Open Bug Bounty ID: OBB-1090868
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:
      a. verified the vulnerability and confirmed its existence;
      b. notified the website operator about its existence.
Affected Website: |
vilniausfutbolas.lt |
Open Bug Bounty Program: |
Create your bounty program now. It’s open and free. |
Vulnerable Application: |
Custom Code |
Vulnerability Type: |
XSS (Cross Site Scripting) / CWE-79 |
CVSSv3 Score: |
6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N] |
Disclosure Standard: |
Coordinated Disclosure based on ISO 29147 guidelines |
Discovered and Reported by: |
geeknik |
Remediation Guide: |
OWASP XSS Prevention Cheat Sheet |
Export Vulnerability Data: |
Bugzilla Vulnerability Data |
JIRA Vulnerability Data [ Configuration ] |
|
Mantis Vulnerability Data |
|
Splunk Vulnerability Data |
|
XML Vulnerability Data [ XSD ] |
|
Vulnerable URL:
![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAAA3CAIAAABVZQ1/AAAACXBIWXMAAA7EAAAOxAGVKw4bAAAP/0lEQVR4nO2df0wb5R/Hb6zDAgcDBoVBFygathDCloUgS1DntmwLElIZYzrRoZJJFmaQLJOxBBGVTRxzkkmM0QT4x8UshBBiJiGaNAtRQHZig13DECqDhpSfVlZYx33/uHwvt7vnefoUehTc5/VXn+tzn+fzfJ47PvTT6/vZxPM8AwAAAAAqEOBvBwAAAID/LJBjAAAAALWAHAMAAACoBeQYAAAAQC0gxwAAAABqATkGAAAAUIt1kWMMBsPvv/+OawIqAXEGAEBt/J9j/vjjj+Xl5d27dyObgEpAnAEAWAM85JjR0dHQ0FDkW3Nzc5cuXcI16Wlvb8/NzcU1kc4QvEL29yHvvfdeUFBQc3MzoY80FN764BOfZUaQS0OIs0oQpjYzM/Pmm29GR0fHx8e///77Dx8+XNkQNKtDcGx0dDQiImJlQ68MyuVe8c0FAP6HJzIyMsKyLM1bhJ5kMjIyOjs7cU0ZLpfLq7GE/r7C4XAEBARwHOd2uwndpO55G5YVh5FgBGmTHGc1IEwtNzf35MmTY2NjFoslKyuroqJiBfYpV4fg2MjISHh4+AqGXg00l6hPrgoA8At+rpVNTExYrdb9+/cjm0qeeuopr+x725+M0+kMDg7evXv35s2bfWh27fEY57XkwYMH/f39X3/9dXx8/M6dO69evXrz5s0V2Fnx6mg0muTkZOmLtcS3lygArDeocswXX3xhMBi2bdv2+uuvz83NMQwzNzeXmJjodDo3bdrU3NwsbV69ejU0NPSzzz6LiYmJiIg4derUgwcPcJbb29sPHz68ZcsWWfPEiROffPKJ2G3fvn3Nzc3IwoJwsL6+3mAwREREvPbaa4KHzOOFiN7e3n379gUFBUVHRx8/fvz+/fuMolIhLZX09vY+99xzoaGh8fHxx44d+/PPP6empqRTxp0ri4zw7qeffqqMxr///vvOO+9ER0fv2LHjww8/fPTokTI+SLeR7uEijPRHGnakqcXFxbfffjs0NDQhIeGDDz4QfSOE8dKlS9HR0du3b//2228Zhnn06NGFCxdiYmJCQkKOHz8+NTUlWFBeS0FBQX///XdISIjQYWhoKC4ujmGY+/fvHzlyJCQk5Omnn/7888/JVSzZ6uBiizweHx//22+/CS9+/fVXoeePP/5IGE7aAbcWyggoAyW9ioTXyhsHuYIAsFHwnGOcTifHcd3d3T09PePj4xUVFQzDbN261WKxsCzrcrkKCwulzZdfftnpdPb09PT19fX19fX399fV1eGM476MKSgoaGtrEw5OTExwHGc0GgkeDgwMCB7abLbKykpln/7+/tOnT9vtdrPZrNfrS0tLybPOyckpKiqy2Wy3b9/OysrSarXbtm2TThl3oiwygnt9/0cajXfffXd8fLy/v