logo
DATABASE RESOURCES PRICING ABOUT US

kralen.com Cross Site Scripting vulnerability

Description

Open Bug Bounty ID: OBB-1086695 Following coordinated and responsible vulnerability disclosure guidelines of the **[ISO 29147](<https://www.iso.org/standard/45170.html>)** standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence. Affected Website:| **[kralen.com](<https://www.kralen.com>) ** ---|--- Open Bug Bounty Program:| **Create your bounty program now**. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| **[XSS (Cross Site Scripting)](<https://www.owasp.org/index.php/Cross-site_Scripting_\(XSS\)>)** / CWE-79 CVSSv3 Score:| 6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N] Disclosure Standard:| Coordinated Disclosure based on **[ISO 29147](<https://www.iso.org/standard/45170.html>)** guidelines Discovered and Reported by:| **securaji ** Remediation Guide:| **[OWASP XSS Prevention Cheat Sheet](<https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.md>)** Export Vulnerability Data:| Bugzilla Vulnerability Data JIRA Vulnerability Data [ Configuration ] Mantis Vulnerability Data Splunk Vulnerability Data XML Vulnerability Data [ XSD ] Vulnerable URL: ![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAAAjCAIAAADNIk3yAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAKVUlEQVR4nO3cbUhT7RsA8ONcutZsU7ej6SqVXiSChphZWB8kwsYwNSMxtRelIsRCelEJWhIa9oK9iURFSVAfwmSESAyJJRJmY6211gixsQ4i06bOddK583y4/x323zk7rXJ7pOf6fdp9n+vcu69L6+rcG0VQFIUBAAAAIcD7tzcAAADgrwU9BgAAQKhAjwEAABAq0GMAAACECvQYAAAAoQI9BgAAQKgs3B6Tmpr69u3bQEMwXxZsYUOxsQWbLAB/qwXaY969e+f1ejds2MA6BPNlwRY2FBtbsMkC8Bf7SY/5/PlzTEwM66WJiYnm5uZAwz+k0Wjy8/MDDcOAI/Ew3B4281XYec+X3tjHjx937twpFosTEhIqKysnJiZQwNevX8vLy+Pj45OTk8+cOTM7O4th2NjYWHl5uUwmS05Orq+vR5PMNQEAYfP7zzFOp7OpqSnQ8A/96z3mP2LBFpbemFKplMvlFotFr9eTJHn06FEUcOjQIa/XazQatVqtTqdDv3sVFRVer9dgMPT29r548aKxsZF1TQBA+FCchoeHRSJRMJc4In8VQRASiWRmZoZ1GB5/mM48ViN05rGw85svvTGSJFtbWycnJ9G80WiUy+UURZEkyefznU4nmu/r61u3bp3L5eLxeL6Ta9asYa45X5sEAAQjqOeYa9eupaamxsfHl5eXo8OKiYmJlJQUl8sVERHx4MED3+HVq1djYmIuXbqUkJAQGxu7f//+b9++oXVev369devWmJiY5OTk3bt3f/jwgfXtNBrNjh07Fi1a5DcsLCy8dOkSmnz79m10dDR9cnLkyJFTp05xB6xevZr79kDpv3//Pj4+/uXLl9iPQ6Hm5maZTLZs2bK7d++ivDZv3rx48WKZTLZnz54vX74wF/n+/XtlZWVMTMzKlSvPnTs3NzeHlrpy5UpqampsbOy+ffvo/fiam5urr69PSEhYsmTJnj17xsbG0Pz09PSRI0dkMtny5cvPnz8/NzdHbw+tuWTJkr17946NjZ06dUomk8XHxx88eHB6epq1zhH/L9D6rIlwlCtQPHfu9Maio6OPHz+OTuFmZ2cfPnyYm5uLYRhJkl6vNyoqCsULBAK32+1wOIRCoVgsRpNyuXx0dJQ1WQBA2Py8x7hcLoPB0N/fPzAwQBBEXV0dhmFisdhisYhEIpIky8rKfIeFhYUul2tgYGBwcHBwcFCv17e0tKClVCrVgQMHbDZbX19fTk6OQCBgfcdAB2UqlUqr1aLJZ8+eeb3enp4eNNRqtUqlkjugoKCA+3bWzUxMTBQVFV28eHHr1q10QSwWi8lkun//fk5ODoZher3+8OHDIyMjJpNJLpdXV1cz12lsbHS73UajsaenR6fTtbe3o6WMRiOqrc1ma2hoYN7Y0tKi1Wq1Wq3Vak1KSjKbzWi+pqaGIAi9Xt/T06PRaNra2nx/Xn19fQaDgSCI9PR0h8NhNBpfvXo1PDzs+xa+dSZ/OH36dElJCcf6rIlwlCtQPEfuzEOtp0+fCoXCgYGB27dvYxgmFoszMjIaGhpmZ2enpqbUanVmZibrj49jTQBAOHA/5gwPD2MYRh9W9Pf3p6Wl0ZdYz8rQLTabDc13dnZmZmZSFDU+Ps7n80mSZL6LzWZLSUlBr10ul0gkGh8fZw4JghAKhWiFrKys2tra0tJS9I5Lly6dmZnhDrDZbNy3+yWO0lEqlceOHfMrCL09pk+fPiUmJjLPjqRSqcvlQq8NBkNWVpZfbfv6+uja+sJxXK/X+016PB6RSDQ0NISGGo0mOzub3p7veRGPx3O73WjY39+/atUq1jojJpNpxYoVDocj0PqsiXCUiyM+UO6sG3O73Tqdbv369e3t7WjGbDYrFIqoqCihUIhh2PPnz5m/kBKJhGNNAEAY/NrnMb5/bjl6jEAgoOfNZjOO4+h1SUmJQqGora29fPnyixcv6BiPx0MQBHrd2dmZm5tLX/IbKhSK3t7ekZERuVzudDpxHPd4PHfu3CkqKgom4Ke3+6XT0NDA4/Hu3bsXqCCIXq/fvn17UlKSVCqNi4uTSCR+YePj4xiGSX+Ii4vDcZyjtjSn08nn8z0ej988QRBRUVH00Gq1JiYmMrfnt6bv0K+wyJYtW7q6ujjWZ02Eo1zc8cFvDOnu7s7IyPCrz9WrV9E/Yn5vTQBASPHD+cz06NGjN2/emEwmgiBqa2u3bNly48YNDMMiIyOXLVuGYri/UaZUKrVa7dDQkEqlEovFCoVCp9P5nnRxB/z0dl9ut7uzs/Px48fV1dVFRUX0QT9TQUFBVVVVe3u7QCCw2+15eXl+ASRJ8ni8wcFBPv9/BefxeDMzM0HWLTIyMsjI4DHPjm7dupWWlrZr1y6Ou1gTQS9Yy8URH8zGZmdnDQbDxo0b0TAtLY0gCN9goVDY2tp68+bNX00WABAm3C3o955jMJ+zsq6uLvTPTD8GgwF9R8iXx+ORSqX0EY3fkKKo/v7+rKys/Pz87u5uiqLa2tpqamoSExPpxyDugJ/e7psOn883m80URalUqurqatasKYoaHR3l8/m+eTGfYyiKEolEfkdewTzHUBSF47jBYGAWKtBZWTDPMczC2u329PR0+jSJ46yMmQgVuFwc8az79NsY+v4YvSuNRoOO2mi3b9+mn2wCfa+MmSwAIGx+v8e4XC4+n2+1Wv2GqMcUFxfb7XaTyaRQKNRqNUVRZrM5Ly+vt7fX4XDYbLaqqiqVSkWvjD4mQWfu9KTfEMFxHMdxFG+325cuXapQKIIP4L5Kf1zkm7jFYhEIBEajkVkQes22tjan02m1WgsKCiQSyeTkJJ/Pt1gs9DHX0aNHs7Oz0TNcS0tLY2Mjdz+gd9LU1JSVlWU0Gu12e3V1tU6