logo
DATABASE RESOURCES PRICING ABOUT US

danacisucuk.com.tr Cross Site Scripting vulnerability

Description

Open Bug Bounty ID: OBB-1099185 Following coordinated and responsible vulnerability disclosure guidelines of the **[ISO 29147](<https://www.iso.org/standard/45170.html>)** standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence. Affected Website:| **[danacisucuk.com.tr](<http://danacisucuk.com.tr>) ** ---|--- Open Bug Bounty Program:| **Create your bounty program now**. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| **[XSS (Cross Site Scripting)](<https://www.owasp.org/index.php/Cross-site_Scripting_\(XSS\)>)** / CWE-79 CVSSv3 Score:| 6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N] Disclosure Standard:| Coordinated Disclosure based on **[ISO 29147](<https://www.iso.org/standard/45170.html>)** guidelines Discovered and Reported by:| **geeknik ** Remediation Guide:| **[OWASP XSS Prevention Cheat Sheet](<https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.md>)** Export Vulnerability Data:| Bugzilla Vulnerability Data JIRA Vulnerability Data [ Configuration ] Mantis Vulnerability Data Splunk Vulnerability Data XML Vulnerability Data [ XSD ] Vulnerable URL: ![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAAA3CAIAAABVZQ1/AAAACXBIWXMAAA7EAAAOxAGVKw4bAAAPyUlEQVR4nO2df0xT1/vHr1hZgVvlN9jWQIkBQgguhjCWoHNq1DBCOkTcDzZxI44QZhhxDiFhjC3ImJiNOLMsLlH+2PjDEEOIYYRsSUeIE4Z3XcewQVY7hIYUpK4iYOF+/7j53Nzvveec3kLLxfG8/vLcnvuc55znlMc+t32fTSzLUgAAAAAQAIKUdgAAAAD4zwI5BgAAAAgUkGMAAACAQAE5BgAAAAgUkGMAAACAQAE5BgAAAAgU6yLHGAyG33//HdcElAXCAQDAilE+x/zxxx/Ly8u7du1CNgFlgXAAALAavOSY+/fvazQa5Esul+v8+fO4pnw6Ozvz8/NxTd6NiIiIFRj3CcJkn9GByMgJmTAcDx8+PHnyZExMjE6n++ijj54+ferriB988EFISMi1a9d8uotfrrXZBrjRCax48wPAfx+WiM1mo2lazkuEnmSysrJ6enpwTd54eHj4Coz7yvz8/BqMsuK1Wns3hOHIz89/4403xsfHR0ZGcnJyqqurfRrO6XQGBQUxDOPxeFbm55ptAxFed8U6CSgArEMUrpVNTk5ardZ9+/Yhm2vPc889p9TQ6xBhOJ48eTI0NPTtt9/qdLqUlJSLFy9ev37dJ2tutzs0NHTXrl2bN2/26UaVSpWcnCz8xxoDuwIAVoysHPPVV18ZDIaoqKi33nrL5XJRFOVyuRITE91u96ZNm65duyZsXrx4UaPRfPHFF3FxcRERESdOnHjy5AnOcmdn56FDh7Zs2SJtPnjw4PDhwxqNJiUl5fvvv+dvGRgYePHFF0NCQmJiYo4dO/bgwQPqfwWNlpYWg8EQERHx5ptvcn7i+lMUtbS0dO7cubi4uLCwsGPHjk1PTwurIgMDA3v27NFoNDqd7ujRo3/99RclKZsISzdkaxS+zvPnn39GRUX98ssv0pekNimKevz48XvvvRcTE7Njx45PPvlkaWlJNP2wsLDjx49PT09/+OGHMTExUVFRJ0+efPz4sci4NGTnz5+PiYnZvn37d999Jw1HSEjIP//8ExYWxr00Ojqq1WpxCyVlenpauGFwE0Fe1+l0v/32G0VROp3u119/5br9+OOPyIGE8H2QTiKXl1tJ4VIIK3XIjS16L3j1CgA2FN5zjNvtZhimv7//9u3bExMT1dXVFEVt27ZtZGSEpun5+fni4mJh89VXX3W73bdv3x4cHBwcHBwaGmpubsYZJzyMqaio2Lp16/Dw8M2bN4U5Zmho6NSpUw6Hw2Kx6PX6iooK3k+z2cz5abfba2pqyP2bm5t7e3t7e3utVqtWqx0eHhY6lpeXV1JSYrfb+/r6cnJy1Go1eZXI1nC4XK6CgoKmpqY9e/bItHn69OmJiYmhoaHu7u7Ozs7Lly/z02cYpq+vj2GYiYmJ1NRUp9NpNptv3bpls9n41eCRhmxkZMRisVy9ejUnJ4frg3w2RlHU3bt3z5w5c+HCBdxCxUiIiooSbhjCRHDXRZSUlBw4cIDLPVIGBgYOHDhQUlLCNZFO4kKGXAr+JenGFr0XkP4AwMaFXEqz2WwURT169Ihr9vf3JyUl8S8hn8dwt9jtdu56R0dHZmYm92+73Z6YmMjf4na7aZqemZmRNj0ej1qtFhpBFuJHR0fj4+Olfvb19fF+IvuzLBsbGzs0NCSaLDeFmZkZlUolrcJLp8x7RbAm7cy/lJubW15eLvUTZ9Pj8dA0PTY2xjU7Ozuzs7P56c/OzvLTDwoKmpub45r9/f07d+6U2heFjA8Ehyg6POPj40lJSe3t7Sx+ocYliBYENxHcdSlut7uxsTEyMrKoqMhqtfLXrVZrUVFRZGRkY2Oj2+0mOCldXuRSyNnY8DwGAHCovCYhmqb5mo9Wq52ZmfF6i1qt3rFjB/fv1NRUu93O397f38936+npycrK4itIwubU1BRFUUIj/F137tw5e/bs8PDw4uLi8vLy8vKy1E+9Xs/7iezvcrlmZmYyMjKQ/kdERBQWFmZnZ+/fv1+r1WZmZr700kuE+ZKt4aitre3u7r5y5Yp8m1NTU4uLiwaDgWumpqZyf/goiqJpetu2bdy/9Xr91q1bQ0JCuKZWq3U6nWRnaJoWlfJE0eEpLCysrKw8fvw4hV8onU5HHg43EcIERYSFhZ07d66srOydd95JS0vjv+SWlpaWl5c3NjbGrwbSSULIpEvBg9vYAADgWNNn/ps3b96+fTvflPOtZSlGo3Hv3r0mk4lhmJs3b66mP+Hh8w8//HDlypWMjIzFxcWqqqr333/f60A+Pcqem5vr6Ohob2+vrq7mHx2t0qZ/QYZjcnLSbDYLVwO5UNJaWSA8vHfvXkVFhclkamho4C82NDSYTKby8vJ79+6RnaQUXV4A2CiQP+bIKfiImqKSwo0bN/iSghCPxxMdHc1XRaRNYa3sxo0b3LhTU1MqlYo3wjAMdx3nJ64/y7KxsbEMwxAmK7xLr9ezLPvo0aOgoCBhRY5gjdDZZrOpVKrh4WGWZfPy8ioqKqSDIm0SamW4MEmb0vlKJy4Kh/C69CIPv1BrUCsrKyujabqqqsrpdIpecjqdlZWVNE2XlZURnJQuL3Ip5GxsqJUBAI6V5xi3261SqfhSON/k3oqFhYXj4+MWi+X555+vr6/nLfBlcZPJlJ6ezl8XNVmWNRqNQiPCv+aXL1+enZ21Wq1Go5GcY3D9WZZtbGzMysoym83j4+Pcf4d5I8PDw0eOHPnpp5+cTqfdbi8tLc3Ly+PuysrKKi0tdTgcVqs1JyeHYI3QWejtyMiIWq02m82i9cHZLC0tzc/Pt9vtFotl9+7dra2t5OmLmkL7wpCJ/kRKwyGNIHmhpIhGQU6EcF1EcXGxzWbDjcUNV1xcTHASubxecwxyY4veCwAA8Kw8x7AsW19fHxoaevXqVWGzpaWFpummpqbY2Njw8PC3336bf/gstHbmzJmamhrelKjJsuz4+PihQ4domk5OTr5w4QI/rslkyszMVKvV8fHxVVVVXnMMsj/Lsh6P5+zZs9HR0Wq12mg0Op1O3sji4mJ9fX1ycnJwcHBsbGxxcbHD4eDuGh0d3b9/P03TaWlpra2tBGuEziJvT58+vXfvXul1pE23233q1Kno6Gi9Xl9fX8/9nlFmjpH+ARWGTHhdGg6kZcJCIe8VjoKcCOH6isE5iVxeco7BbWxW8l4AAIBjE8uy/i2+3b9/Pz09/d9//yV3S0lJaWtre+GFF5BNQFkgHFJkbmwAAIR4/15ZgLh79y6hCSgLhAMAAL+gsJYMqPqvQxSPguIOAADgL5TMMaDqvw5RPAqKOwAAgB/xf45JSEiQWbNe2e9jVom/dPXXQJ9fEcV4YRQWFhZef/11wjQDsQh+2QaBEOSXv7GlbihyKgEArAeU/ByjSI55hpidnW1sbFzjQfkoLCwsHDlyxOPxEDonJCR4VRBYsQOrQY5jiiwvAGw0FMsx603VH6D+fxQcDsfBgwc54UsC/tW99+M2WA+C/IqfSgAAiuM9x0h10aX65xRGKZ0AQdWfIF+PPDJgYWHh3Xff1Wg0CQkJH3/88dLSEkHqn+Pzzz8X2SFI8U9OTr7yyisajcZgMLS0tAiLHlI7ZP+l9nGuihTjv/7668OHD/O319bWnjhxQrSk0nGRkSJMRxiFhISE2tpachC9nobgVYFf1EHogExBfuQcVyDIL9/