//WrVvt7e2NjY30bivdo/eHeTzsSFM1NTULCwsDAwO3bt0ymUxfffUV2R+n02mxWMxmc1NTU1ZWFsMwdXV1XV1dXV1dVqs1Li5ucHCQwVxLUu7evXvu3LkrV64wDFNaWhoWFmaxWDo7O5uamsQ+0QoYhpGtDi62NDEXKCoqOnjwoJB7ZPT29h48eLCoqIi8FrgIyAIlBXnjIFcQADYM5FLayMgIwzDz8/NCs7u7OykpSXwLWfQXTrHZbMLx1tbW9PR04bXNZktMTBRPcTqdLMtOT08rmwsLC2FhYYKRxsbG3Nxc2RDSLzykHt6+fRvnocjQ0FBsbCxyCkI5fnp6WqPRKAvlhC9apKV8pXvKaLjdbpZlh4eHhePt7e2ZmZkEn6Vu49xD+qlsSuOMMxUVFeV0OoXXHMdlZGQQ/BHmKK6jgE6n6+/vl3mFu5YExsbGkpKSbty4wfO82+3WarXSuInhHVMgmyYutrjjSJxOZ21tbWRkZEFBgdVqFQ5ardaCgoLIyMja2lohPoS1wEVAGiiaS4WH72OAjYzGYxJiWVb8OB8XFzc9Pe3xFK1Wu2PHDuH1rl27bDabeHp3d7fYrbOzMyMjQ6yBSJtBQUHZ2dltbW1nz55tbW0V/2f06KFer0d6eOfOnfPnzw8ODi4tLS0vLy8vLxMMRkRE5OfnZ2ZmHjhwIC4uLj09/YUXXvA4axzIaExOTi4tLRkMBvG48CeGxu1VuieNM9LUzMyMw+FITEwU+i8vL2s0GoI/DMOwLCutZc3NzU1PT6elpcmGJl9L+fn5ZWVlJ06cEOLDMIw0bmK3+Ph48gRxsaWMuUBISMiFCxdKSkreeuutlJQU4VG3lJSUnJyc4eHhrVu3Ct1wa0GIAKHoh7txAGDjsqbf+W/evHn79u1ik/zUslAum5mZ6enpWf1Ttkaj8fnnnzeZTBzH/fDDDx77f/fdd998801aWtrS0lJ5efnZs2dX6cDKwLm9GvdkcVaacrlcAQEBfX19HMdxHDcwMMBxHNkfJF599z4xMTEwMEAzEWStTA3u3btXWlpqMplqamqEIzU1NSaT6cyZM/fu3RO7EdZioz8bAgA+gPwxh7IixONrZW1tbeJHfilutzsqKkosXMiaPM+7XK7IyMhr167l5eUph/CqZjU5OanRaMQ+HMcJfebn5wMCAqR1NuSjqxzH6fV62ViEcwkFEDEaNLUynNs496RBwNXKlHFGmmJZVlbnIfiDrOTodDqO48heSafjdrulXslqZW1tbWtcKyspKWFZtry83OFwSI87HI6ysjKWZUtKSpRnSdfCYwR4uksFeSIAbBRWnmOcTqdGoxFL1WJTuFXy8/PHxsbMZvOePXuqq6tFC2Ll2mQypaamisdlTYGTJ0+GhYV9//33Mmfm5+c1Go3FYnG73ZRZUKfTNTY2zs7OWq1Wo9Eo9snIyCguLrbb7VarNSsrSzg+ODh49OjRn376yeFw2Gy24uLinJwcZTSQ58oiQ4hGcXFxbm6uzWYzm8179+5taGiQTQ3nNs49MbYyI1J/ZHHGmSopKcnMzDSbzePj43V1dTU1NYQwIv8C1tbWZmRkDAwMjI2NCZ8GyDmGV/xSxGg0SuPm8ZcrUvvI2BKOKyksLBwZGSGMVVhYSAggTQR4VI5BXiqyew0ANhArzzE8z1dXVwcHBzc1NUmb9fX1LMtevnxZp9OFh4e/8cYbCwsLSmvnzp2rrKwUTcmaAm1tbSzLIk+vqKgQhqbMMSaTKT09XavVxsbGlpeXi32GhoYOHDjAsmxKSkpDQ4NwfGlpqbq6Ojk5OTAwUKfTFRYW2u12ZTSQ58oiI5xSV1enjIbT6Tx9+nRUVJRer6+urhZ/OShODec20j2Zb1IjUn9kccbN1OVylZWV6fX64ODg7Oxs8X9/pD/IHON2u8+fPx8VFaXVao1Go8PhIF9LypQzNjZ2+PDh4ODgpKSkK1eueJVjcLHFHV8xuADSRIBX5BjcjcMr7jUA2Chs4nnet8W30dHR1NTUf/75h9xt586dLS0tzz77LLIJqMQGjfPo6OiePXtmZmb87YiKUN44ALCx8PxcmUrcvXuX0ARUAuIMAMBa4mctGVD1X4f4fRX87gAAAL7CnzkGVP3XIX5fBb87AACAD/F9jklISKCsKdOr+vsQXwn+q7FxgAy/KLpLV2FxcfHVV18lTFONICAvg4SEBK++jKFxbA3C69WuAfQ3DgBsIPz5OcYvOWYDMTs7W1tbu8aDiquwuLh49OhRt9tN6JyQkOBwOFRyYDXQOOaX8ALAk4bfcoy3qv7AGiBdBbvdfujQIUGekoBvpel9eBmsB818/+4aAADrAc85Rild7pWWOw6cqj+DEWDHKZ8zKCF6guC/gFJsn6DzPzEx8dJLL4WGhhoMhvr6emnRg160H2cf56pM0f3LL788cuSIePrFixdPnTolC6lyXORKEaYjXYWEhISLFy+SF1G2e4JS4p5eIV/pANIgjWA+83iRilIwn97Vv/76KyQk5M6dOwzDTE1NRURE/Pzzz8hTkLsGAMATheccg5Qup9RyJ0hLEQplOAF23JYBSCF6guA/TmwfR2lpaWBg4NDQUFdXV0tLi0c79ALyoh2lqzJFd6PRaDKZxHp9e3t7Xl6ezA5yXOVK4aajXBSvQF4n9Ar5SgeQBtUTzKd31WAwVFZWlpWVMQxTVVWVnZ394osvMmsopAYAGwnyTzSR0uWUWu48XlqKoOpPEPJiMMrnSiF6suA/0g7uV+iCcJbojygyv0rRftE+/d4EmZmZN2/eFI/LFgU5rnKlcNNRLgrSBxniuziJe0qFfKUDOIM0gvlSx+gF871ydWlpadeuXdXV1VFRUeIP+3FXOwA8yXj4DSZOupxSyx0nw05Q9ScIsCOVz3FC9ATBf68U1CcnJ5eXl6X+kO14JSAvQLM3AcMwRqOxo6Pj2LFjHR0d2dnZsu8bcOPKVoowHdmieAXuOqFUyFc6gDSoqmC+V65u2bLl+vXrhw4damhoiImJEQ563HQAAJ5APNfK6GXklUrmuOqBD58oIwjR/8fIy8sT5PQ7OjqUhbLVs8oHunDXCaVCvtIBnEH1BPPpXWUYxm63BwQE2O128QjUygAAgVefegTpckotdx5TPSCr+lPWyqTK50oherJQJtIOTqtfKC6JEry4WplH0X6cffrdE3ieT01N7erqCg8PF+2I4GplMgu46eA0/ylrZTJEiXt6hXzKTQdoBPN5fK2MIJjvlZj/7OxsbGzsjRs3IiMjBwcHhYNQKwMAJR5yDFK6nFLLHWfTo6o/UoCdoHyuFKL3mGOQdnBa/fn5+UajcWRkxGw2p6WlSXMMvWg/zj797gk8z1dVVaWlpYnq8fzjevjKcZErhZwOcm8FpXuyEcV3cRL3lAr5SgdwBmkE83lFjqERzKd3lef5M2fOFBQU8Dz/8ccf79+/H3cWAAAecgyNjLyAUskcZ9Ojqj9SgJ2gfK4Uovf44QApto/T6rfb7Tk5OSzLJiYmXr58WZobvBLtR9r3avcEoQwoNpXfWsvGRa4UcjrIvRWQ7iGbBIl7Sig3HaARzOcfzzE+F8zv6+tjWVb4bORyuRITE1taWryyAABPDt7VynxCcnLyL7/8gmviWCdbAVosFp1O56/RnU6nVquVPUO1GsTpUK6CDB8uysoc8Mg6uWwA4InFD9r+G1rVn+O4pKQkf43e2dmZlZW1ske/kIjT8fsq+N0BAADUwG/7x2wgPvroo7i4uNzc3OHh4crKyqqqKr+4MTc3d/369VdeeWWVdnw1nYcPH3Z3d+v1+lX6AwDAfxl/f5CixY9FD5PJtHfv3sDAwGeeeebatWt+8YHn+cDAwLy8POXPEr3FV9MpKiqKjIxsbW1dpT+qArUyAPAvvt9rGQAAAAAE/LwPJgAAAPAfBnIMAAAAoBaQYwAAAAC1gBwDAAAAqAXkGAAAAEAtIMcAAAAAagE5BgAAAFALyDEAAACAWkCOAQAAANQCcgwAAACgFpBjAAAAALWAHAMAAACoBeQYAAAAQC0gxwAAAABqATkGAAAAUIv/AQCEL5YaCXTrAAAAAElFTkSuQmCC)
Screenshot: ![vilniausfutbolas.lt vulnerability](/twimages/screen-1090868.jpg)
Mirror: Click here to view the mirror
Coordinated Disclosure Timeline
Vulnerability Reported: |
13 February, 2020 15:51 GMT |
Vulnerability Verified: |
13 February, 2020 16:00 GMT |
Website Operator Notified: |
13 February, 2020 16:00 GMT |
a. Using the ISO 29147 guidelines |
![](/images/done.png) |
— |
— |
b. Using publicly available security contacts |
![](/images/done.png) |
c. Using Open Bug Bounty notification framework |
![](/images/done.png) |
d. Using security contacts provided by the researcher |
![](/images/done.png) |
Public Report Published |
|
[without any technical details]: |
13 February, 2020 16:00 GMT |