logo
DATABASE RESOURCES PRICING ABOUT US

irandrupal.com Cross Site Scripting vulnerability

Description

Open Bug Bounty ID: OBB-1110040 Following coordinated and responsible vulnerability disclosure guidelines of the **[ISO 29147](<https://www.iso.org/standard/45170.html>)** standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence. Affected Website:| **[irandrupal.com](<https://irandrupal.com>) ** ---|--- Open Bug Bounty Program:| **Create your bounty program now**. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| **[XSS (Cross Site Scripting)](<https://www.owasp.org/index.php/Cross-site_Scripting_\(XSS\)>)** / CWE-79 CVSSv3 Score:| 6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N] Disclosure Standard:| Coordinated Disclosure based on **[ISO 29147](<https://www.iso.org/standard/45170.html>)** guidelines Discovered and Reported by:| **kun-fly ** Remediation Guide:| **[OWASP XSS Prevention Cheat Sheet](<https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.md>)** Export Vulnerability Data:| Bugzilla Vulnerability Data JIRA Vulnerability Data [ Configuration ] Mantis Vulnerability Data Splunk Vulnerability Data XML Vulnerability Data [ XSD ] Vulnerable URL: ![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAAAjCAIAAADNIk3yAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAPS0lEQVR4nO2cb0xbVRvAL6WUUtoCHXTQgmuZMoILVkRkytAwMwkSUpWxqDgQCTLCGFlwAYITWWQExzLYQvgwDSMTjVkIEoNzIh9q0yBD7GqDtWFYatchKzCww9oB9/1wfM97c/+1ZXTwLuf36Z57znnO86f3Pveec08DcBzHEAgEAoHwA5zNVgCBQCAQDy0oxyAQCATCX6Acg0AgEAh/gXIMAoFAIPwFyjEIBAKB8BcoxyAQCATCX2zdHKNUKq9fv85URHgPct0W5Pr164cPH95sLRD/cu/evddff/3PP//cbEUeQrZojvnll1/W1taeeOIJ2iLCe5DrtibFxcUKhWKztUD8S1BQEI/Hq6mp2WxFHkI85Jjp6WmRSERbtbi4eOrUKabifTIwMJCXl0cqsihz/0xPT0dERPhJOBzCf/ozQXLdAzCTiaKioqcJPPfcc+sQsoE+XJ8r1q0A8QKZm5szGAzV1dVUgefOndu5c2dwcPCTTz75zTffkIYO+C+BgYFKpfLkyZOrq6ukKkh7