDAbDoUOHfvnlF0yPTqeToyH/7lZQUFBdXU1R1OrVq7/55hu+4YLOkYLL5dLpdAqFgn+ILxPjbSlWoJTEjzH8VqgrBKWelFw+nFB6pT8bq9UaGRm5cOFCwSQiJEk2NTVlZGTs3r1b+iH+tURJuDj5e1DfBcGGADB1kfReGT97vE6nW7Fihclkslgs58+f9/NZikkDbrFYLBaL1Wpll5TAayKFU6dOnThxIj09fWRkxGAwbNu2TXqPfOjpsr6+vmvXruXl5fFP8M05f/31V3FxsclkYt6G8l8mBt8EoloFsL6An5qw2b59u8FgqKmp2b17d19fH+coU1qCnxQZc4h/LTGHJt4JADAFEB2FNBqNxWJh73n48CH7t7bFYpH+HEOw5gfq6+uZ+QG1Wo2fkRPURMpcGQeLxZKQkIDqkTPLVF9fz/+BTJJkdHT00aNH8/Pz+WqgnINny5YtarXaYDD09PTwjwrKxHhb1AqMkpjnGFQrflwE5Uh/jqH1b2trozf5c2VSnHzmzJnExEQ6r6VOpysuLqb3MxOkNCaTiZmjwxwShLmWBJ0g+hyD+i7AcwwwnRAfY4xG47Jly6xWa2dnJ/1Dm6IojUZTW1vb39/f2tqq0+m8GmPWrl3b2dlps9kWLVpUUVFBH9qyZUtGRgZdyaqqqqqyslKKJgMDAwqFwm6309MUhYWFeXl5DofDZrMtXryYntFqaWnJycm5dOlST0+Pw+EoLCzUarWYHnU6HVtDwRFiw4YN4eHhp0+fZuxiGy7oHDx6vZ65pQrCl4n3tqgVKCU9Ho9CoWDWhDibgq0ErxB/xhiKotauXavT6dra2mw2W3p6unT9aYaGhpKTk+mZTIqiWltbVSqV1Wq12+0ajeb48eNOp7O/v99kMi1cuNBoNFIUhTnEgLqWBJ0gZYwR/C5wfA4AUxrxMYafPZ6SlnwelZS7qqpKYvp0KZqwE5gL5mxHpZdH9SiauJ6iqPr6erVazSjPMVzQOX4SqHzvUpTkZM5nbwq2EoyLn2OMaI0GvJMrKys5r42UlJSsXLmSwpaWwByiwZQqEC2yQPHGGFQpAX4IAGDqMp1z+wPTg2lZo0GOUgIA8AQCuWSAJx2o0QAAUxfIJQM8iUCNBgCYHsBzDPAkAjUaAGB6AOsxAAAAgFzAcwwAAAAgFzDGAAAAAHIBYwwAAAAgFzDGAAAAAHIBYwwAAAAgFzDGAAAAAHIBYwwAAAAgFzDGAAAAAHIBYwwAAAAgFzDGAAAAAHIBYwwAAAAgFzDGAAAAAHIBYwwAAAAgFzDGAAAAAHIBYwwAAAAgF/8D4wqeRvrQdh8AAAAASUVORK5CYII=)
Screenshot:
Mirror: Click here to view the mirror
Coordinated Disclosure Timeline
Vulnerability Reported: |
4 February, 2020 08:27 GMT |
Vulnerability Verified: |
4 February, 2020 08:40 GMT |
Website Operator Notified: |
4 February, 2020 08:40 GMT |
a. Using the ISO 29147 guidelines |
|
— |
— |
b. Using publicly available security contacts |
|
c. Using Open Bug Bounty notification framework |
|
d. Using security contacts provided by the researcher |
|
Public Report Published |
|
[without any technical details]: |
4 February, 2020 08:40 GMT |
Public Disclosure: A security researcher can delete the report before public disclosure, afterwards the report cannot be deleted or modified anymore. The researcher can also postpone public disclosure date as long as reasonably required to remediate the vulnerability. |
4 May, 2020 08:27 GMT |
— |
— |