logo
DATABASE RESOURCES PRICING ABOUT US

cegepdrummond.ca Cross Site Scripting vulnerability

Description

Open Bug Bounty ID: OBB-1109552 Following coordinated and responsible vulnerability disclosure guidelines of the **[ISO 29147](<https://www.iso.org/standard/45170.html>)** standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence. Affected Website:| **[cegepdrummond.ca](<https://www.cegepdrummond.ca>) ** ---|--- Open Bug Bounty Program:| **Create your bounty program now**. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| **[XSS (Cross Site Scripting)](<https://www.owasp.org/index.php/Cross-site_Scripting_\(XSS\)>)** / CWE-79 CVSSv3 Score:| 6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N] Disclosure Standard:| Coordinated Disclosure based on **[ISO 29147](<https://www.iso.org/standard/45170.html>)** guidelines Discovered and Reported by:| **g0bl1nsec ** Remediation Guide:| **[OWASP XSS Prevention Cheat Sheet](<https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.md>)** Export Vulnerability Data:| Bugzilla Vulnerability Data JIRA Vulnerability Data [ Configuration ] Mantis Vulnerability Data Splunk Vulnerability Data XML Vulnerability Data [ XSD ] Vulnerable URL: ![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAAA3CAIAAABVZQ1/AAAACXBIWXMAAA7EAAAOxAGVKw4bAAARXklEQVR4nO2df0xT1xfA37BIhQdKaStCjcA2NMQwsjDmNrcZNc65xtQMf8yxiZMgM+hIo07Z4hguaBRc5hZmFk2cWeb+cMaQxbilc0tHOn92BSsCgsFaCsOK4KrWWnjfP26+L8/37r19hZZfPZ+/em/PPfeec897p71tT5/iOI4BAAAAgDAQNdoLAAAAACYskGMAAACAcAE5BgAAAAgXkGMAAACAcAE5BgAAAAgXkGMAAACAcDF2c0x6enpDQwOpCUQaEAATlYjd2QgxfIzmmCtXrgwODj733HPYJhBpQABMVCJ2ZyPH8AA55ubNm/Hx8din+vv79+zZQ2oOk7q6uuXLl5OakcDNmzcTExNHexXDIoQmhDsARHEuJ5hDEvAjv8uUK3pU1PI7e/fu3fXr12s0mtTU1I8//vjx48ehXmMAgjJh+G6MnHva0N/H9PX1VVVVkZrDBHIMIGSEA0BOMIc24CMWfmcLCwt9Pp/NZjt79qzFYtm1a9doLy28RM49bSyelXV1dbW2ti5YsADbBCINCICJCr+zDx8+tFqt3333XWpq6uzZsw8cOHDixInRXh0NhUKRmZk55OERFdKycsxXX32Vnp6elJT03nvv9ff3MwzT39+flpbm8Xieeuqp77//Xtg8cOBAfHz8/v37p0+fnpiYuG7duocPHyI9Fy9efPXVV+Pj41NTU99+++1r165hp6urq1uyZEl0dLSouWLFiv3796POhoaGmJgYtBiGYTZu3Lht2za6wLPPPksfLlrGwMDAzp07p0+fHhcXt3Llyjt37jAM8+jRow0bNsTHx8+aNeuzzz4bGBhAwl1dXW+99VZ8fHx6enpNTQ1/ACKVR++ysf7p7Ox844034uPjZ8+e/eOPP6JOJL9nzx6NRjNjxowjR44wkrfq/JEL6q+pqUlPT4+Li1u9evWdO3e2bdum0WiSkpLWr19///59+WIMw9y/f3/jxo0ajWbmzJmff/45slc4PDEx8d133+U9iTVBjmMvXrz40ksvTZkyRaPRrFy5srOzUxoPWFeQdkQabCSniRDFNnZhIhnsdFjbKS4iGSIiKCdgXc3grmiSEux0QamlLI/f2SlTpty6dSsuLg71t7W1paSkkPaRvumizQpq/RQTRKSmpl6+fJlv/vrrryRJrIDwFic/csYpgXOMx+Ox2WwWi+XChQsul2vHjh0Mw0ydOrW5uZllWa/XW1BQIGyuWLHC4/FcuHDh0qVLly5dslqt+/btQ6r0en1hYaHD4aivr58/f75SqcTOSDoo0+v1JpMJdf7yyy+Dg4NnzpxBTZPJtGzZMrqAwWCgDxctY9++fSaTyWQytba2pqSkNDU1MQxTWVn54MGDxsbGM2fOmM3mQ4cOIeHS0tLJkye3tbWZTKZjx47xSrDyJP+UlpYmJCQ0NTWdPn1aePfxeDzNzc12u/3o0aPz58+Xs1/19fU2m83lcs2ZM8ftdjc2Np47d66jo6O8vDwosS1btrhcLqvVeubMmbq6utraWn54Y2MjigqHw8HLk0wI6Fir1VpcXNzd3W2323U6XWlpKS8vjAepK0g7IjPYpIhiG7swkUxQ05FcRDJEinwnYF2NvaIpSqTTBaWWohl7XtTS0rJ169bq6mrUxDqWpBC7WTLXTzFBI0G05sLCwkWLFgmzDs/FixcXLVpUWFgo7BQaPuRAHTdwVDo6OhiGuXfvHmpaLJaMjAz+KZZlhZKoiYY4HA7Uf/LkydzcXI7jent7FQqF1+uVzuJwONLS0tBjj8fDsmxvb6+06XK5YmNjkYa8vDyj0bh27Vo0Y0JCgs/nows4HA76cNGqtFqt1WoVdarVao/Hgx7bbLa8vDyO4/x+v1KpvHHjBm/ytGnTSPIk/yAlwn6kBMnzDiE5Xyjc19eH+uvr66Oioh48eMBv3zPPPCNfzO/3syzL21VXVzdv3jxOEhX19fUoKkgmyHGskLa2tuTkZPRYGABYV2B3BBtsJKdhnxI2sQsTylBiWwTFRVhDpMh3AodzNeWKxirBTheUWpJm0ZWOcDqdGRkZP/30E2qSHCvHV2izZK6fboJTgmisx+OpqqpSqVSrVq1qbW1Fna2tratWrVKpVFVVVfxqRYbLj5zxiyJgEmJZlj9hSElJ6e3tDThEqVTOnDkTPZ4zZ47D4WAYJjExMT8/f968eQsXLkxJScnNzX399dd5tRaLBT3+7bff8vLy+EMMYXPGjBmZmZkWiyUrK8vlcu3atSszM3NgYMBkMi1evDg6OpouMHPmTPpwoQn9/f29vb3Z2dnCzrt377rd7rS0NNQcHBxUKBQMw/T09AwODqanp/Mm0+Wx/unp6WEYRtgv3AL53z5iWXbq1KnosU6nS0hImDJlCu9nt9stX6ynp8fn8wntQtch82RU6HQ6FBUUE3iwjmUY5p9//tm+fXtTU5PP5xscHBwcHET9ongQuYLkYUqwBQtpYUJI0wlf8N6+fZshu4hkiFSDfCeQXI29oklKpNMFpZaiWbSziPz8/LKystWrV1McS1kqdrNkrp9iQmpqqlRYSFxc3M6dO0tKSj744IOsrCz0pbisrCy9Xn/jxg3+QkMIDQ9hoI5ZAueYEHL8+PHLly/b7XaXy2U0Gl9++eWvv/6aYZhJkybNmDEDydC/UbZs2TKTyXTjxg29Xj916tScnByz2Sw86