ezuoCgwM/OGHH0iioO2kvnFxcXV1dffu3WOyl+S3c+fOKZXK0NDQZ5555vvvv6fVlirWo6Usg7JbRPVDQECASCT69ddfYePPPvts165dq6urxIGqq6uHhoYwxIaDs2KxWIRCoTdVLC3XQVpa2tWrV6lFl8u1UUOQsFgs4eHhfhIOh9hAF3kJcB0c+gGYyURqaipL0Us20Ifrc8W6FSB2ZDru6OhQKBRDQ0Ozs7O9vb0SiUSj0ZAkuFwul8u1vLys1+vT0tKamppIVZCVlRVQhWFYfHy80+mktZ0k1mg0Pvvssw0NDUz2Evt2dHTEx8cPDw87HI7Lly9HRkZqtVpvxHpjKdOg7BaBEU0mU3h4OHRFdXX1oUOHYOPk5OTu7m6WQCA2kK2YY+x2e3h4uNvtpi36iYcyx0DX2Wy2lJQUHMdtNltaWtqD1AGCcgzt7QyGBsdxmUw2PDwMu5w9ezY3N5dlaK1Wm5SUxK6VxWIRCAQpKSnl5eXEk6QcQ+yi0+kSExOZaol9SQp3dXVBhdnF+mopSWF2i6hFu90uFAotFguO44ODg/Hx8SABE52Pcoyf8Go9pr29XalUbtu27a233lpcXMQwbHFxUaFQOJ3OgICAixcvEotnzpwRiUQff/zx9u3bIyIiioqK/v77byDn2rVre/fuFYlEcrn8tddeI769EhkYGNi/f39QUBCpSHyxBcenTp2KioqKiYn55JNPgPw9e/aEhIRERUUdOHDg5s2boFlbW5tSqYyIiHjzzTeB/oCbN2++9NJLIpFo165dvb29TJJJb+7wrRycZ7KUpAm7h1dXV+vq6rZv3x4aGnrgwIG5uTkMw+7evfvuu+9GRUXFxcV9+OGHcFYEWhQaGnrw4MG5ubn33nsvKipq27Ztb7/99t27d6melMvlP/30E4Zhcrn8xx9/BLXffvutp8j/rw01dgcPHvzoo49gyz179ly8eBHDsFu3br388ssikUipVLa1tXmcj/JoJjVwHrsz+Z824kx4E8R//vnnnXfeEYlEO3bs+OCDD4jKE39CpOuFKAGGZnFx0W63Z2RkwKrMzMyJiQkWDfl8/srKCrsVGIZxOJyenp7u7u7vvvvOY2MMw3g8ntvt9tiMqnBJScn58+c9il2HpSR8tSgmJqa4uLi1tRXDsJaWltra2sDAQIzgfCreXB0Ib/CcY5xOp16v1+l0o6Ojdru9trYWw7CwsDCTyQTehQsLC4nFV155xel0jo6Ojo2NjY2NjY+Pg9BiGJabm1tcXGy1WrVabUZGBp/Ppx2RdjGGVjGTyWQ0Gru7u8HvdXx8vKysbGZmxmg0xsbGVlZWgmYGgwHob7Va6+vroYTKykqxWDwxMTE4OEi841AlsziH1lJaTVhobW0dGhoaGhoym80ymQxcb1VVVXa7fXx8/MqVKwMDA52dncSIaLVavV5vt9sTExMdDofBYBgZGbFYLEQDmVwHKC4u3rdvH9M1du3atX379hUXF4MiNXYFBQX9/f2g9tatW3q9Xq1WA6/yeLzJycmhoaGenh52w9nNZAqcx+5M/meKeBQFFiFEmpqalpeXDQbDlStXNBpNV1cXVJ74EyJdL7SGOJ1OPp8PH60wDBOLxUtLS0x+u337dkNDA/C5Rx5//PHGxsaSkhKmVA1ZWFg4ceJEaWmpR5lUhYOCgnbs2OFRrK+W0uK9RYDa2tre3t6vvvrKYrHAXzUL7FcHwgfYX3PA1OfS0hIo6nS6+Ph4WEU7Vwa6WK1WcL6vrw/MiszPz3O5XNoFFavVqlAowLHT6RQKhfPz89QiabYBwzDYjMrk5GR0dDRJf61WC/VfWVnh8/lEPcHLNVUy1VJiS6qltJpQ5RCRSqXj4+PEMysrK0KhcGpqChQHBgbS09PhoHfu3IEWcTic5eVlUNTpdI8++iitJ6k4nc7m5maJRFJQUGA2m+F5s9lcUFAgkUiam5vBlDdt7JaXl8ViMTC/s7MzLy8P/69XodrQqzjDXBm7mdTAkXzI1J0I9D9TxHEct1FgEkJSIDIyEq4KgAUSnOHH6XHqn3pyamqKNP+DYVhkZGRkZKREIuHz+eXl5SAoxCpAZWUlSezKykp6ejpYlqAub0CxHA4nOzubRSvi7x9W1dTUAAnE+wOTWG8sZZ8rY7eIWgSUl5fz+fzOzk6cDtKgTFcHwle4HpOQUCiEM0UymWx+ft5jFz6fHxcXB44TExOtViuGYREREfn5+enp6VlZWTKZLDU19fnnn4didTodOL569WpaWhqcYCEVSYqRzv/888/Hjx+fmJhwu91ra2tra2sk/WNjY6H+s7OzGIYR9WSR7JOlTJowsbi4OD8/n5ycTDw5OzvrdruVSiUUDi5aoF5YWBi0SCwWh4SEgKJMJnM4HOCYxXWA0NDQurq68vLykpKSpKQk+M1PUlJSbm7u1NQUHIU2diEhITk5Of39/UeOHOnr6wPPhrOzs2tra0S12R3IbiZt4LzpTut/lojL5XKqcI9BXFhYcDgc8BPktbU1LpcLlff1ozUul0ua+CIKBAgEAr1ej2EYh8ORSqVgwodUBYsk+YGBgT09PSqV6tVXX1WpVLRiMQybmpqqrq5ub28/evSo9wo3NDRUV1fbbLbs7GyPYr2x1BtYLKKloqKiu7u7pKTEG+FMVwfCVx7o/pjPP//8woULycnJbrf72LFjR44cAecDAwNjYmLAsZcTZbSo1erMzEyNRqPX6wcHBzdWeZ9YhybE+8WG4I3rbty4UVlZqdFompqa4MmmpiaNRlNRUXHjxg14kjZ2YLpsYWFhdHTU+zA9AHz1P+1cmUchLpeLw+GMjY3p9Xq9Xm8wGIh3eV8BM2nEe9nS0pJYLCa24XA4crlcLpfHxMSQfjCwCkCb4R577LHm5uaysjL4IELtu3fv3o6ODjhjKRAIXC4XWGcCOJ1OkMCICoeFhcnlch6PR8xtTGI9WsoyqJcW0SIWi7lcbnBwsMeWANqrA+ErfskxLpfrjz/+AMdms/mRRx6BVU899VRRUVFdXd2nn34KZ/Mhq6urX3/9NbxbkYrs3L592263v//++zt37pTL5UyLPRCpVIphGFFPppYSiWR5efmvv/4CRZvNxm6pr5qEhYVJJBLSVnypVMrj8X7//XdQNJlMPm3Z88Z1hw8fVqlU0dHRZrO5rq4Onq+rqzObzVKpVKVSEfeiU2OXk5Oj1+t7enpefPFF8M4hlUo5HM709DRUm13P+zSTtjuT/1kirqfgTRBjYmIEAsH8/Dy8k8JHpXUQFhYmk8m0Wi08Az4bW7dAWo4ePZqUlMS+QEh8z4iKipJIJCMjI7BWo9GAd26gMJyBwDBseHiY9DpOK9ajpSyDrs+idcB0dSB8hn0qjWkpAsdxp9PJ5XLhTCUsgsmK/Px8m81mNBpVKlVjYyOO4xMTE9nZ2eBTeqvVWlpaSvxaEUwrazSa3bt3w5OkoscZbalU2tnZeefOHbPZrFarw8PDWfTHcVytVhP1pM4yQ9LS0kpLS2dmZsxmc0ZGBnE9hmoprSY4ji8tLXG5XJPJBL6bJC5vNDc3p6WlGQwGm80GHp1wHC8tLc3Ly7NarUajMSUlpaOjgz0ixCLJdbQUFhaCrzmZsFgshYWFOGvs3njjDbFY/OWXX8Je+fn5arXaYrEYjcbk5GT29RhfzST5kKk7rf9xhogz4U0Qy8vL09PTjUaj3W5vbW0l7lYhSSNeL1arlc/nU0eEu0YcDscXX3zhcdcIqYppfwx18UMoFNLuj3G5XBMTE5mZmRUVFbD9+fPnExISNBoN2AQjkUjgJhi4P2Z2dvbSpUsSiUSn03kjlt1S9kE9WoQzrMewf508OTlJ7OLx6kB4yfpzDI7jjY2NAoEA7GaCxba2NqFQ2NLSIpVKw8PDDx06BFak3W53Y2NjQkICj8eTSqWFhYUzMzOkUWpqaurr66F8UtFjjtFoNKmpqXw+Pzo6+tixYx5zjM1m279/v1AoTEhIOH36NEuOmZyczMrKEgqFSUlJHR0dxJZUS2k1Aedra2uBx6hr18ePH4+MjOTz+Wq12uFw4DjudDrLysoiIyNjY2MbGxtpbxlMOYbkuvuEJXb9/f1CoRAajuP4zMxMbm6uUChUKBQtLS3EHEOE+LDik5nQhyzdmfxPG3EmPAYRx3Gwvy82NlYgEOTk5ICvD5juZfB6cblcfD6fdiUZ3LV5PJ5KpRocHCRWsecY6uPj2bNnmXp1dXWR1vwhUqm0rKwMfm0BOHPmjEKh4PF4u3fv7uvrIykMqlJSUohbXjyKZbGUfVCPFuHryjGXL19OTk5mqkWsGw85Zh3cz1amhISEkZERpuJWYytv2toirjOZTFKpdLO12IpUVVVlZWVtthaIf3G5XAqF4sKFC5utyEOIz99y+JXffvuNpYjwni3iOr1eHx8fv9labEVOnz59Px8IIDaW4ODgS5cure8/9BDsbK0cg3gIOHnypEwmy8vLm5qaqq+vP3HixGZrtBUJCgp6+umnN1sLxP9ACcZPbNH/9kf8//LCCy90dnbGxsYWFhZWVVUVFRVttkYIBGLTCMBxfLN1QCAQCMTDCXqPQSAQCIS/QDkGgUAgEP4C5RgEAoFA+AuUYxAIBALhL1COQSAQCIS/QDkGgUAgEP4C5RgEAoFA+AuUYxAIBALhL1COQSAQCIS/QDkGgUAgEP7iP2bYdXlVDfZJAAAAAElFTkSuQmCC) --- Research's Comment: ![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAAAjCAIAAADNIk3yAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAKu0lEQVR4nO3cbUhT3x8A8NsynfM2H9pW5vw5ezAREwkRBV/0IBRDZD1pmGUPoyJ6QirMypY9WPYAiYlEQUX0IkKGSIgsimEiNtaSUUOidNlt1DJnc13X9P5eHDrc/zbv7syp/37fz6t77773nO8559573D2rWQzDEAAAAEAICKY7AQAAAH8tmGMAAACECswxAAAAQgXmGAAAAKECcwwAAIBQgTkGAABAqMAcAwAAIFRgjgEAABAqgeeYHz9+HD58OCkpKTIyctmyZZcvXx4dHe3r65s7d+6kZDCJRU0ih8NRU1ODtic9wylrsm9FfX19sbGxeHsWS2Ji4okTJ379+jXFSXJkyxN7sP68tInB1XnVOzMvbwCmTOA5ZteuXVarta2tzWq1NjQ0tLa2Go3GpKQku90+BflNl8HBwYsXL053FiFHkiRN0zRNu1yuJ0+ePH/+vLq6erqTCtpMGKy//o4AYGLCuD/++fOnVqu12+3R0dEEQaxZs2bNmjXoo4iIiJBnB0IPj+Py5cuvXr2qVqvPnTs3vSn9n4I7AgBfAb7HjI2NEQQRFuY9FbHfAKDta9euJScnR0VFFRcXf/v27dixY1KpdN68eTt37hweHsZhV65cmT9/fmxsbFlZ2c+fP72KvXnz5tq1a/HuyZMny8rK2AHDw8N79+6VSqWJiYlnz54dHR3lLnlkZGT37t1