Vv//+Oyws7M6dOxRFTU9PR0RE/Pzzz8hbkKcSAMCGwnuOQeqiS/XPkUrpBN0qQqGMIF+PPDKgoaFhbm7ObDZ3d3ebTKZvvvmGwkv9cy8N/g/y0QMcFRUVwcHBo6Ojvb29bW1tXu3IVKcX2pG6KlKMNxqNJpOJfx7Q2dlZUFAgsoMcVxop3HSkQfEJ5D4hKPCL5PelDsgX5Ceo8VOyBfnlu2owGGpqaiorKymKqqury83Nffnll6m1UmkDgGcM8k80kbroSCl4pFI6UreK9abqT5CvRyqrR0dHcyruLMsyDJOVlUWQ+sfZwf1UnlNO4/3hTxnA2fFVUozsqvCW7Ozs69ev89dFQUGOK40UbjrSoCB9EOH1NASkAr9Ufl/qgHxBfuRuXIEgv0+uLi4upqam1tfXR0dH89IGuN0OABsZL7/BxIm3i/TPcUrpOI13sqo/Tt0dqaz+8OFDp9OZmJjIXV9eXlapVBRe6h9nB8fU1NTy8rLQH7Id+er0PARXhRiNxq6urqNHj3Z1deXm5oqeN+DGFUWKMB2cmL8ccPsEqcAvld+XOuCTID9BjZ+SHW6fXN2yZculS5cOHjzY2toaFxfHXfR6ogEAbEC818rkq9xLldJx1QM/fqNsfn4+KChocHCQYRiGYcxmM8MwKzO1zikoKODOJujq6pIWylbPKr/QhdsnUgV+pPy+1IG1F+SX7ypFUQ6HIygoyOFw8FegVgYACHz61MPpoiPrJ0ildGT1wKuqv5xamVBZnaZpn86gRNrBSfFzxSVe4hdXK+Pt4PzH2Zd/egLLsunp6b29veHh4bwdHlytTCraj5wOTsxfZq1MBK+fj1Pgl8rv4xwQGZR5IsMKBPnlu8qy7OzsbHx8fHt7e2RkJHdGAwu1MgBA4SXHIHXRke9qpFI6Eq+q/jj5egqjrF5WVpadnW2xWCYmJpqbmxsaGrzmGKQdnBR/YWGh0Wi02WwWiyUjI0OYY5B2cOr0SPvyT09gWbauri4jI0Oony98YiEdFxkp5HRwYv5SC8IRvZ6GQFbg5+X3pQ7IF+SXk2PkCPLLd5Vl2fLy8qKiIpZlP/vss3379uHuAgDAS45B6qIj39VIpXQkXlX9CfL1SGX1+fn5yspKvV4fGhqam5s7Njbm9cNBc3Oz1A5Oit/hcOTl5dE0nZiY2NTUJMwNSDs4dXqkfZ9OT+DKgHzTq1o+MlLI6RDE/JEn0YmaPon8IxE5IF+Q32uO8bsg/+DgIE3T3Gej+fn5xMTEtrY2nywAwMbBt1qZX0hOTr516xauiWOdHDU4MjISGxur1Ohut1utVou+Q7Ua+OnIjIIIPwZlZQ54ZZ1sGwDYsCig7f9Mq/ozDJOUlKTU6D09PTk5OX5UvuKno3gUFHcAAIBAoNj5Mc8Qn376qVarzc/PHxsbq6mpqaurU8QNl8t16dKl1157bZV2/DWdp0+f9vf36/X6VfoDAMB/GaU/SMlFwaKHyWTavXt3cHDwzp07v/zyS0V8YFk2ODi4oKBA+rNEX/HXdEpKSiIjIzs6OlbpT0CBWhkAKIv/z1oGAAAAAA6Fz8EEAAAA/sNAjgEAAAACBeQYAAAAIFBAjgEAAAACBeQYAAAAIFBAjgEAAAACBeQYAAAAIFBAjgEAAAACBeQYAAAAIFBAjgEAAAACBeQYAAAAIFBAjgEAAAACBeQYAAAAIFBAjgEAAAACBeQYAAAAIFD8H7PuQhTabyuCAAAAAElFTkSuQmCC) --- **Screenshot:** ![danacisucuk.com.tr vulnerability](/twimages/screen-1099185.jpg) **Mirror:** [Click here to view the mirror](<http://1099185.openbounty.org/mirror/>) ### Coordinated Disclosure Timeline Vulnerability Reported:| 21 February, 2020 15:28 GMT ---|--- Vulnerability Verified:| 21 February, 2020 15:41 GMT Website Operator Notified:| 21 February, 2020 15:41 GMT a. Using the ISO 29147 guidelines| ![](/images/done.png) ---|--- b. Using publicly available security contacts| ![](/images/done.png) c. Using Open Bug Bounty notification framework| ![](/images/done.png) d. Using security contacts provided by the researcher| ![](/images/done.png) Public Report Published [without any technical details]:| 21 February, 2020 15:41 GMT