nQ/NVVVX5+fk2m81kMmVkZFy/fp375+U7ZBa2qKjoyZMn9Cf/gdZnTYSjXMHEc29MpVKVlJTY7XaDwbBu3bq2tjb6ksfjSUtL02g09ExeXl5ZWRlBEFarNScn5+zZs6xrAgDC5vd7DEVRarVaKBTev3/fd3jlyhWRSHTx4kUcxyUSSUVFBfrMeWZmRq1Wr1mzJioqCsfxsrKykZERv3c5efJkQ0MDvb7fECktLS0uLqaHmZmZfjHcARxXfZP1S7ympmbbtm3MeUSn02VmZgoEgsTExNraWlSiuro63+KQJHnixAm5XC4UCpVK5dDQUJDPiB6P5/Tp01KpVCAQFBQUOBwONO9yuQ4fPiyVSuVyuVqtRs0syB7DLCzz6ZZ1fdZEOMoVZDzHxkZHR0tKSiQSiVwuv3Dhgu+ljo4Ov49nRkdHS0tL4+LikpKS6urq0Pc4WH+LAADhEUEx/n75Q58/f16/fv3U1NRv3Lt27dqOjo5NmzaxDsF8WbCFDcXGFmyyAPwXLKweAwAA4G+yQP/fZQAAAH8B6DEAAABCZf7PygAAAAAEnmMAAACECvQYAAAAoQI9BgAAQKhAjwEAABAq0GMAAACECvQYAAAAoQI9BgAAQKhAjwEAABAq0GMAAACECvQYAAAAofIPxLA2TQ40C4MAAAAASUVORK5CYII=) --- HTTP POST data: ![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAAAjCAIAAADNIk3yAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAMlElEQVR4nO2cf0wb5R/HD+zYCUc2SqmMobS4bCQa3BYyGW4E3WIIVmzQIZsY0RHE2mwNQYJ1wVpNtyzMzGUuxKipZNFpFmL6FyZ1akfmdAy7rmLXIJaKpbrSFHLDgsX7/nF6Oe+5ux79AXz18/qrfe7zPM/783w+d5+7pz8yKIrCAAAAACANZK60AAAAAOBfC9QYAAAAIF1AjQEAAADSBdQYAAAAIF1AjQEAAADSBdQYAAAAIF1AjVldqNXqa9eurbQKYMW4du3aCy+8IGLwxx9/7N+//9dff102SQCQDFBjVhHXr1//888/77vvvpUWAqwYLS0tKpVKxGDNmjVZWVmdnZ3LpQgAkmIV1ZiJiYnc3Ny4h2ZmZo4ePZrCSTMyMq5fv85p//jjj/Py8sQ7CqmNOyPdcWJigjOFzWarr69PbDRgZUk4EOx8np6edrlcBoOBOTo/P79//37OyAaDwW63xx35q6++2rZtW05Ozs6dO9EMT5JVnnirXN5/ilVUYyQSiUQsFktqx3zzzTc5LSdPnhTvUlJSEgqFUisjgRqTDhnAcsLOZ5Iks7Oz165dS7+dn5+vra2NxWKcLnK5nCTJuCM3NTWZTKbJycna2trnnnsutbIBQCL/fzUm5chksk8++WRqaopp+frrr51OZ9yOzLVgqdNt3ryZ/YJmamrK6/XW1NQsdcDEZACrn2AwuHfv3t7e3sS6x2KxioqKvLy8ioqKhYWF1GoDAInErzFXrlzZvXt3bm7uxo0bH3/88R9++AHDsPn5+YMHD+bm5paUlLz66quLi4uM8c6dO2+//faCgoJ9+/b98ssv9EPr0aNHCwoKNmzY8N5772EYtri4+PLLL99xxx05OTn79u2bnp5mpnvrrbfUanV+fv7TTz89MzPDETMzM6NSqUiSzMjI+OCDD4SU0JOeOHFCrVbn5OQ8+eST09PTL730UkFBQX5+/rPPPnvr1i1mTBzHNRrN6dOnmZaTJ08eOHCAvQIcp7B/bnkxc+Xl5T311FOobDYbN268evUq/eKbb75h2m0228MPP7xmzRoMwz777DPxoDAGvDLEXZ6amnrkkUdyc3PVavWJEyd4twTRoC81jhx++umnnJyc7777DsOw6enpvLy8L774gmNz69at559/vqCg4M4773zttdcWFxfF1xYNPSqSVzY6EbOAHEsheFOCjUhasqdA85lNSUnJK6+8IiIDE00VnU5XV1f34osvGo3GDz/8kHM0458ILYuQL2y+//77/Pz