farmiq.co.uk Cross Site Scripting vulnerability

2020-03-09T03:44:00

Description

Open Bug Bounty ID: OBB-1114143 Following coordinated and responsible vulnerability disclosure guidelines of the **[ISO 29147](<https://www.iso.org/standard/45170.html>)** standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence. Affected Website:| **[farmiq.co.uk](<http://farmiq.co.uk>) ** ---|--- Open Bug Bounty Program:| **Create your bounty program now**. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| **[XSS (Cross Site Scripting)](<https://www.owasp.org/index.php/Cross-site_Scripting_\(XSS\)>)** / CWE-79 CVSSv3 Score:| 6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N] Disclosure Standard:| Coordinated Disclosure based on **[ISO 29147](<https://www.iso.org/standard/45170.html>)** guidelines Discovered and Reported by:| **Dipu1A ** Remediation Guide:| **[OWASP XSS Prevention Cheat Sheet](<https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.md>)** Export Vulnerability Data:| Bugzilla Vulnerability Data JIRA Vulnerability Data [ Configuration ] Mantis Vulnerability Data Splunk Vulnerability Data XML Vulnerability Data [ XSD ] Vulnerable URL: ![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAAA3CAIAAABVZQ1/AAAACXBIWXMAAA7EAAAOxAGVKw4bAAASfUlEQVR4nO2dfUwUxxvHVzzpcSwox4EKpyAxiMRg0yilLb5EjTWUkCtFTPGiqNRSg4iEWqTGUmqQ4EuMNtQYbdA/1BhDKGkMNbQxF0otKl2vV3pe0ZwXRCoHgj0RjpP9/bH5Tba7s3N7Byton89fN8u8PPPsDM/u3Nx3prAsSwEAAACAAgRMtAEAAADAKwvEGAAAAEApIMYAAAAASgExBgAAAFAKiDEAAACAUkCMAQAAAJRiUsSYefPm3b59Wyr53wSc4B/gNwCYVEx8jPn9999HR0cXL16MTf43ASf4B/gNACYbXmLM/fv3Q0JCsH8aGBg4ePCgVFI+DQ0NGRkZ2OTu3buDgoLOnj3rR7UECJ16MXg1ADnBD6/K6d2Ee8An5DtBMJYm3B6lGct99KPs48ePt2zZEhERER0d/dlnn42MjPjRrkzvnT17duHChUFBQQsXLjxx4oRP1fI/+zQd7t+/HxYW5rUtwDdYIna7naZpOX8i5CSTnJx89epVcdLpdAYEBDAM4/F4/KiWzNDQ0LjXKR+vvkJO8M+rcno3sR7wCflOEIylCbdHacZiiR9lMzIycnJyOjs7rVZrampqaWmpQu2eOnVKr9d///33Tqfz2rVr8+fPr6iokF+t1GevZe12+4wZM2R1A5DNBK+VPXz40GazrVy5Upx0uVwajWbx4sVTp04d93Zfe+21ca9zvBD4xA/k9G4ye8A/xu43gMCzZ8/a2tpOnToVHR29YMGCo0ePXr58WaG2Kioqvv322/feey88PHzFihWXLl2qqqp6+vSpQs2pVKr4+Hj+B2A8IYcgLsIfO3YsNjZWq9Uajcb+/n6WZfv7+1ENtbW1/OSRI0domq6uro6MjJwxY8amTZsGBwel6j958mR2drY46XQ6+fW3trampKSo1WqdTpeVldXZ2Ylsq6ys1Ol