z585NSko6c+YMOx4lHBsbu3XrVofDwa7F4XAoFAqn0zlr1qx79+6hgzdu3EhOTp43b962bdvY8X6rYHv58mVubm5kZKRUKt28efOnT5/Q8cuXL/sm7LeBxcXFFy5cwAXm5uairAJWHSyhUEjTNP9436YF7NvxTvSN4Ri7mpoaqVQaHx9/584dv4OF8e/kDx8+REVFvXr1iiCIb9++xcbGPnv2DJezfv36K1euoO3Xr19HRETgdu3du/fYsWNBvRPjuGKDusJ938uhF6F87jUApkaAOSYqKkqpVG7ZsuXFixdoqvDL6XSaTKb29naTyURRVGpqqt1u7+7u7uzs7O3traysxGFdXV0Gg8FgMBiNxtraWq9yVCqVXq//8eMH2m1ubt6wYQM74NChQxRFGY3G1tbW5ubmhoYG7pKrq6tdLld3d3dra6ter29sbMTx3d3dHR0dXV1dVqsVZ4hER0dbLBb0Hqm0tBQ3EMVTFFVRUYGDx6sCMxqNe/bssdlsZrNZLpcfOHAAFWj4jZ2w3wYWFRVptVoU8PnzZ5PJpFKp+FQdFIfDodFolEol/1PGaxpH33Kc6IVj7CwWi9lsvnv3bl5enu9gYUF1cnJycmVl5ZEjRwiCqKqqUiqVq1atwkUVFBTodDq03dLSMjY21trainZ1Ol1QnYZz83vFBnuFB1s+AFONCWRoaKiioiIlJSUsLGzJkiUajcbj8fT29pIkiQJ6e3sJghgcHES77e3tAoHA5XKh3Y6OjiVLluAwq9WKjjc1NWVlZaHjuCiGYXJych4/foyP0zSNP/J4PCRJvn//Hu02Nzfn5ORwlMwwjEQicTqdaNtkMmVnZ+P4oaEhnPCiRYu8Wu3bQBzf0dHBjvdbxXjevXu3YMGC8RIer4Eul0ssFqP4hoaGwsJCnlV79S06EhMTw26X5Lfw8PCSkhJcoO+53NhN4+5bvyf61sgxdgMDA9zNZMa/KsbrZIZh3G53amqqRqORSCQ2m41dGkVRIpEIXY3Z2dnl5eUlJSWoFrFY7Ha7cQ5eyUxKbjzvHTy4HHcEAFMswHoMQRDo1URNTc3IyIjRaCwvL/d4PGq1mh1DkiRasCEIQi6Xi8XiyMhItLtw4UK8FioUChMTE9F2amqq1Wr1rU6lUrW0tGzcuLGlpUWpVLLfcX/58sXtdicnJ+MS0L00Xsnfv3+32+0KhQIdHxsbwy/9SJLELxnkcvnAwAB3J7DjFy5ciOM5qsBevXp1/PjxN2/euN3usbEx9PrRb8LjNTAyMlKpVGq12oMHDzY1Ne3YsYNn1QGJRCKTyUQQhE6nq6iouH37Nh44Pvw2jU/f+j2RjXvs8E/juAXVyQRBzJkzp76+Pj8/v66ubv78+eyi4uPjU1JSOjo60tLSKIqqqqpKSUkZHR3V6XT5+flz5szhk8+f5Mbn3glYPgBTL4inUkRERG5ubl1dXWlpqdccM4k2bNiQl5dHEERLSwt6mE4YTdMCgcBgMODHk0Awyf8eiE8VKpVKrVY3NjYKhcL+/v5169ZNoKKioqL6+vrS0tKurq6mpiaeVaM/vUdHR2fPno2OOJ1OkUiEAwQCQUJCAkEQZWVlV69evX379sGDB/lnNeGmBTxxCsbOL5vNJhAIbDab70dKpVKn071//76goCA6OjozM1Ov10/sRRkA/x2B71uvZRiapj0ez8Qqo2n648ePaLunp+eff/7xjVm6dKlMJnv69GlnZ6fX3SuTycLDwz98+IB2LRYL/jvXb8nx8fEikWhgYCDht/j4+IllPp6AVXz9+pWiqNOnTy9evDghIUEoFHIkzNFApVJpMpnu37+fn5+PviXwaZ1UKo2Li+vs7MRH9Hp9RkaG37acOnWqtrZ2ZGSEZ9vHa9qknDgpYxdsJzscjqNHjz58+LCxsfHt27depaElmebm5sLCQoIgVCqVVqt9/vz5xOaYYHPzGx8XF+dyufD6ZX9/P3f5AEwD7ldpFotFJpPdunWLoqjBwUG9Xp+enn7x4kWv5Qq/L4W9dtG3/k2bNvX395vN5szMTI1GwzDM0NBQWFiYxWLxeDzolKqqqoyMjIKCAt981Gp1YWGh1Wo1m80rVqyoq6vjKJlhmH379uXk5JjNZoqiamtrq6urAyaMOJ3OsLCwnp6egPF+q2CTyWQNDQ2Dg4M9PT0qlSomJoYjYb8NREpKSsRi8aNHj/hXzTBMfX19SkqKXq+32+2PHz+Oi4trb2/3O3AMw6SlpTU2NrI/pf8XHiOOpgXsW78nMj5XAp+xQ9iDxa462E7ev39/UVERwzDnz59fuXKl37RlMhlalenv7xeLxZmZmV6d6dUK38t7ArlxxGdnZ6vVapvN1tPTk5eXx32vATD1Aq/5P3nyZOXKlWKxWCQSZWRk3Lp1i/FZEuc5x5AkeenSJZlMFhMTs337dvy7gIqKCpFIdPfuXbSLVgjwLpvT6dyzZ49EIpHL5ejXB9wl0zR95MgRuVwuEomUSiVaTeX5HNRoNCgr7ni/VbDp9fqsrCyhULhgwYLy8nL8IK6trfVN2G8DEa1WS5IkjuRTNXL9+nWFQhEeHp6ent7U1MRuiNfz+sGDBwqFwu12M7+fU17wDMTdtIB963siOs6+EviMHYYHy6t1/DvZYDCQJInWyWmaVigU9+/f96qlpKRk06ZNeDcrK6uystK3M72uZ69dhvOKDfYKf/fu3erVq0mSTEtLq6urC3ivATDFZjEME/ovSwRBEH19fenp6fh7PYfh4WGJREJRFM+lXf4lAzATBHvFhjoegNCZif8nZltbW15eHs8JBgAAwIw14+YYh8NRX19fVFQ03YkAAAD4UzNujsFvkKc7EQAAAH9q6tZjAAAA/NfMuO8xAAAA/howxwAAAAgVmGMAAACECswxAAAAQgXmGAAAAKECcwwAAIBQgTkGAABAqMAcAwAAIFRgjgEAABAqMMcAAAAIlX8BnLmxirAOh8YAAAAASUVORK5CYII=) --- **Screenshot:** ![irandrupal.com vulnerability](/twimages/screen-1110040.jpg) **Mirror:** [Click here to view the mirror](<http://1110040.openbounty.org/mirror/>) ### Coordinated Disclosure Timeline Vulnerability Reported:| 4 March, 2020 15:03 GMT ---|--- Vulnerability Verified:| 4 March, 2020 15:13 GMT Website Operator Notified:| 4 March, 2020 15:13 GMT a. Using the ISO 29147 guidelines| ![](/images/done.png) ---|--- b. Using publicly available security contacts| ![](/images/done.png) c. Using Open Bug Bounty notification framework| ![](/images/done.png) d. Using security contacts provided by the researcher| ![](/images/done.png) Public Report Published [without any technical details]:| 4 March, 2020 15:13 GMT