8ixcvCtkv9RzhlSekMHl52NLPYkA68WuMRqNpaWnx+/1DQ0O7du3CcRzDMLPZPDc353K5BgcHHQ5HX18fbTwyMtLW1hYMBt1ud3FxsV6vxzCMJEmPx+N2u61W665duzAMO378uN1ut9vtXq+3qKhodHSU7k6SpNPpvHTp0rfffhsIBLq7uzli1q1b5/F4CIKIRqPNzc0iSuihhoaGnE5nIBAoKysLhUIul+vy5cs+n89oNLKH7ezs7Ovr+/333zEM+/nnnwcHB3U6HXOU1yk2JEm6XC5att/vZwYvQBBZZ/ZGWUtLy549e+hSxOHKlSt79uxpaWlBD0l0Wa/XZ2VljY2N2e32/v5+XjG8QZceR9RxtVptNBrpTxp6enrq6uoefPBBzqSHDh0KBAIjIyODg4M2m+3MmTMia4sJhB4VibbwTsRrKRTBuCkhkpbsKdB8XioiqUIQxPj4uNVqHRwcvOeeezhHo3/T1dXV1NQksixCvtDMzMw0NDQcO3Zs9+7d4nERiiPvIqPyhBSmRJ64QiApKFHC4bBMJotGo5x2hUJBkiT92ul07tixA+07NjZWWFjo8/kwDAuHw+xDSqVyZGSEY09bzs7O0m8vXbpUWlrKHCIIAn0tpIQeKhKJ0O1DQ0OZmZlzc3PMyJs2beKMVl1dffr0aYqiurq62trafD7f+vXrhZxid+TIHhoaYmRPIqAD0pAkSRAEs0okSVosFrlc3tjY6PV66Uav19vY2CiXyy0WC+MyR0Zcl2OxGI7j4+PjdPvAwADqJm/QpcdRyPGFhYWysjKTyaRQKILBIKdLLBajr4n0W5vNVllZKbK2FF/oUZFoC+9EQg5KiSCT5xLTkjOFSG4LNbJbeFOFoqh33323vLw8GAzW1NTU1tbSOpVKJWdwt9t91113hUIhoWUR8YXWUFdXp9Pp2GMKxUUojiKLzMijhAOXvDxK9CwGkiROjaEoqqmpaevWrR0dHb29vV9++SVFUeFwGMMwxd/I5XImd0dGRvbu3VtUVES3r1+/Hj1DIpGITCaLxWKciTiW7Ku80HkopERkKKGRbTbbpk2bZmdn5XK5x+Nh26BOUf+8uIvMJZGBgYGHHnqI0xgOh7VarUwmo9/KZDKtVstUEY5+iS4HAoGsrCymfXR0lFctGnTpcRSB/jbUqVOn0EMcYV6vF71ws53iDb345VhkIl5LEcTzXGJaogoTqDHMjOxUoVjlPxAIKBQKi8Vy+fLlrVu3cgavqqr69NNPRZZF3Bej0ZiZmfn++++zlcSNi/RzhJEnpDAl8tAlTewsBniRxX3Q+eijj65evep2uwOBQEdHR1VVFR254eFhmeyv7pmZf+25abXa1tbWvr4+HMfpL7QIDXvbbbfFf8iKRzQaFVKyVB599NGurq7GxsbKysotW7ZMTEwwh6Q7xQHdHLt58yavJfqNsh9//LGnp8fhcJjNZrrFbDb39vbqdDqz2Xz33XdLdSwh0KAL/SCDN45CjgeDwczMzGAwmLxC3tCn/JNtIUfEUyKFaSkFNFVu3rwZDoe3bduGYdiGDRusVqtWqx0eHqY3ABnefvvt0tLSxx57TGRwEV/m5uYGBgbOnTun1+sbGhrWrVsnZC8eF6FFXjZ5IuMDKWBJFcnpdBYXF1MURRAEukny22+/se+knE4n73MMRVFKpdLpdHIaE3iOEVKSwHMMRVHvvPMOhmF2u51tw+sUJe0BQuJeWSwWUygUzCYARVHt7e0EQXR0dNC7BAyhUMhgMBAE0d7eztEv0WV6r8zn89HtvHtlHOigS4+jkOORSKSwsPDcuXNyuXx0dBRdBN69MhGn0NBLueUX2StDHeR1REqeS0lLtDGB5xjeVKGjzN46a2trwzDM7XazXSsrK2M27kT2yoR8kclkdBw1Go1erxfxXTyOvIvMkSeiMHl5cRUCyRCnxoyOjtbW1l64cCEUCvn9/tbWVo1GQ1FUe3t7ZWUlfZ97/Phxs9lM2yuVyjNnzkQiEa/Xq9VqhWqMxWLZsWOHy+WanJzU6/UOh4OSXGNIkpTJZMz5w6sksRoTjUYvXLiA2qBOUZIv7lJwOBz33nsvu6W5uZkpAyg