0s2bNOn36NHfl8OHDsbGxGo0mOzvb6XSWlJTodDqtVpubm+tyuVjRo01nZ+fatWs1Gk1cXNzRo0exDzIej6e0tDQyMlKj0WRlZTmdTpZlXS7X9u3bdTqdXq8vLy8XvG+J3/NQzfw/WSwWrVZrMpnEThA4WdxflmXFnhE/xHEOmTFjRk5ODnf75ORhWbarqystLY2m6djY2MOHD5Mf8YaGhrZu3UrT9Ny5c/fv3+/xeLKzsw8cOIAypKSk1NbWYnMSzBA4getyamoqTdNRUVGZmZnt7e3isYRtQr49BJ+I7RGDtRBrEvYOsrixzeIGodT05MPlEc9HqbJS+QWcP39++fLlWKsI/ZLjPS6P2+0WuJSbvF6r/eabb8SzBtUjdRfENDY2Sv0J8Anv7zEul4thmJaWltbW1q6urtLSUoqipk+fbrVaaZoeGhoyGo385Pvvv+9yuVpbW2/evHnz5s22trbq6mqpyqW+jAkPD+fX39bWtn379u7ubovFotfrCwoKkG1Wq9VisdTW1qampiJrm5ubGYbp6upKSEhwOp1ms/n69et2u72srExsQ0FBQWhoqNVqvXr1am1tLdbO6urqpqampqYmm80WFRXV3t5OUVRhYWFXV1dbW1tjY2NDQ0NNTY1XZwoYGBjIzMysqqpatmyZ2AkCJ2P7K+UZhMvlMpvN3O1zOBxYD0jlKSgoCAwM7OjoaGpqOnfuHLkvFRUVg4ODZrO5sbHRZDJx//Hr6+u5vz58+JBhGIPBgM1JMEPshPT09NzcXIfD0dzcnJqaqlarBX6TasIne6R8IrZHDNZCqV7LH9vYQYidnuL7i52PUmW9zt87d+6UlJQcPnxYyiqpfgm8FyGCa12tVk+bNo3f4tKlS4ODg+VU+9FHHxFukNRdEJObm7t69epbt25JZQDkQg5BdrudoqgnT55wyZaWlri4OPQn7PcxXBGHw8Fdr6urW7JkCffZ4XDExsaiIi6Xi6bpvr4+bFJqIbWjo2PWrFmoIZQfXUGPcs3NzQEBAegprKWlZf78+YKaPR6PWq3mW4t9Wo+MjGxra+Nf8Xg8NE3fu3ePSzY0NKSkpAhc5/U9Ji0tbceOHfxSBCeI+4v1jLgIun3Nzc3c7ZOTh/MM6qCUZxA6nY570mRZlmGY5OTkwcHB0NBQzrc1NTUZGRlSOQlmCKzt6+tTqVTiL5MEfsM2Id8egjGs9MgkW4g1SQBhbLO4QUiYnoI84vkoVZYwfzk6Ozvj4uIuXrwoZRWhX+y/vdcpgvXmXjnVEr6PkXMXOFwuV2VlpVarzc7OttlscuwBsKi8BiGaptHGjKioqL6+Pq9F1Gr1nDlzuM8JCQkOhwMVb2lpQdmuXr2anJyMNnIIknx+++23PXv2tLe3u93u0dHR0dFRZJsgP03T06dP5z7r9frQ0NCgoCDUOn8JjuPRo0cURfGtFbc+MDDQ19eXlJQkKOh2u+fNm4cKcpNTPp9//nljY+Pp06f5FwlOoHD9lfIMvwi6fXq9Hnv7sHkePXo0OjrK7yDKzz1vcvT09FAU9fjxY6fTGRsby10cHR1VqVRBQUFpaWn19fU7d+6sq6vLzc2Vyinf1LCwsKysrJSUlFWrVkVFRS1ZsmTFihUCv0k14ZM9cozBugJrIaHXMsc2dhBS8qan1HyUKiuVnyMrK6uoqGjDhg0Eqwj94hMdHS2+qFKpPB6P+Lr8aqUg3AUxwcHBe/fuzc/P37p1a2Jion+b6ACKorzHmHFk6tSps2fPRknCrmUBBoMhLy/v5MmTarW6s7Nz3bp1itsqYny3HgwODtbV1V28eLGgoCAzMxPFRV93306IZxiGEVwZGhoKCAi4efMmmrQBAQEURWVnZ3/99ddGo7G1tbWuro6QUz4XLly4deuWxWLp6uoqLi5+++23T5w4wfcboQmZ9rjdbr9dgbWwrKxMyiSf7qAS+1984uHDh2az+ZdffuFfxFolp1/8CM3R09PDLXONjIzwl8tu3bqVkJAQHBw8lgHv69i7e/fu/v37TSZTRUWF/FYAIeTXHJlfXLPSa2X19fWCd20Oj8ej0+nQUowgya/w0aNHKpUKXWcYhrNB/E5NsJafJKyV1dfXS62VMQwjsJ+8VvbkyZOAgAD+egvfdSqVivsqOD09vaCgwKsTsP3FeoZQBOsBqTycZ+x2O3fd61oZTdPiNZOhoSGtVnvs2LHMzExyTvkjjQ/DMHq9Xuw3bBPy7fE6kOTv+uUslDJJ/thmcYOQbCe6iJ2PhLFBmL8ej4fvZ6xVhH4J2sWulbEsq9frm5qaUHGLxaLRaFwul8xqCcNbamCIyc/Pp2m6uLgY7WIA/MP/GONyuVQqFVqpRElujHJbPiwWy+uvv15eXo5qQOvUJpNp0aJF6LogKWg6MjKypqamv7/fZrMZDIZxjDEsyxoMBr61qAh/Sb2ysjI5OdlsNnd2dhYUFHDbwPLy8jIyMhwOh8VieeONN44fPy4omJycnJeX193dbbPZUlNTsfPBarWq1Wqz2Yx1At/JUv93BJ4ZrxjDsmxWVpbBYLDb7RaLJSkpiRxj8vPzU1JSuIf36upq9IOGnJyc0NDQS5cukXPKHGnt7e3r1q376aefnE6nw+HIy8tLT08X+03KGJn2kAeSYOQLwFpIMEnm2GZxg5BgJxqEUvORHGOk5i8r+mUVdmpI9cur9zj4v48xmUyJiYloQ6Ccavmfnzx5olKprFYrt4WMMDAEGI1G9IAFjAX/YwzLsuXl5RqNBu1B5JLc3uWqqirx3kd+bSUlJWVlZagqQVKQ2WQyLVmyRK1Wz5o1q7i4eHxjDH/vMtqhK8jj8Xj27Nmj0+nUarXBYCDsXeYX7OjoWLVqFU3TiYmJx48fl3owLyws5LaBip3AdzL2/47YM+MYY7q7u9PT07m9y1VVVV73LhcVFen1eo1Gk5aWhp526+vraZrm73/F5pQ50txud3l5eXx8fGBgYGRkpNFo7O7uFvtNyhiZ9nh9PxCMfD5YCwkmyRzbLG4Qyr+/4vlILoudv1hXYKeGVL+8eg9RW1ubkJCgVqvj4+PR05v8avmfS0tL0WfCwAAUwkuM8QOZKwnx8fHXr1+XSk4U2NWGF8YkcQIWq9UaGRk50Vbgmcx+m3B8WtnzIz8AkHmh3/nzuXPnDiH532QyO4FhmLi4uIm2As9k9hsA/McZq5YMSKnL5GV01FdffXXmzJmenp5ff/21rKwsPz/fv3pu3779ySefEDKMjIx8+OGHf//9t3/1AwAwaRlTjAEpdZm8pI5auXJlTU2NXq83Go2FhYWbN2/2r57c3Fz0owQs06ZNCwwMLCkp8a9+AAAmLWOKMdgfc8TExPzzzz/yK5Ejvu23mrqgcq+HBcTExDx+/NiPhsj4rTk/XiL8/omWz50712azDQ8P//XXX7t27ZJfkH+/ent7zWZzUVERl+zp6dm4cWN4eHh0dPTu3buHh4e560VFRU1NTb5aCHjF1/noa34AIDP+McZXYmJixD+/F9Df319ZWTnGynt7e48fP379+nUpmSnleDHnmkwe+PeL089GMs+bNm1Sq9UWi8VkMpnN5n379nHXtVqty+WaGHMBAFAM/7/zH0cpdUV15lHl6LAA5drCAprziKdPn167ds3pdHL6hlVVVTk5OYcOHZpouwAAUArf3mN++OEH9LmhoWHt2rWc3sONGzeWLVsWEhISHR39wQcf/PnnnxRFPX/+fO/evTNnzgwODl6/fn1vby/1/8WfgwcPRkREzJ49+8yZM/xD6EJCQg4dOjRz5sywsLDNmzc/e/aMoqiBgYHY2FiXyzVlyhRumYtvBtlOVHlvby+/ErEZXC/eeuutoKCgiIiI9evXP3jwANVw5MiRefPmBQcHb9iwobe399NPP42IiAgPD9+yZQs61mJ4eHjbtm0hISExMTFffPHF8+fPxY6iKOrp06cff/xxRETEnDlzvvzyy+fPn/ObCAsL27hx48DAALZf4rJSZlMU9eDBg3fffTckJGTBggXnz58ne0yqEj7YDoo9Kb5fiODg4GfPnnEBhqIot9sdGBhIuH0AALzsyI0xN27cWL16NScjyMFf/8GKmUuJfotFyxFYUXGxmjpBdltsJ4fgsACsGQSVdTnnBUjJhgsWyrAnAshR4JcqK2U2d2ZBe3v7lStX+DEGK6ju9YwAQgcFnpSjfs9x4MCBTZs2ia+DrDoAvDp4/QWNzWbLzs7WarWVlZVIFpsvpS4lZo4V/RaLlksJnfFFxQW/C8PKbmPtJKgYUTJ08lFOr+cFsBKy4QLNeazKmV2erL1XhTS+2YQzC6REorB996qLjvUkWWaNo7y8fM2aNeiQKH42kFUHgFcG79/HJCYmpqen37t3D2kDU/+WUseKmRNEv8UC9QiyqDgCK7uNtZOAfJ18OecFSMmGC7T6pU4EkKMkL1UWazbhzAKsoLpXyXSyJr+vm9a+++67c+fOtba2YiV7QVYdAF4ZvK+VVVRUmEymHTt23L17F10UrP9cuHDh9OnTSUlJbre7uLh4586d3HXlpMjv3r3LCfAh2W2snT5hMBiWL19uMpkYhrly5YpPZZFsOMMwDMOYzWZO9f0F7Cjz1WzsWpnXSqQ66Ad//PFHfn5+XV1deHi4VB7x/QUA4KVEzsuO0+ksKiqiaTo/P5/FSdDzQWLmWNFvgpAlQVRcUEpKdltgJ0tcK5Ojky/OKaWzyeJkw8WOklorkyNrjy0rZTbhzALxWpnMvsvR5BdfFGTo6+ubP3/++fPnCUVAVh0AXhl80MS02+1Go5EVSdBLiZljRb+9xhisqLhAD5wsu43sZH2JMaw8lXVCjBHLhos151nciQCEJgTK5NjTBKTUzqXOLMCCrUSOLjrWk/z75XA41Go1d93j8axZs6awsHCIB/enjo4OZCHIqgPAK4M/ussCKXUpMXOs6Dc5xhBExeXogYvxKcbIUVknxBixbDhWq198IgC5Cb4yOfY0ASm1c+7MApqm4+Pj0ZkFUkhV4lUXnfCVPldwaGhIrVajI3AEr9GoocuXLyclJREsBADgZWQKy7K+Lq8tWLDg3Llzb7755thX6vjcv39/0aJFr5KOhUKOeunYtWuXxWL58ccfpTIMDw8nJCTs27dv27ZtL9IwAACUxp8YoxCvXowBOEZGRhiGWbp0KSHPzz///M4777wwkwAAeDFAjAEAAACUYqznxwAAAACAFJPoPQYAAAB4xYD3GAAAAEApIMYAAAAASgExBgAAAFAKiDEAAACAUkCMAQAAAJQCYgwAAACgFBBjAAAAAKWAGAMAAAAoBcQYAAAAQCkgxgAAAABKATEGAAAAUAqIMQAAAIBSQIwBAAAAlAJiDAAAAKAUEGMAAAAApfgfD068WOno3jQAAAAASUVORK5CYII=) --- **Screenshot:** ![farmiq.co.uk vulnerability](/twimages/screen-1114143.jpg) **Mirror:** [Click here to view the mirror](<http://1114143.openbounty.org/mirror/>) ### Coordinated Disclosure Timeline Vulnerability Reported:| 9 March, 2020 03:44 GMT ---|--- Vulnerability Verified:| 9 March, 2020 03:53 GMT Website Operator Notified:| 9 March, 2020 03:53 GMT a. Using the ISO 29147 guidelines| ![](/images/done.png) ---|--- b. Using publicly available security contacts| ![](/images/done.png) c. Using Open Bug Bounty notification framework| ![](/images/done.png) d. Using security contacts provided by the researcher| ![](/images/done.png) Public Report Published [without any technical details]:| 9 March, 2020 03:53 GMT

{"id": "OBB:1114143", "type": "openbugbounty", "bulletinFamily": "bugbounty", "title": "farmiq.co.uk Cross Site Scripting vulnerability ", "description": " \n\n\nOpen Bug Bounty ID: OBB-1114143\n\nFollowing coordinated and responsible vulnerability disclosure guidelines of the **[ISO 29147](<https://www.iso.org/standard/45170.html>)** standard, Open Bug Bounty has: \n\n&nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; \n&nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence.\n\nAffected Website:| **[farmiq.co.uk](<http://farmiq.co.uk>) ** \n---|--- \nOpen Bug Bounty Program:| **Create your bounty program now**. It's open and free. \nVulnerable Application:| Custom Code \nVulnerability Type:| **[XSS (Cross Site Scripting)](<https://www.owasp.org/index.php/Cross-site_Scripting_\\(XSS\\)>)** / CWE-79 \nCVSSv3 Score:| 6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N] \nDisclosure Standard:| Coordinated Disclosure based on **[ISO 29147](<https://www.iso.org/standard/45170.html>)** guidelines \nDiscovered and Reported by:| **Dipu1A ** \nRemediation Guide:| **[OWASP XSS Prevention Cheat Sheet](<https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.md>)** \nExport Vulnerability Data:| Bugzilla Vulnerability Data \nJIRA Vulnerability Data [ Configuration ] \nMantis Vulnerability Data \nSplunk Vulnerability Data \nXML Vulnerability Data [ XSD ] \n \nVulnerable URL:\n\n![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAAA3CAIAAABVZQ1/AAAACXBIWXMAAA7EAAAOxAGVKw4bAAASfUlEQVR4nO2dfUwUxxvHVzzpcSwox4EKpyAxiMRg0yilLb5EjTWUkCtFTPGiqNRSg4iEWqTGUmqQ4EuMNtQYbdA/1BhDKGkMNbQxF0otKl2vV3pe0ZwXRCoHgj0RjpP9/bH5Tba7s3N7Byton89fN8u8PPPsDM/u3Nx3prAsSwEAAACAAgRMtAEAAADAKwvEGAAAAEApIMYAAAAASgExBgAAAFAKiDEAAACAUkCMAQAAAJRiUsSYefPm3b59Wyr53wSc4B/gNwCYVEx8jPn9999HR0cXL16MTf43ASf4B/gNACYbXmLM/fv3Q0JCsH8aGBg4ePCgVFI+DQ0NGRkZ2OTu3buDgoLOnj3rR7UECJ16MXg1ADnBD6/K6d2Ee8An5DtBMJYm3B6lGct99KPs48ePt2zZEhERER0d/dlnn42MjPjRrkzvnT17duHChUFBQQsXLjxx4oRP1fI/+zQd7t+/HxYW5rUtwDdYIna7naZpOX8i5CSTnJx89epVcdLpdAYEBDAM4/F4/KiWzNDQ0LjXKR+vvkJO8M+rcno3sR7wCflOEIylCbdHacZiiR9lMzIycnJyOjs7rVZrampqaWmpQu2eOnVKr9d///33Tqfz2rVr8+fPr6iokF+t1GevZe12+4wZM2R1A5DNBK+VPXz40GazrVy5Upx0uVwajWbx4sVTp04d93Zfe+21ca9zvBD4xA/k9G4ye8A/xu43gMCzZ8/a2tpOnToVHR29YMGCo0ePXr58WaG2Kioqvv322/feey88PHzFihWXLl2qqqp6+vSpQs2pVKr4+Hj+B2A8IYcgLsIfO3YsNjZWq9Uajcb+/n6WZfv7+1ENtbW1/OSRI0domq6uro6MjJwxY8amTZsGBwel6j958mR2drY46XQ6+fW3trampKSo1WqdTpeVldXZ2Ylsq6ys1Ol0s2bNOn36NHfl8OHDsbGxGo0mOzvb6XSWlJTodDqtVpubm+tyuVjRo01nZ+fatWs1Gk1cXNzRo0exDzIej6e0tDQyMlKj0WRlZTmdTpZlXS7X9u3bdTqdXq8vLy8XvG+J3/NQzfw/WSwWrVZrMpnEThA4WdxflmXFnhE/xHEOmTFjRk5ODnf75ORhWbarqystLY2m6djY2MOHD5Mf8YaGhrZu3UrT9Ny5c/fv3+/xeLKzsw8cOIAypKSk1NbWYnMSzBA4getyamoqTdNRUVGZmZnt7e3isYRtQr49BJ+I7RGDtRBrEvYOsrixzeIGodT05MPlEc9HqbJS+QWcP39++fLlWKsI/ZLjPS6P2+0WuJSbvF6r/eabb8SzBtUjdRfENDY2Sv0J8Anv7zEul4thmJaWltbW1q6urtLSUoqipk+fbrVaaZoeGhoyGo385Pvvv+9yuVpbW2/evHnz5s22trbq6mqpyqW+jAkPD+fX39bWtn379u7ubovFotfrCwoKkG1Wq9VisdTW1qampiJrm5ubGYbp6upKSEhwOp1ms/n69et2u72srExsQ0FBQWhoqNVqvXr1am1tLdbO6urqpqampqYmm80WFRXV3t5OUVRhYWFXV1dbW1tjY2NDQ0NNTY1XZwoYGBjIzMysqqpatmyZ2AkCJ2P7K+UZhMvlMpvN3O1zOBxYD0jlKSgoCAwM7OjoaGpqOnfuHLkvFRUVg4ODZrO5sbHRZDJx//Hr6+u5vz58+JBhGIPBgM1JMEPshPT09NzcXIfD0dzcnJqaqlarBX6TasIne6R8IrZHDNZCqV7LH9vYQYidnuL7i52PUmW9zt87d+6UlJQcPnxYyiqpfgm8FyGCa12tVk+bNo3f4tKlS4ODg+VU+9FHHxFukNRdEJObm7t69epbt25JZQDkQg5BdrudoqgnT55wyZaWlri4OPQn7PcxXBGHw8Fdr6urW7JkCffZ4XDExsaiIi6Xi6bpvr4+bFJqIbWjo2PWrFmoIZQfXUGPcs3NzQEBAegprKWlZf78+YKaPR6PWq3mW4t9Wo+MjGxra+Nf8Xg8NE3fu3ePSzY0NKSkpAhc5/U9Ji0tbceOHfxSBCeI+4v1jLgIun3Nzc3c7ZOTh/MM6qCUZxA6nY570mRZlmGY5OTkwcHB0NBQzrc1NTUZGRlSOQlmCKzt6+tTqVTiL5MEfsM2Id8egjGs9MgkW4g1SQBhbLO4QUiYnoI84vkoVZYwfzk6Ozvj4uIuXrwoZRWhX+y/vdcpgvXmXjnVEr6PkXMXOFwuV2VlpVarzc7OttlscuwBsKi8BiGaptHGjKioqL6+Pq9F1Gr1nDlzuM8JCQkOhwMVb2lpQdmuXr2anJyMNnIIknx+++23PXv2tLe3u93u0dHR0dFRZJsgP03T06dP5z7r9frQ0NCgoCDUOn8JjuPRo0cURfGtFbc+MDDQ19eXlJQkKOh2u+fNm4cKcpNTPp9//nljY+Pp06f5FwlOoHD9lfIMvwi6fXq9Hnv7sHkePXo0OjrK7yDKzz1vcvT09FAU9fjxY6fTGRsby10cHR1VqVRBQUFpaWn19fU7d+6sq6vLzc2Vyinf1LCwsKysrJSUlFWrVkVFRS1ZsmTFihUCv0k14ZM9cozBugJrIaHXMsc2dhBS8qan1HyUKiuVnyMrK6uoqGjDhg0Eqwj94hMdHS2+qFKpPB6P+Lr8aqUg3AUxwcHBe/fuzc/P37p1a2Jion+b6ACKorzHmHFk6tSps2fPRknCrmUBBoMhLy/v5MmTarW6s7Nz3bp1itsqYny3HgwODtbV1V28eLGgoCAzMxPFRV93306IZxiGEVwZGhoKCAi4efMmmrQBAQEURWVnZ3/99ddGo7G1tbWuro6QUz4XLly4deuWxWLp6uoqLi5+++23T5w4wfcboQmZ9rjdbr9dgbWwrKxMyiSf7qAS+1984uHDh2az+ZdffuFfxFolp1/8CM3R09PDLXONjIzwl8tu3bqVkJAQHBw8lgHv69i7e/fu/v37TSZTRUWF/FYAIeTXHJlfXLPSa2X19fWCd20Oj8ej0+nQUowgya/w0aNHKpUKXWcYhrNB/E5NsJafJKyV1dfXS62VMQwjsJ+8VvbkyZOAgAD+egvfdSqVivsqOD09vaCgwKsTsP3FeoZQBOsBqTycZ+x2O3fd61oZTdPiNZOhoSGtVnvs2LHMzExyTvkjjQ/DMHq9Xuw3bBPy7fE6kOTv+uUslDJJ/thmcYOQbCe6iJ2PhLFBmL8ej4fvZ6xVhH4J2sWulbEsq9frm5qaUHGLxaLRaFwul8xqCcNbamCIyc/Pp2m6uLgY7WIA/MP/GONyuVQqFVqpRElujHJbPiwWy+uvv15eXo5qQOvUJpNp0aJF6LogKWg6MjKypqamv7/fZrMZDIZxjDEsyxoMBr61qAh/Sb2ysjI5OdlsNnd2dhYUFHDbwPLy8jIyMhwOh8VieeONN44fPy4omJycnJeX193dbbPZUlNTsfPBarWq1Wqz2Yx1At/JUv93BJ4ZrxjDsmxWVpbBYLDb7RaLJSkpiRxj8vPzU1JSuIf36upq9IOGnJyc0NDQS5cukXPKHGnt7e3r1q376aefnE6nw+HIy8tLT08X+03KGJn2kAeSYOQLwFpIMEnm2GZxg5BgJxqEUvORHGOk5i8r+mUVdmpI9cur9zj4v48xmUyJiYloQ6Ccavmfnzx5olKprFYrt4WMMDAEGI1G9IAFjAX/YwzLsuXl5RqNBu1B5JLc3uWqqirx3kd+bSUlJWVlZagqQVKQ2WQyLVmyRK1Wz5o1q7i4eHxjDH/vMtqhK8jj8Xj27Nmj0+nUarXBYCDsXeYX7OjoWLVqFU3TiYmJx48fl3owLyws5LaBip3AdzL2/47YM+MYY7q7u9PT07m9y1VVVV73LhcVFen1eo1Gk5aWhp526+vraZrm73/F5pQ50txud3l5eXx8fGBgYGRkpNFo7O7uFvtNyhiZ9nh9PxCMfD5YCwkmyRzbLG4Qyr+/4vlILoudv1hXYKeGVL+8eg9RW1ubkJCgVqvj4+PR05v8avmfS0tL0WfCwAAUwkuM8QOZKwnx8fHXr1+XSk4U2NWGF8YkcQIWq9UaGRk50Vbgmcx+m3B8WtnzIz8AkHmh3/nzuXPnDiH532QyO4FhmLi4uIm2As9k9hsA/McZq5YMSKnL5GV01FdffXXmzJmenp5ff/21rKwsPz/fv3pu3779ySefEDKMjIx8+OGHf//9t3/1AwAwaRlTjAEpdZm8pI5auXJlTU2NXq83Go2FhYWbN2/2r57c3Fz0owQs06ZNCwwMLCkp8a9+AAAmLWOKMdgfc8TExPzzzz/yK5Ejvu23mrqgcq+HBcTExDx+/NiPhsj4rTk/XiL8/omWz50712azDQ8P//XXX7t27ZJfkH+/ent7zWZzUVERl+zp6dm4cWN4eHh0dPTu3buHh4e560VFRU1NTb5aCHjF1/noa34AIDP+McZXYmJixD+/F9Df319ZWTnGynt7e48fP379+nUpmSnleDHnmkwe+PeL089GMs+bNm1Sq9UWi8VkMpnN5n379nHXtVqty+WaGHMBAFAM/7/zH0cpdUV15lHl6LAA5drCAprziKdPn167ds3pdHL6hlVVVTk5OYcOHZpouwAAUArf3mN++OEH9LmhoWHt2rWc3sONGzeWLVsWEhISHR39wQcf/PnnnxRFPX/+fO/evTNnzgwODl6/fn1vby/1/8WfgwcPRkREzJ49+8yZM/xD6EJCQg4dOjRz5sywsLDNmzc/e/aMoqiBgYHY2FiXyzVlyhRumYtvBtlOVHlvby+/ErEZXC/eeuutoKCgiIiI9evXP3jwANVw5MiRefPmBQcHb9iwobe399NPP42IiAgPD9+yZQs61mJ4eHjbtm0hISExMTFffPHF8+fPxY6iKOrp06cff/xxRETEnDlzvvzyy+fPn/ObCAsL27hx48DAALZf4rJSZlMU9eDBg3fffTckJGTBggXnz58ne0yqEj7YDoo9Kb5fiODg4GfPnnEBhqIot9sdGBhIuH0AALzsyI0xN27cWL16NScjyMFf/8GKmUuJfotFyxFYUXGxmjpBdltsJ4fgsACsGQSVdTnnBUjJhgsWyrAnAshR4JcqK2U2d2ZBe3v7lStX+DEGK6ju9YwAQgcFnpSjfs9x4MCBTZs2ia+DrDoAvDp4/QWNzWbLzs7WarWVlZVIFpsvpS4lZo4V/RaLlksJnfFFxQW/C8PKbmPtJKgYUTJ08lFOr+cFsBKy4QLNeazKmV2erL1XhTS+2YQzC6REorB996qLjvUkWWaNo7y8fM2aNeiQKH42kFUHgFcG79/HJCYmpqen37t3D2kDU/+WUseKmRNEv8UC9QiyqDgCK7uNtZOAfJ18OecFSMmGC7T6pU4EkKMkL1UWazbhzAKsoLpXyXSyJr+vm9a+++67c+fOtba2YiV7QVYdAF4ZvK+VVVRUmEymHTt23L17F10UrP9cuHDh9OnTSUlJbre7uLh4586d3HXlpMjv3r3LCfAh2W2snT5hMBiWL19uMpkYhrly5YpPZZFsOMMwDMOYzWZO9f0F7Cjz1WzsWpnXSqQ66Ad//PFHfn5+XV1deHi4VB7x/QUA4KVEzsuO0+ksKiqiaTo/P5/FSdDzQWLmWNFvgpAlQVRcUEpKdltgJ0tcK5Ojky/OKaWzyeJkw8WOklorkyNrjy0rZTbhzALxWpnMvsvR5BdfFGTo6+ubP3/++fPnCUVAVh0AXhl80MS02+1Go5EVSdBLiZljRb+9xhisqLhAD5wsu43sZH2JMaw8lXVCjBHLhos151nciQCEJgTK5NjTBKTUzqXOLMCCrUSOLjrWk/z75XA41Go1d93j8axZs6awsHCIB/enjo4OZCHIqgPAK4M/ussCKXUpMXOs6Dc5xhBExeXogYvxKcbIUVknxBixbDhWq198IgC5Cb4yOfY0ASm1c+7MApqm4+Pj0ZkFUkhV4lUXnfCVPldwaGhIrVajI3AEr9GoocuXLyclJREsBADgZWQKy7K+Lq8tWLDg3Llzb7755thX6vjcv39/0aJFr5KOhUKOeunYtWuXxWL58ccfpTIMDw8nJCTs27dv27ZtL9IwAACUxp8YoxCvXowBOEZGRhiGWbp0KSHPzz///M4777wwkwAAeDFAjAEAAACUYqznxwAAAACAFJPoPQYAAAB4xYD3GAAAAEApIMYAAAAASgExBgAAAFAKiDEAAACAUkCMAQAAAJQCYgwAAACgFBBjAAAAAKWAGAMAAAAoBcQYAAAAQCkgxgAAAABKATEGAAAAUAqIMQAAAIBSQIwBAAAAlAJiDAAAAKAUEGMAAAAApfgfD068WOno3jQAAAAASUVORK5CYII=) \n--- \n \n**Screenshot:** ![farmiq.co.uk vulnerability](/twimages/screen-1114143.jpg)\n\n**Mirror:** [Click here to view the mirror](<http://1114143.openbounty.org/mirror/>)\n\n### Coordinated Disclosure Timeline\n\nVulnerability Reported:| 9 March, 2020 03:44 GMT \n---|--- \nVulnerability Verified:| 9 March, 2020 03:53 GMT \nWebsite Operator Notified:| 9 March, 2020 03:53 GMT \na. Using the ISO 29147 guidelines| ![](/images/done.png) \n---|--- \nb. Using publicly available security contacts| ![](/images/done.png) \nc. Using Open Bug Bounty notification framework| ![](/images/done.png) \nd. Using security contacts provided by the researcher| ![](/images/done.png) \nPublic Report Published \n[without any technical details]:| 9 March, 2020 03:53 GMT\n", "published": "2020-03-09T03:44:00", "modified": "2020-06-07T03:44:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://www.openbugbounty.org/reports/1114143/", "reporter": "Dipu1A", "references": [], "cvelist": [], "lastseen": "2020-08-18T22:04:25", "viewCount": 4, "enchantments": {"dependencies": {}, "score": {"value": 0.7, "vector": "NONE"}, "backreferences": {}, "exploitation": null, "vulnersScore": 0.7}, "openbugbounty": {"patchStatus": "unpatched", "mirror": "http://1114143.openbounty.org/mirror/"}, "immutableFields": [], "cvss2": {}, "cvss3": {}, "_state": {"dependencies": 1645521171, "score": 1684001907, "epss": 1679002791}, "_internal": {"score_hash": "959f97e735b8b98429dc6fdcea2100f0"}}