logo
DATABASE RESOURCES PRICING ABOUT US

preciseshoes.com Cross Site Scripting vulnerability

Description

Open Bug Bounty ID: OBB-1096776 Following coordinated and responsible vulnerability disclosure guidelines of the **[ISO 29147](<https://www.iso.org/standard/45170.html>)** standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence. Affected Website:| **[preciseshoes.com](<http://preciseshoes.com>) ** ---|--- Open Bug Bounty Program:| **Create your bounty program now**. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| **[XSS (Cross Site Scripting)](<https://www.owasp.org/index.php/Cross-site_Scripting_\(XSS\)>)** / CWE-79 CVSSv3 Score:| 6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N] Disclosure Standard:| Coordinated Disclosure based on **[ISO 29147](<https://www.iso.org/standard/45170.html>)** guidelines Discovered and Reported by:| **geeknik ** Remediation Guide:| **[OWASP XSS Prevention Cheat Sheet](<https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.md>)** Export Vulnerability Data:| Bugzilla Vulnerability Data JIRA Vulnerability Data [ Configuration ] Mantis Vulnerability Data Splunk Vulnerability Data XML Vulnerability Data [ XSD ] Vulnerable URL: ![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAAA3CAIAAABVZQ1/AAAACXBIWXMAAA7EAAAOxAGVKw4bAAAPNUlEQVR4nO2dbUxURxfHR0S6sBflbaGya2DRICEEjTGUNDS1atRQQihSbFNasSUtIbShhL6ICaVbg5aCbaltmqZNkC/6wRhDSGMJscmGUKpIt1tCkQCFLYWNXd7sVQGR+3y4eea5z70zs3eXvV4s5/dpZ5h75syZkeOeXf6zThAEBAAAAAAaEKS3AwAAAMC/FsgxAAAAgFZAjgEAAAC0AnIMAAAAoBWQYwAAAACtgBwDAAAAaMWqyDFWq/XXX3+lNQGtgYADAKAR+ueY3377bXl5eceOHcQmoDUQcAAAtMNLjhkbGwsPDyf+aG5u7tSpU7SmelpbW3Nzc2nNwMJYju7W9AIHfGZm5tixYyaTyWw2v/fee/fv3/fD2ttvvx0aGnru3DmfnsKRHBsbi4yM9GPelaBmH/0+3gCwxvH/fczs7GxdXR2tqZ6HmWMSEhI8Ho9Gxh9RcMCLi4sXFxcdDsfVq1e7urpqamp8NTU1NdXU1NTd3V1UVKSBp1qh5lT4fbwBYI2jc61scnJycHBwz549xKYWPPbYY9oZf+TAAb93715vb+8333xjNpu3b99+5syZixcv+mqN5/mwsLAdO3asX7/epweDg4OTk5OlLx4ycCoAQCNU5ZjPP//carVGR0e//PLLc3NzCKG5ubnExESe59etW3fu3Dlp88yZM+Hh4Z988klcXFxkZOTRo0fv3btHs9za2nrgwIENGzbImmL5QmlE7D916pTJZNq8efN3332HEFpYWHjttdfCw8MTEhI++OCDBw8eiNYePHhw/PjxuLg4o9H4/PPPT01NSasi169ff+qpp8LDw81m8+HDh3///Xexn2aNNl4ZHITQnTt33njjDZPJtGXLlg8//BAb8dU4RrkW2iziGhsbG61Wq9FoPHLkyNTU1DvvvGMymaKjo48dO3bnzh1l/ENDQ//880+j0Sj2Dw0NxcfHI4T++uuvgwcPGo3GrVu3fvrpp4xC1tTUlPRIMIKg7DebzTdu3EAImc3mn3/+WRz2ww8/0ObC4DHEABKDpjxC0kod8dTJTrtXrwAAwHjPMTzPOxyOrq6ua9euTUxMvP/++wihTZs2DQwMcBw3Pz9fVFQkbT733HM8z