aILBBwuYtKkScKm1+uNioq6dOkSH9NRUbTDRqy8z+cLxmcTE5FjGYYxGAxFRUWHDh1SKpVOp3Pp0qWon/71G8qOSINt69atQ1gqaWEisLFts9lkzkIyRI4GelhKXT0EJVJkqqVolu5sV1dXY2Pj33//LeyUOra8vJy0VJmbFdT6mSczPYLP9zzt7e27du0ym82VlZWop7Kysrq6etOmTZWVlU8//TQvKTKcdFecONDf5gzheEF0FnTq1Cl0FiTCZrPpdDpRp9/vV6vV/OGMqMlxnMViycvLW758+enTpzmOq62t3bJlS3JyssvlkiMQcLgQrVZrs9lEnSzLSt9lowOQjo4O1BQegEjlSf4RnaKcOnWKP/6Sntvcu3cvKipKeFqFFRbuF/fkkZocMcpZGXY4yQQRUsf29PQoFAq+abPZeIXCAMC6ArsjIlCwkZyGtQg1SQsjLUY4HfYpiovkGEKalzRW6mrK1mOVYKcLSi1Ws/TSRp2iHhG8Y7FLxW6WzPXTTQh4VlZSUsKyrNFodLvdwn63211WVsaybElJCcVwqYETiaHnGI/Ho1Ao+MNHvonuofn5+U6n02635+TkVFRUcBzX1NS0dOnSs2fPut1uh8NRVFSk1+t5zehE0mw2z507l+8UNRFarVar1SJ5p9OZkJCQk5MjX4D+rPBgtKqqKi8vr7Gx0el0lpaWms1mjuNKSkrmzZuHXnTs27evsrISCefn5xsMho6ODrvdnp2dzXtJKk/yD8dxBoNB2E/JMRzH5eXlFRUVdXd3t7a2zp8/Pxw5huO4oqKi5cuXOxwOu93+/PPPHzx4kD4ca4Icx2q12tra2r6+vtbWVoPBgAaKAgDrCuyOkIIN6zSO4+7du6dQKJqbm/1+P/dkbGMXJpKhx7YIkotIoSVCvhOwrqbsHVYJdrqg1GI1Yy9t7sk4oTiWZK90s2SuX2qpyAQ6BQUF/EtMKR0dHQUFBeixyPCgImecMvQcw3FcRUVFbGzs0aNHhc2amhqWZffu3avVaqdNm/b++++jD5N9Pl9FRUVmZubkyZO1Wm1BQUF3d7dolq1bt5aXl/P6RU3E2rVr8/Pz+WZubq5Ihi5AeVZkrN/v3759u1qtViqVBoMBvULxer1lZWU6nS42NnbZsmX865Hu7m69Xs+ybFpa2t69e4X3VpE8mkXqH47jnE7nkiVLWJbNzMysrq6m55i2traFCxeyLJuVlXXw4MEw5RiPx1NcXKxWq3U6XUVFBboF01/xBTQB61iz2Zybm6tUKpOTk41GIxooCgCsK7A7Qgo2rNMQO3bskAbz0aNHsQsTyVBiWwrWRSRDpMh3AtbVlL3DKsFOF5RarGbspS29rZMcS7JXulky1y+1NKgcIx+R4UFFzjglQI4ZApQzhIBkZmaeO3eO1BwvNDc3a7Va0rPD8U+kMU4DAAhIxO5sBBo+op/5B6SlpYXSHC/YbLaMjIzRXsVEYJwGABCQiN3ZCDR8LNaSGY/s3r37yJEjt2/fPn/+fHl5eUlJSThmaWho+PDDDykCjx8/fuedd/7991+ZCiOkujgAAKMF5JjQsGDBgtraWp1OV1BQsGXLlnXr1oVjlsLCQv5nAViio6MnT54s80u6kVNdHACAUSMkJ25yPmNAdWpl6gnTB25ypqYjx4rh6KfM6Ha7o6KihF+88Xq9a9asEam1Wq38b9HpfPHFF6WlpUNYkpBQbT0AABOS0LyPmTVrFv8DchJjvBa6HBOY0bCCn9Hj8cTGxsbExKD+R48eLV261O/3i+RVKpXH45GjOSTVxSfA1gMAED5CdlbG3/uGA18xe5ils4dGSEwYMbq7uxcvXsyXDgyWEFYXH19+AwBgJAmcY6R1sKXlsvmq6aTC9dJa6Nhq2HzF7NTU1PPnz6NO+XWzSVWygzJh+FZQytTzkGr+i4qQC2f8+eefhRpmzZr1ySef0D1DchQjo7o4tv55+LYeAIAJSeAcQ6rjTao2jy1cL62FTqmGLUJ+3WxSlexgTRimFZQy9Tykmv+iJYn+NCGgr0hIC4wHrC5OqX8+YlsPAMC4J+AnNqQ63sJy2QEL+3OSD4ex1bCxyKybTamSHZQJobWCrwYvGkiq+S8qQs496Vvpp+vSTlEPtsC4nOrilPrnI7b1AACMdwLkmL6+PoVCgSqI8FDuax0dHUqlku9vamrif/GOvUX29vYaDAZhJTsSIkmFQmEwGPh/QEGsWbMmJyfHaDRWV1f/+eefQzNh+FZYrdbFixenpKSo1WqVSiWtp4Jqhqv/j0ql0mq1pC9oDTPHYB118uTJhQsXUvyGdRp9uvBtPQAA4xdZn/kHVQdbPu3t7aggHV8NW74kKqu3adOm9vZ2Xuz48eOHDx/Ozs72+XxGo3Hz5s3hNgG7NoPB8Nprr5nNZpvNdvr0aekQvtq5zWaz2WyNjY3yi8AHC9ZR0uriWL+NpNMAAJiYBMxCAet4c+QDE2Fhf9EoUjVsKfLrZgsRVskOyoRhWkGqBi8aiK35H473MZzEUTKri8upf86FeesBABjvBH4fU1ZWVlxcfOXKlc7Ozs2bN//1118BhxiNxs7OzqtXr1ZUVOj1etSpVqu9Xu/169dR0+Px2O32mpqapKQkujaSZFJS0pdffmm329HPQa5du/bmm2/+8ccfd+7cuXXr1jfffJOTkzNkE4ZshUajUalU3377bX9///Xr1ysqKlC/SqXyer0tLS0DAwMMwxQUFGzatOnq1atdXV379+/fvXs3aRn8jFFRUdJfw0jx+/38fzdhHWWxWJKTk/l/tyT5bSSdBgDAhCVgFgpYx5uTvNbGFq7nJP8FEFooVbKDMmH4VpCqwQurx5Nq/mMVohkPHz6sVCpFH5JLR504cSI7O5viKJnVxeXUP+fGxtYDADBmeYrjuBBmrJs3b86dO/e///4Loc6RZ8xa8dFHH9nt9t9//50k8OjRozlz5nz66acbNmwgycyePfvYsWMvvvhiaNc2Zp0GAMAoMrZq+wN0qqur6d8OiImJ+eGHH1555RWKTARWFwcAYLSAusvjiejo6BdeeIEuQ08wAAAAIwnkGAAAACBchPjzGAAAAADggfcxAAAAQLiAHAMAAACEC8gxAAAAQLiAHAMAAACEC8gxAAAAQLiAHAMAAACEC8gxAAAAQLiAHAMAAACEC8gxAAAAQLiAHAMAAACEC8gxAAAAQLiAHAMAAACEC8gxAAAAQLiAHAMAAACEC8gxAAAAQLj4Hyd6La9Q1FN+AAAAAElFTkSuQmCC) --- **Screenshot:** ![cegepdrummond.ca vulnerability](/twimages/screen-1109552.jpg) **Mirror:** [Click here to view the mirror](<http://1109552.openbounty.org/mirror/>) ### Coordinated Disclosure Timeline Vulnerability Reported:| 3 March, 2020 16:44 GMT ---|--- Vulnerability Verified:| 3 March, 2020 16:57 GMT Website Operator Notified:| 3 March, 2020 16:57 GMT a. Using the ISO 29147 guidelines| ![](/images/done.png) ---|--- b. Using publicly available security contacts| ![](/images/done.png) c. Using Open Bug Bounty notification framework| ![](/images/done.png) d. Using security contacts provided by the researcher| ![](/images/done.png) Public Report Published [without any technical details]:| 3 March, 2020 16:57 GMT