+n6+5uZmjX7rLTzzxhFar9fl8bre7vLwcVcsbdOlxFEKn0zU2NlIU9cYbb9TU1KAGra2t9fX1fr/f7XZv37791KlT4k6hoZdSY3gnErIUAk2J2dlZmUzm8XjozUMpaUnDzme/34/jOMcA7TU2Nsasg1Cq6HS6qqoqt9sdCoWsVqtCoSgsLDxy5Ahj0NDQcP78eeajdaFlkeKLx+PBcdzlcgnZJ3COoPKEFCYvD11kqDEpJE6NWVhYMJlMmzdvzsrKUiqVzc3N9Ke10WjUYDAUFxdnZ2fX1dUxNxcOh6OiogLH8cLCwo6ODqEaE4vFurq6FAoFjuNarZa+BZNYYyiKMplM2dnZVqtVSEliNYYN2wZ1ikppjens7DQajUvqwp5uqTUmGAxqNBqCIFQq1bFjx1C1vEGXHkdehoeHCYLw+/0URUWjUZVK1d/fz7EhSbKtrU2hUBQXF5tMplgsJu4UGnqJNQadSMhSCN6U6O7uXlJaMjD5HI1GOc8fvL3Onz9fXl4urjAajXZ3d6tUKhzHt2/ffvbs2fHx8ezsbOY+AN3P4F0Wib4cOnSourpayD6Bc4R3u4VXYfLyUHuoMSkkg0LCCSwzW7Zs6e/vv//++5d/6hs3blRXV8MfLK4eDh8+7Ha7P//8cyGD+fn5srKyI0eOHDx4cDmFAUBixP/MH0g3N27cWKmpnU5naWnpSs0OoPT29or/x8TatWvPnj37wAMPLJskAEgGeI75z/H6668XFRXV19ePj48fOHCgp6fnmWeeWWlRAAD8O4Ea85/j4sWLBoOB/nWbXq8/fPjwSisCAOBfC9QYAAAAIF3A748AAACAdAE1BgAAAEgXUGMAAACAdAE1BgAAAEgXUGMAAACAdAE1BgAAAEgXUGMAAACAdAE1BgAAAEgXUGMAAACAdAE1BgAAAEgX/wPwjjTCsALOlwAAAABJRU5ErkJggg==) --- Research's Comment: ![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAAAjCAIAAADNIk3yAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAGmElEQVR4nO3cX0hT7x8H8KOtdTbdXLKGLP9lsUVITI2wWrIgSsYuBhnsIihIhsQo8crKliwQCi9EIWRXXoR0k5erQIaMJWExYow1xhhrHQ+ia62l47RWz+/i8D2MqdOfXw9f0Pfraj7Pc57n+dzszTnPjhWEEAoAAEAElf/1BgAAYM9CxgAAgFiQMQAAIBZkDAAAiAUZAwAAYkHGAACAWJAxAAAgFmQMAACIZeuM+fLlS8U/Dhw4cOzYsSdPnvz584fvnZiYOH78+KFDh9ra2l6/fi1c9fPnz3v37jU1NclkMr1e//TpU+GSio1stmJFRUVDQ8P9+/d///69e1WXFnj48OHilrdv39bU1Hz79k1ouXDhwsOHD8vXVaYLAGCfIltJJBLV1dUcx3Ecl8vlPn36dPbsWZfLRQgZHx9vbm6enZ1dXl6enp6ura31+Xz8VT09PVarNRKJLC8vz87OmkymhYUFvoufKhKJqFQq7h9lVgyFQufPnx8aGtpyqzuTSCRUKlVJo9lsvnv3Lv95ZmZGq9Wurq6Wr6tMFwDA/rTdjClu8fv9p06dIoRotVqv1yu0j42NWSwWQkgul5NIJJlMpvy067/ZN1txfn7+5MmTW251ZzbcSSQSkcvl8Xi8UCjodLqpqSlStq7tlAwAsN/s5DyGpulCofDjxw+WZY1Go9De1dUVDocpivr79y9FURKJZLdutqRSaT6f5z9/+PDh3LlzMpnsyJEj169fX1xcFNovXryoUCiOHj167dq1z58/UxT169ev27dvKxSKpqamx48fCw+vFhcXr169qlAo9Hr99PT0+hX1er3dbh8cHHS73Uql8ubNm+Xr2vWSAQD2gP87Y1ZWVoaGhqxW6+rqKk3TBw8eFLqUSmU2m6Uoqqqqymw222y2d+/era2t/cstfv/+3el09vb28n8GAgG73b60tBQKherr6x0OB99usVhu3bqVTCb9fr/RaKRpmqIol8uVy+WCweCbN298Pt/k5CQ/2OFwKJXKcDjs8Xg2zBiKopxOp9frffDgwfj4ON9Spq7dLRkAYI/Y8k4nkUhQFKVWq9VqdW1tLU3TfX19HMetf6IVj8eFh07ZbHZwcFCn00kkkhMnTgwPDxcKhZJpyzwrK16xsrKyu7t7w5GxWKyuro4Qkk6nJRJJybkOIUStVvPnKIQQ/iSJEFIoFGiaTiaTfPvMzMxmO7HZbI2NjcUtZerasmQAgP1mWxkjl8sZhmEYhmVZ4XuTYRiapotHxmIxtVpdcjnHcfPz852dnSWH9uUzRliRYRifz9fe3j42Nsb3BgKBy5cva7VaPoGESWw2m8FgGBgYGB0dnZubI4Sk02khq/jBGo2GEMKybPHOw+HwhjsJBoMqlaq1tXVycnJ972Z1le8CANhXdnLmz8tkMhRF5fN5oSUQCLS0tGw4ycLCgk6nK5l2+2f+fr9fuLyxsdHlcsViMYZh3r9/XzzJx48fp6amRkZG2tvbHQ4Hy7KVlZWJREKIK5ZlybYzxmQyuVyuubk5tVqdTqe3Wdd2ugAA9omdn1HX1NRotVq/33/p0iW+hf+9Gf95bW2tqqpKGMxxXKFQ2PFaEomEv3xlZYVl2UePHvHtqVSqeFhHR0dHRwdFUWaz2WKxTExMyOXydDrd1tZWPEyj0VAU9fXr14aGBoqiotHo+hVfvXoVj8c9Ho9MJjMajU6nc2Jionxdu1syAMBesGUKbXYfQ4rej0mlUi9fvhTej4lEIhqNxu12syybyWR8Pl9ra+vIyEjJtOXvY4RXZ8LhcFdX1507d/hejUbz/PnzTCYTjUatVis/STgc7u7u9nq9qVQqmUz29vbyv6Lu6+vr7OwMhUIsyz579ox/rYcQYrVae3p6GIYJhUIGg6FkJ7lcrrm5+cWLF/yf0WhULpcHg8EydW2nZACA/eZfZQwhZHx8vKWlRSqVGgwGj8cjtHs8HpPJpFQq5XL56dOn3W73+mnLn/kLNBqN3W7PZrN8r8/nO3PmDE3TdXV1AwMD/CT5fH54eFin00mlUo1Gc+PGjaWlJUIIx3H9/f319fVyudxsNsfjcX4ShmGuXLlSXV2t0+lGR0dLduJyufhfBwj6+/tNJlP5urYsGQBgv6kghPxHd1AAALDH4X9iAgCAWJAxAAAgFmQMAACIBRkDAABiQcYAAIBYkDEAACAWZAwAAIgFGQMAAGJBxgAAgFiQMQAAIBZkDAAAiAUZAwAAYkHGAACAWJAxAAAglv8BO/Je4ul5LCEAAAAASUVORK5CYII=) --- **Screenshot:** ![kralen.com vulnerability](/twimages/screen-1086695.jpg) **Mirror:** [Click here to view the mirror](<http://1086695.openbounty.org/mirror/>) ### Coordinated Disclosure Timeline Vulnerability Reported:| 7 February, 2020 12:14 GMT ---|--- Vulnerability Verified:| 7 February, 2020 12:27 GMT Website Operator Notified:| 7 February, 2020 12:27 GMT a. Using the ISO 29147 guidelines| ![](/images/done.png) ---|--- b. Using publicly available security contacts| ![](/images/done.png) c. Using Open Bug Bounty notification framework| ![](/images/done.png) d. Using security contacts provided by the researcher| ![](/images/done.png) Public Report Published [without any technical details]:| 7 February, 2020 12:27 GMT Additional notification email sent:| 10 February, 2020 21:57 GMT