Open Bug Bounty ID: OBB-1112757
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:
      a. verified the vulnerability and confirmed its existence;
      b. notified the website operator about its existence.
Affected Website: |
greenacrefn.com.au |
Open Bug Bounty Program: |
Create your bounty program now. It’s open and free. |
Vulnerable Application: |
Custom Code |
Vulnerability Type: |
XSS (Cross Site Scripting) / CWE-79 |
CVSSv3 Score: |
6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N] |
Disclosure Standard: |
Coordinated Disclosure based on ISO 29147 guidelines |
Discovered and Reported by: |
geeknik |
Remediation Guide: |
OWASP XSS Prevention Cheat Sheet |
Export Vulnerability Data: |
Bugzilla Vulnerability Data |
JIRA Vulnerability Data [ Configuration ] |
|
Mantis Vulnerability Data |
|
Splunk Vulnerability Data |
|
XML Vulnerability Data [ XSD ] |
|
Vulnerable URL:
![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAAA3CAIAAABVZQ1/AAAACXBIWXMAAA7EAAAOxAGVKw4bAAAO2UlEQVR4nO3db0wb5R8A8FvpsMDh+NMWKJ3QqUjIgkoIokGdm1GChODG8F/HUAniQhYkcwGmiGyyDcVEXMjeLNmIicYYYwgv5oLTNISwDVjFBllFVmqtFVoEdmCppeeL+3m5391zz5WuXTv2/bzinj73PM89z6VP+1z5PptomiYAAACAEJCFuwEAAAA2LJhjAAAAhArMMQAAAEIF5hgAAAChAnMMAACAUIE5BgAAQKhExByj0+l+/PFHsUMQIWBcAADrFf455qeffvL5fA8++CDyEEQIGBcAQAAk5piZmZn4+HjkS4uLi8ePHxc79F9fX19ZWZnY4Qbw1ltvxcTEnDt3LtwNuSnsuLhcrn379qlUqvT09Obm5n/++QdzFibz6urqSy+9xN5d7J02MzOTmJi43uZhblQAQBgF/j1mYWGho6ND7NB/G3uOcblc3d3dw8PDer0+3G25Key4VFVV+Xw+o9F48eLFH374ob29HXOWWObV1dXi4mKv1xus5mVkZDidzmCVBgAIGhrLYrGQJOnPS5icGHa7PSEhwePxIA83gMC6JdKw40JRlEwmW1hYYNIHBwezsrLEzsJktlgsx44d43aOzWbLy8tj/igoKAjhxQAAbiG/vsd88sknOp0uOTl53759i4uLBEEsLi5mZmZSFLVp06Zz585xDz/++OP4+PgPP/wwJSUlMTFx//79f//9t1jJfX19zzzzzObNm4WHf/zxx3PPPRcfH6/T6bq6upj1E2ZJ5Pjx4yqVKi0t7cyZMwRBrK6uvv766/Hx8RkZGe+9997a2hpTmjCdOb2rq0un0yUmJr7yyivM5TCuXLny6KOPxsTEqFSqvXv3/v777wRBrK2tNTc3p6SkxMXF7d271+Vy+d8Ml8vF7SV87SxkjcvLy2+88YZKpdq6dev777/PXCO3wLi4uBdeeMHlcr399tsqlSo5OfnVV19dXl4Wlo+8TN5aE2/Bih0Xp9MZGxu7ZcsWJl2r1c7OzhIEcf369bi4uKtXrxIE4XK5EhMTv//+e7HMBEFkZGQcOXKE26r09PTR0VHmj0uXLjGJ3377rdidw2LycNvvf7cg7zFeXz3++OPx8fHp6el79uz5+eefCZHRR46aELKjJK8RgNuX9BxDUZTRaBwaGrp8+bLdbm9qaiIIYsuWLZOTkyRJut1uvV7PPXz++ecpirp8+fLIyMjIyMjY2FhnZ6dY4ZiFsvr6+ujo6KmpqYGBgd7eXm57JicnTSbT2bNni4qKCIJob29fWVkZHx8/f/68