logo
DATABASE RESOURCES PRICING ABOUT US

zb.eco.pl Cross Site Scripting vulnerability OBB-1126611

Description

Following coordinated and responsible vulnerability disclosure guidelines of the **[ISO 29147](<https://www.iso.org/standard/45170.html>)** standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence. Affected Website:| **[zb.eco.pl](<http://zb.eco.pl>) ** ---|--- Open Bug Bounty Program:| **Create your bounty program now**. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| **[XSS (Cross Site Scripting)](<https://www.owasp.org/index.php/Cross-site_Scripting_\(XSS\)>)** / CWE-79 CVSSv3 Score:| 6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N] Disclosure Standard:| Coordinated Disclosure based on **[ISO 29147](<https://www.iso.org/standard/45170.html>)** guidelines Discovered and Reported by:| **g0bl1nsec ** Remediation Guide:| **[OWASP XSS Prevention Cheat Sheet](<https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.md>)** Export Vulnerability Data:| Bugzilla Vulnerability Data JIRA Vulnerability Data [ Configuration ] Mantis Vulnerability Data Splunk Vulnerability Data XML Vulnerability Data [ XSD ] Vulnerable URL: ![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAAA3CAIAAABVZQ1/AAAACXBIWXMAAA7EAAAOxAGVKw4bAAAN+0lEQVR4nO3df0wTZx8A8BMLVnpEKW1FihYYQWIMaxxjnWOJUbOwhbhuU6cJmzUSBkZN0zFmnXFds+DGwGW/jFnc4uaS7Q9jCNkfbiFu6whzgs1ZO8QODZRS2VY6cKeWWtb3j3u99977zbVXC34/f/W5Xp/7fp/nKV/uWo4F8XgcAQAAAGSQcb8DAAAAMG9BjQEAACAXqDEAAADkAjUGAACAXKDGAAAAkAvUGAAAAHJJixpTXFx86dIlruYckp6Rp2dUDyCYiDnk0qVLTU1N9zuK+eD+15jLly//+++/Dz/8MGtzDknPyNMzqgcQTMTcYrFYioqK7ncU84FAjRkZGcnJyWF9ampq6siRI1xN8bq6ujZv3szVFBlMirFGwhN5KsOgSc14iuzq77//3rVrl1ar1ev1r7/++t27d5Ny9NRIcLiSsjxExiD4ZiT7GRkZyc3NTTCqWUlWCgn2z3/EiYkJj8djtVol9ANopJ/HTE5Otra2cjXFE19j0lx6Rs4TlcFgCIVCqQzGYrFEo1EMw86dO9fb23v48OFUHv3+SsryEDllkt+MKZC2KVCPiON4dnb2okWLUhnAfHWfr5XduHHD5/OtX7+etTmHpGfkglGl8l10584dt9v96aef6vX6VatWHT169PTp0yk7euIUCkVZWZm01yZxeSRlyshcEklKMvjZ/UARVWM++OCD4uLivLy8l156aWpqCkGQqampoqIiHMcXLFjwxRdfUJtHjx7Nycl57733li1blpubu3Pnzjt37nD13NXV9dRTT2VmZjKbC/4f+ZJ3332Xp+fp6endu3fn5OQYDIY333xzZmaG2D4zM2O325ctW6ZSqbZu3ToxMYEgyK1bt1555RWtVrtixYq33nqL3JlEnHeLyYUaeV9f35NPPpmTk6PX61944YUrV67wxNbX1/f4448vXrxYq9Vu3bp1bGyMPO6RI0e0Wu3y5cs/++wzrhRYZ0dkVNSrCsTjjo6O4uJilUr14osvTkxMvPbaa1qtNi8vb9euXbdu3RI/IKyZLl68eHR0VKVSEfsMDQ0VFBTwdMgcGdZh4RlAwXR4JotJr9dfvHiRbH733XdcezJ3ELM8mPPLzJc5Zcyho703WeMkc9Hr9b/++quEjFizkCkFrthYp56GdSkyo2IeESSLcI3BcRzDsN7e3gsXLgSDwQMHDiAIsmTJksHBQRRFI5FIXV0dtfncc8/hOH7hwoX+/v7+/n63293W1sbVOc+Fssg9LS0t27dvJ4Ppv4e1Z6fTefv2bY/Hc/bsWZfLdfz4cWJ7W1tbd3d3d3e3z+crKCgYGBhAEGT//v3BYNDtdp89e7arq+vYsWOs6YvJhRp5bW2txWLx+/09PT3V1dVKpZInNrfb3dDQMD4+7vV6CwsL9+7dSx53cHDQ6/WePHmyurqaKwXW2ZlVVNRMMQzr6enBMCwYDJaXl4dCIY/Hc/78+eHh4YMHD4ofEK5ZIF29erW5ubm9vZ2nQ9aRYQ4LzwCKSYdrWLQMtBQsFsvGjRupVYfU19e3ceNGi8Uyq4ngml9avrQpYw4d7b3JE2ciGbFmIVMKXLFxTT0V11KkRcU8IkiaOK/h4WEEQW7evEk0e3t7S0pKyKdQFKXuSTSJl/j9fmL7mTNnKisricd+v7+oqIh8CY7jKIqGw2HWJsHr9a5cuTIUCvH3TNJoNDiOE48xDKuqqiIe63Q6t9tN3TMWi6Eoev36daLZ1dVlMplY02cekZY7NfJwOKxQKCKRCHMwuWIjDQ0N5efnk8elDQUzBZ7ZERMVNQuiq8nJSaLZ09OTkZFx+/ZtsufS0lLxA8KfaSAQKCkp+eabb3g6ZB0Z1mHhGUDBdHgmK8BA2wHH8dbWVrVavW3bNp/PR2z0+Xzbtm1Tq9Wtra3kCIhcHlzzS82XOWWsQ0fdjTVOVuIz4spCphTEZEGdesGlyLqQaIFROwGJEK4xtEKydOlSrqfIGqNUKsntAwMDOp2OeByLxYLBIPnUmTNnNmzYwNUkrFu3rrOzkzwEV8+EcDiMIIjmHrVaTewwOTmpUChisRh152AwmJWVRTZ9Ph+xRmnpsx6Rljst8u3btxuNRpvN1t7e/uOPP/LH5na7N23aVFBQQGwkhpe5xFlT4JkdMVHxvKloXZFNMQPClSnJZDJ9+OGH/CPMOjKs73wxA8iVDuuwzEo4HDabzQqFgmgqFAqz2UzWNoKY5SFmfuOMKeMaOuYLaXEmmBFrFnKnwIxNcOq5liJr51BjZKKQ9yzp/y1cuHD58uVkU/AbZZ988klJScmzzz4rsv9IJJKRkdHf369Q/DevjIz/XQxcuHCh9NB50SL/+uuvL1686PV6g8GgzWZbt27dRx99xBWb2Wyur68/fvy4UqkMBAI1NTU8B5pVCoJRNTc3zy5Pcfhn4caNGx6P55dffhHsR+TIzGoAmVgnC0EQ5sWxv/76i7bl2rVrhw8fdrlcTqeT2OJ0Otvb2/fs2eN0Oh966CFio5jlQTwl0xJlxil+T9aMWLN4++235UuBNTbBqedfiiBF+EuQtPMYhHL+29nZyXr1IxaLaTQa8lIVrRmPxwOBQHl5Oe0sW7BnFEVpZ+sEnU6HYRgtgNleKyOPSM2dGTkVhmGFhYVcsf3555/UXy0xDOM6j2FNgWd2xEQl7TxGcEBYMyXFYjFqVFwdso4Mc1hEDiDPeQxzWIjHgtfKGhsbURS12WzEhVxSKBSyWq0oijY2NsZnszwE5zfO+F2b6+1A3Y0rTiaRGfFkIVMKrLGJnHrWpQjnMakkvcbgOK5QKMhro2STWDdbtmwJBAJer9doNDocDrIH8hquy+Vas2YNuZ3WjMfjzz///OnTp8lP/uP3ViRrz2S3jY2NJpOJ+PWqra3N6XQS21tbW6uqqjweTyAQ2Lt3r8vlisfj9fX1mzdv9vv9Xq937dq15AUcsjeuI968eVOhUAwODsZiMVrkAwMDNTU1586dC4VCfr+/vr6+traWJzadTnfs2LHJyUmfz2c2m3lqDDMFntkRE5XkGsM/IDyzQBte/jlljgxX6RUcQK50eCZLUF1d3fDwMNezw8PDdXV1cXETQTwlOL9xth/QrENHfW/yxykhI54sZEqBKzbWqRezFFkXEvWIfr+fehEPJEJ6jYnH4w6HIzs7++TJk9RmR0cHiqLvvPOOTqdbunTpyy+/TH7WSu2tubn54MGDZFe0ZpzxH6DJl7e1tdF6pnYbiUSsVmthYWF2dvYzzzxDPU9qaWnRaDRKpdJsNhO/DeE43tDQoNFoCgsLHQ4HsSiZP3lZczlw4ACROy3yaDTqcDjKysqysrJ0Ol1dXd34+DhPbC6Xq7KyUqlU5ufn22w2nhrDTIFndsREJa3GCA4Izyyw9szVIXNkWIdFzABypcMzWckifnkIzm9c9OKMM96bycWVRYpTYJ36uIilyHWaQh4xEokolUr+r0gAkQRqjAQiTzPLysrOnz/P1UwTYnJJz8hliirp1xDm/UUJ+ZbHPBi6dE5h//79zK8gAQlS+pk/1dWrV3mac0h6Rp6eUT2AYCLmqPb2dgzD7ncU84GUb1ncvXt3x44df/zxh8j94ZbmAIC5JTMz89FHH73fUcwHUmpMZmZmVlaWyG++wi3NAQDggSWqxkxPT+/YsYN6x2yr1drd3c26s8Fg+Oeff8hmym5pLvlm4DxouYCkDwiMsGTzYOjmQQpAkHCNmZ6erqmpicVi1I1qtRrHcTEHSNktzdP5fuYAAPBgEq4x4+PjmzZtIm5fOFvpdktzAAAAqSRcYwwGwxtvvCG+R1lvaZ7gzcABAACkUjLv3pOaW5oncjNwAAAAKSXy72i47k5GSNktzYeTdzNwAAAAckvOeczq1auj0ej169ftdjv5jw6///77qqqq3NxcBEFyc3O3bNliMpleffXVjo6On376idhnamoqHA5XVFTQOkRRlHghk1KpXLFiBfG4vLzc7/ez7qZSqex2+9DQUDQaXb16deI5AgAAmK3k1Bin0+lyufbs2XPt2jVyI/OW5idOnKioqIhGozabbd++feRT8t3SnLgxn+AtzQEAAMghOTXGbrf7fD6dTmc0GpuamhAEmZmZ+fbbb2nfWn7kkUd27txpt9s///zzzs5OBEGWLFmiVqtndReASCQyOjpKPPb5fCtXrmTdrampyWg05ufn+3w+u90uMTEAAAAJkFhjYrEY+W9/CHl5ee+//77X6yX+bqa3tzc/P7+4uJh49sqVK08//fQPP/wwMTExOjr68ccfG41G4imr1drQ0HD58uWxsbF9+/b9/PPPgke32WxjY2O//fabw+Gora0lNmo0mkgk8vvvvxNNHMe9Xm9HR0deXp60HAEAACRIYo3BMIz1BMJgMJw6dQphXCgrLS01mUyNjY0FBQWVlZWRSOTEiRPEUy0tLevXr9+wYUNpaWkgEBD87ARF0crKyrVr11ZXV1dUVLS0tBDbVSrVoUOHjEYj8d3lU6dOGQwGadkBAABIigVxxn9qETQ9PV1eXn7o0KHdu3dz7bNq1aovv/zyscceSyw8upGRkTVr1sD9JwAAYE6Qcm//RYsWffXVV0888QTPPnBLcwAAABKvlfEXGAAAAABJ7t/5AwAAAFRSPo8BAAAAxIDzGAAAAHKBGgMAAEAuUGMAAADIBWoMAAAAuUCNAQAAIBeoMQAAAOQCNQYAAIBcoMYAAACQC9QYAAAAcoEaAwAAQC5QYwAAAMgFagwAAAC5QI0BAAAgF6gxAAAA5AI1BgAAgFz+A4mZb6SqkZXJAAAAAElFTkSuQmCC) --- **Screenshot:** ![zb.eco.pl vulnerability](/twimages/screen-1126611.jpg) **Mirror:** [Click here to view the mirror](<http://1126611.openbounty.org/mirror/>) ### Coordinated Disclosure Timeline Vulnerability Reported:| 28 March, 2020 19:43 GMT ---|--- Vulnerability Verified:| 28 March, 2020 19:52 GMT Website Operator Notified:| 28 March, 2020 19:52 GMT a. Using the ISO 29147 guidelines| ![](/images/done.png) ---|--- b. Using publicly available security contacts| ![](/images/done.png) c. Using Open Bug Bounty notification framework| ![](/images/done.png) d. Using security contacts provided by the researcher| ![](/images/done.png) Public Report Published [without any technical details]:| 28 March, 2020 19:52 GMT