1+7dq2np6enp6e3t7e+vp5mnFEooxnheX5gYKCvr6+5uTkrKwshZLPZ7t6963Q6r1y5Yrfbv/76a3FkfX19R0dHR0fH4OBgfHx8f3+/dOqcnJzi4mKXy9XZ2ZmVlWUwGMR+mjXieGJwEEJvvfXWxMREb2/vlStXWltbv/rqKz+MSyGuhTaL6FVnZ6fD4ZiYmEhJSfF4PE6ns7u7e3R0tLq6mhZ/kZs3b1ZVVTU0NCCEysvLN27cODAw0N7e3tzcjMeYFERHR0uPBMM9Wr+M4uLiffv2iblHyfXr1/ft21dcXMwIIO0AKI8QhnjqZKed6A8AAGQEJqOjowih27dvi82urq6kpCT8I47jpCPFpviIy+US+y9durR7927xtcvlSkxMxI/wPM9x3PT0tLJJMyL240dEYmJieJ4XXzscjoyMDPF1bGxsb2+vbDmik9PT08HBwfPz88olE60Rx9OCs7S0xHHcyMiI2N/a2pqZmemrcRnKtdBmEb2anZ0V+zs7O4OCgu7evYud3LZtm/haFn+R8fHxpKSkCxcuiFMYDAbpLkREROBhMoT/PxI09xjBkcHzfF1dXVRUVGFh4eDgIO4fHBwsLCyMioqqq6sTg0kLoDJoAukIqTm6stMOAIBKgr0mIY7jcH0pPj5+enra6yMGg2HLli3i65SUFJfLhR/v6urCw9rb2zMyMnD5RdakGeE4TlqxmZmZ8Xg8iYmJYnN5eTk4OBghNDc3Nz09nZ6eTvQwMjKyoKAgMzNz79698fHxu3fvfvrppxnWaOOJwbl169bi4qLVasXOi7+8fDWOIa6FNovo1aZNm8TXFotl48aNoaGh2En8+bYs4CIFBQUVFRVHjhwRp0AISXcBDzObzcTAenWP4bYMo9F4/Pjx0tLSV199NTU1FX/PLTU1NScnZ2RkBK+RGEDGAZAdISm0UwcAgH94zzEBZP369Zs3b8bNgHyjbH5+PigoqKenR/x9jRAKCvpfAZDx4fP58+dv3LjR19c3MTFRWVn55JNPfvHFFwxryvFVVVWBcpXojOxxXz9I94oy4JOTk06n86effvL6rMlkkvX8/fffgXQOIYTQ8PBwTU2N3W632Wy402azNTQ0lJWV2Wy2rVu3ip3KAJ48eRJpEDQAAHyD/TZHWRDD1RKVtbLLly/jgoOUpaWlmJgYXDORNWlGiCULjuOUJRFBEGJjYx0OB2M5GIfDYbFY2NaU42nBYZSD1Bv3uhZGrYy2ZTInpQHHNqU9slrZ5cuXH2atrLS0lOO4yspKj8cj+5HH46moqOA4rrS0VPkgDqAyaMr4COqOLtTKAMA//M8xPM8HBwfjQjluiv9QCwoKxsfH+/r6du7cWVtbiy3gorndbk9LS8P9sibNCPGfemlpaWZmpvh/2Pr6epvNJvbX1dVlZGQ4nc7x8fHy8nK73Y4f7+/vP3To0NWrVz0ej8vlKikpycnJYVgjjmcEp6SkJDc31+Vy9fX17dq1q6mpyVfj0lgR10KbRWWOkQVcuUEieXl50l2QmlIim5oWBFq/jKKiotHRUfZ0RUVFAj2AxKB5zTHEoys77QAAqMT/HCMIQm1tbVhYWHNzs7TZ2NjIcdzp06djY2MjIiJeeeUV/IGz1FpVVVV1dTU2JWuKI5VGiDlmfn6+oqLCYrGEhYVlZ2dL3xu9++67MTExBoMhLy/P4/HgxxcXF2tra5OTk0NCQmJjY4uKitxuN8MacTw7Ab/++usxMTEWi6W2tnZpaWmFxpVroc2iMsfIAk4cLAjC+Pj4gQMHwsLCkpKSGhoafMoxtCDQ+v2GtpvEoLFzDO3oCorTDgCAGtYJghDY4tvY2FhaWto///zDHrZ9+/aWlpYnnniC2FRpBPAbWcDVMDY2tnPnzpmZGe280hc4dQAQcB7qZ/5Sbt68yWgCWgMBBwDgIaCzlgyo+q9CdN8F3R0AACBQ6JljQNV/FaL7LujuAAAAASTwOSYhIUFlRZvx9zHqjfhKoAT5H4Kwvy568tJdWFhYePHFF/EyExISZB/GaBGEgAhv+yfXH/BTp++dBQCwGtDzfczDVPV/FNFFTx7vwsLCwqFDh5aWlhiDtbgrISDHAOT6AWCVoFuOefiq/oBXpLvgdrv3798vKmMyCKwqfgCPwWqQ69f9zgIA0B3vOUapmk4U2CfqqDOgqfojpmQ98coApWC+VN8+MjLypZdewqr7Ih9//DHx1gA8QFrcmJycfPbZZ8PDw61Wa2Njo7ToobTD9l9pn+aqTE/+yy+/PHjwIH78xIkTR48elYVUOS9xpxjLke5CQkLCiRMn2Jvo9a4Er/r8sgFSB1TK9RPX6Idcv3pX//jjD6PR+MsvvyCEpqamIiMjf/zxR+IjxDsLAGBN4T3H0DTtZeroRB11pQI8NssolDEk64lq/0TBfJ7nnU6nqLrvcrmkgvY8z/f8F/bVAyLl5eUhISFDQ0MdHR0tLS1e7ajUrpfaUboq05PPy8uz2+3404LW1tb8/HyZHeK8yp2iLUe5KT5BPCcMfX6ZOL/SAfVy/QytfqRarl+9q1artbq6uqKiAiFUU1OTnZ39zDPPIOZpB4C1C/tPNBma9jJNeKKOOlHVSmCq+rMl64m660rBfJnqfmdnp/RKAqIdhviYwWDA/mB9e5odX2XE2K5KH8nMzLx48SLul20KcV7lTtGWo9wUog8yvN6VQNTnV4rzKx1QL9dPPI1+yPX75Ori4mJKSkptbW1MTAxWiKCddgBYy3j5G0yGpr20xkLTUacpwDNU/Rna70TddZpgvlR132KxSK8k8Em//datW8vLy1J/2HbUa9djGK5KycvLa2trO3z4cFtbW3Z2tuzzBtq8sp1iLIco9a8S2jkh6vMrxfmVDvgk18/Q6keqt9snVzds2HD27Nn9+/c3NTXFxcWJnV7vOwCANYj3Wtn58+e//fbb9PT0xcXFysrKN998kzZSqaNOqx4E8BtlWDDf4XA4HA6n0+lwOPwztcrJz8///vvvEUJtbW3KQtnKWeEXumjnZHh4WNSjxPr8NpvNbreXlZUNDw8zHKAZ1E6uX72rCCG32x0UFOR2u3EP1MoAgIBP73qImvYiRB11YvWAreqvslYm1V1XCuazryQg2rl9+3ZQUJC0ZiWtlWEBYFqtDNuh+U+zr/72BEEQ0tLSOjo6IiIisB0MrVYms0BbDlHqn+iDmp9idX2aPr9SnJ/mgMygyvsa/JDrV++qIAizs7OPP/74hQsXoqKi+vv7xU6olQGAEi85Ro2mvQhRR50IW9VfoEvWI4ruulIw32uOIdrJyMgoKSlxu92Dg4NZWVn4kYKCgry8vNHR0b6+vvT0dGmOIdqhadcT7au/PUEQhJqamvT0dHwNgfD/UvzKeYk7RVwOTepfaUE6o9e7Etj6/FicX+mAerl+NTlGjVy/elcFQSgrKyssLBQE4eTJk3v27KE9BQCAlxyjRnZehKijToSt6i8wJeuJuutKwXyvbw7q6+uVdoaGhvbu3ctxXGpqalNTE37E7Xbn5ORwHJeYmHj69GlpbiDaoWnXE+37dHuCWAbETa9a+sSdIi6HKPVPdI/YZNyVoBKZA+rl+r3mmIDL9ff09HAcJ743mp+fT0xMbGlp8ckCAKwdfKuVBYTk5OTu7m5ak8YquYhwYGAgNjZWr9l5njcYDLLvUK0EvByVuyAjgJvinwNeWSXHBgDWLDpo+z/Sqv4OhyMpKUmv2dvb27OysgKofIWXo/su6O4AAABaoNv9MY8QH330UXx8fG5u7sjISHV1dU1NjS5uzM3NnT179oUXXlihnUAt5/79+11dXRaLZYX+AADwb0bvN1Jq0bHoYbfbd+3aFRISsm3bts8++0wXHwRBCAkJyc/PV/5Zoq8EajnFxcVRUVGXLl1aoT+aArUyANCXwN+1DAAAAAAiOt+DCQAAAPyLgRwDAAAAaAXkGAAAAEArIMcAAAAAWgE5BgAAANAKyDEAAACAVkCOAQAAALQCcgwAAACgFZBjAAAAAK2AHAMAAABoBeQYAAAAQCsgxwAAAABaATkGAAAA0ArIMQAAAIBWQI4BAAAAtOI/zTWkghnEuVcAAAAASUVORK5CYII=) --- **Screenshot:** ![preciseshoes.com vulnerability](/twimages/screen-1096776.jpg) **Mirror:** [Click here to view the mirror](<http://1096776.openbounty.org/mirror/>) ### Coordinated Disclosure Timeline Vulnerability Reported:| 19 February, 2020 19:15 GMT ---|--- Vulnerability Verified:| 19 February, 2020 19:29 GMT Website Operator Notified:| 19 February, 2020 19:29 GMT a. Using the ISO 29147 guidelines| ![](/images/done.png) ---|--- b. Using publicly available security contacts| ![](/images/done.png) c. Using Open Bug Bounty notification framework| ![](/images/done.png) d. Using security contacts provided by the researcher| ![](/images/done.png) Public Report Published [without any technical details]:| 19 February, 2020 19:29 GMT