wWA4ffo0kxOZTlHU+Pg4czlWq7WlpYUteWxsrLa21uFwmEwmrVZbX19PEERnZ+fAwMDAwIDZbNZoNBMTE/43Izk5mdtL+NpZyBoPHjxot9vHxsbOnz/f19fX09PDHZ3BwUGj0Wi327Ozs51O5/j4+PDwsMViQZaPvEw8yQVMnU7X0tLS0NBAEERra2tJSclTTz0lWayk6urqXbt2MXOP0JUrV3bt2lVdXS18yc9uEbvHWKWlpdXV1VardXBwsKioSKFQsOXzRh85aiqBEHUUAJEL/zXHYrEQBLG0tMQcDg0Nbdu2jX0JuVbGnGK1Wpn0r7/+Oj8/n/nbarVmZmayp1AURZLk/Py88NDr9SoUiunpabaQhIQEtnD2FIZSqaQoivnbaDSyKy3CdN7lDA4OspfDMzU1lZqaStO0Wq0eGxtDdos/zeD2kp+1C2v0er0kSbK90dfXV1hYyBbIXYySyWQrKyvM4dDQ0H333Ye8OuFlCkeT6XD6/8cFk83j8WRnZ7e1tSmVSofDgc/MpuAXEimK6ujoSEpKqqysNJvNbLrZbK6srExKSuro6GD6XNjPkt0ido+x5ufn5XK52+3mtQo5+sj7xCaA7CgANjC55CREkiS7CqHRaObn5yVPUSgUW7duZf7Ozs62Wq3s6UNDQ2y2CxcuFBQUsAsU3MPZ2Vmfz6fT6dhCuO3hrmn89ddfTqczMzOTOfT5fHK5HJPOvRytVsu9nKtXrx4+fHhiYsLj8fh8Pp/Pt7i4OD8/n5ubi+wWf5ohPEusdgayxtnZWY/Hw+0N5m2OKZC7GHX33XfHxMQwhxqNBvkYXHiZwjxcvGESs3nz5lOnTj399NPd3d0pKSn4zH6Ki4trbm6uq6t77bXXcnJy2J+l5eTklJaWTk9Ps9fO40+3YO4xRmJiYkVFRWFh4c6dOzUaTX5+/pNPPsmWz+0QsfskPT1d2LZQdBQAEUt6jgmiqKiotLQ09jAovyhzu90ymWxkZIR9T5fJZGLpHo8HU1R5eXlNTc3p06cVCoXNZisuLmabHXAzAuNPjQETu0wx/o+Lw+GQyWQOhyMYzfyfX3/9tbW11WAwcH/A1t7e/tFHHx04cKC9vf3ee+8NYnU8n3/++ejoqMlkstvtjY2Njz322KeffiqWWThqKpWKlzI3N0eEpqMAiFD4rzmY5Q4/18q++eYbdq2My+v1KpVKdqVCeKhQKCwWC3PIXSsTrq6QJClcpkCmYy5ndnZWLpezLxmNRuYltVptNBrx3YJpBm8NB792xBDWiFkrwxSILF/sMpeWlmQyGXcdj0nnjQvmp2ILCwupqalffPFFUlLSxMQEPjOyQ4Tq6upIkmxsbHQ6nbyXnE5nQ0MDSZJ1dXX0evqZPRS7x8QYjUatVivWbOR9glwrE3YUABtY4HMMRVFyuZxdJWcPmTmmoqLCZrOZTKaHHnqora2NLYFd3TYYDNu3b2fTeYc0TVdUVJSXl1ssFpPJlJubi5lj6urqCgsLmQ+bnZ2d7e3tYun4dx+1Wt3T07OwsGA2m8vLy5mXOjo6CgoKxsfHbTZbfX29wWBYVzP8fO/jLvoja6ypqSkrK7NarSaTKS8vr7u7G18gpnzkZdI0XVBQUFNT43A4zGZzUVERky4cl+LiYr1eb7fbmWzvvPMOk37gwIHKykqapo8dO7Zjxw58ZmSHCOn1enYOQLJYLHq9ng5ojqFF7jHWxMREcXHxxYsXnU6n1WqtqakpLS0VazZy1JCQHQXARhX4HEPTdFtbW2xs7NmzZ7mHXV1dJEmeOHFCrVYnJCRUVVWxj1u5pR06dKilpYUtindI07TD4SgtLSVJMjMz88SJE5g5xu12NzQ0aLXa2NjYkpIS9kO3MB1/OQaDIT8/X6FQpKamNjY2sp92Dx8+rFQqFQpFeXk584Ha/2b4897HS0fWSFFUbW2tUqnUarVtbW1er1dydMTKR14mTdNTU1M7d+4kSTInJ6e7u5tJF47L7Ozsyy+/nJSUpNFompqamH9mGhkZIUmS+fLqdrszMzN7e3vFMnNbGKx/HgpsjkHeYyyPx9PW1paVlRUdHa1Wq/V6PfK3DAzkqAmJdRQAG9UmmqaDu/g2MzOzffv2Gzdu4LM98MADvb29jzzyCPKQ59q1a0888cSff/4Z3KYCSfhx2UjgHgMgFG7pM3+ua9euYQ55jEbjtm3bQtwigIAfl40E7jEAQiH8cZfFHD169MyZM3Nzc5cuXWppaamrqwtjY9bW1k6ePPnLL7+EsQ23tcjswIi6xwDYkCJ3jtmxY0dPT49Wq9Xr9QcPHty/f38YGxMVFeXz+Q4dOhTGNtzWIrMDI+oeA2BjCvcDodAK+KkyE0aam+L1evPy8oaHh4PUNAnBeh5+a4JyCrtLyM8O5P4IHv9jYgBA5Ivc7zHhJdyqICoqanR09E54+h0Af3Z2gA4E4A4EcwyILHK5PCsri/sHAOD2JT3HCKPK42PUi0XU58ZCR0ZHx4Sv5+VEQoas50HuAiCsgrdzgf89w5aG3NoAU7tYZ548eZJXDiYIPyZSvbAcfPuF5WPaye2uqqqqZ599lj39yJEjmIccyND9AQf5BwBEIOk5BhlVHhOjXiyiPi8WujAFE76el1MYMp3wL2S92C4AvCp4Oxesq2eY0pBbG2BqR3YmRVEj/8FvkcDA7IaALEes/WLE2sntrg8++MBgMLD/HdXX17d7926xAvGh+wPLCQCILPjHNchIWfgY9WIR9bmx0IUp+PD1vDjqyDBQXGIh68XC7wurkHxUjm8wcmsDTO3CzhQrR+yf2PG7IQjLWW8MNPygc88qLCz86quv2ERhbHyWWOj+m8kJAIgoEv+DKRZVXixGPSaiPi84PC8FH76edy4yZLpkyHpM+H1hFZIwDUZubYCvHdmZYlskiLVHLFI9shxM+8VIbkzAKC8v7+/v37NnT39/f0lJyV133SVWoFjo/pvJCQCIKEH+P/8AIuoHABkyXTJkfXDD769XeGu/lXbv3s0safb39yM3qeRChu6/yZwAgMghMceo1ero6Ojr168zH3gnJyfZT+JIaWlpsbGx8/PzDz/8MJs4MzMj2Y51VWQ0Gnkpc3Nzdrv93XffZQ6Re3Mh2xYwTIPdbvdvv/3GfHUwm8333HNPYLUjy0lKSlpZWblx4wbzlcJms7HtkclkMzMzGRkZTHvw5Yi1X6x8/91///1qtfq7774bHh7+8ssvMTnffPPNzz77rLa21mw2JycnByUnACCySK6mCaPK4+PaSkbUp0WedvgTvh4DGbJ+aWlJLpdPTk4ygYolw++zeDsX+Nkz9H/PLZBbG/hTO+/5B7IcZBB+Wnw3BLFykO0XKx8/6Lzuam1tzc3NZSLhY0iG7g8gJwAgokjPMcKo8vi3G8mI+rT427pk+HoMsZD1TU1N7AYEkuH3uXg7F/jTM2xpyK0N/KmdF5C/s7NTWA4yCD+N3Q0BWQ6y/WLlS26wxu0u5osmpusAAHeI4Mf2v8P5ubVBqIU3Uv3y8rJSqbTb7ev9JQUAYIPZmI+dQXgj1V+4cKGoqAgmGABA2PaPAUF39OhRjUZTVlY2PT3d0tLS2toalmYsLi6eOnXqxRdfDEvtAICIAt9jNo4IiVTPPvgJS+0AgIgCz2MAAACECnyPAQAAECowxwAAAAgVmGMAAACECswxAAAAQgXmGAAAAKECcwwAAIBQgTkGAABAqMAcAwAAIFRgjgEAABAqMMcAAAAIFZhjAAAAhArMMQAAAEIF5hgAAAChAnMMAACAUIE5BgAAQKj8C2zE1oYnI53sAAAAAElFTkSuQmCC)
Screenshot: ![greenacrefn.com.au vulnerability](/twimages/screen-1112757.jpg)
Mirror: Click here to view the mirror
Coordinated Disclosure Timeline
Vulnerability Reported: |
7 March, 2020 13:59 GMT |
Vulnerability Verified: |
7 March, 2020 14:06 GMT |
Website Operator Notified: |
7 March, 2020 14:06 GMT |
a. Using the ISO 29147 guidelines |
![](/images/done.png) |
— |
— |
b. Using publicly available security contacts |
![](/images/done.png) |
c. Using Open Bug Bounty notification framework |
![](/images/done.png) |
d. Using security contacts provided by the researcher |
![](/images/done.png) |
Public Report Published |
|
[without any technical details]: |
7 March, 2020 14:06 GMT |
Vulnerability Fixed: |
9 May, 2020 12:48 GMT |
— |
— |