Open Bug Bounty ID: OBB-1126916
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:
      a. verified the vulnerability and confirmed its existence;
      b. notified the website operator about its existence.
Affected Website: |
dwarslaesie.nl |
Open Bug Bounty Program: |
Create your bounty program now. It’s open and free. |
Vulnerable Application: |
Custom Code |
Vulnerability Type: |
XSS (Cross Site Scripting) / CWE-79 |
CVSSv3 Score: |
6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N] |
Disclosure Standard: |
Coordinated Disclosure based on ISO 29147 guidelines |
Discovered and Reported by: |
g0bl1nsec |
Remediation Guide: |
OWASP XSS Prevention Cheat Sheet |
Export Vulnerability Data: |
Bugzilla Vulnerability Data |
JIRA Vulnerability Data [ Configuration ] |
|
Mantis Vulnerability Data |
|
Splunk Vulnerability Data |
|
XML Vulnerability Data [ XSD ] |
|
Vulnerable URL:
![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAAA3CAIAAABVZQ1/AAAACXBIWXMAAA7EAAAOxAGVKw4bAAANpElEQVR4nO3dbUxb1R8H8Dss0NHCBms7xoPAdGwxCzYLEoxojCO4EEKK7sFN1C4uGzNISMPmmEYrL5hhjKgviDGYzGjUF3NZCCGYEGIaQubA5lIbZB0z0LEODWCZd1th3e7/xc3/5uY+nN4WLuu27+dVz+055/5+55z29F6grGFZlgIAANBAwoMOAAAAHlnYYwAAQCvYYwAAQCvYYwAAQCvYYwAAQCvYYwAAQCvxu8cUFBSMjo4qFSEexMmkxEkYoIXR0dGjR48SKty9e3f//v1///23yg6xWlZZnO4xf/zxx/3795999lnZIsSDOJmUOAkDNGK32/Pz8wkVEhMTk5KSmpqa1PSG1bL6IuwxU1NTqampsk8tLCycOnVKqbhM3d3d1dXVSsXVNzU1lZ6evgpnURrtB9uhbD/8pPz7778HDx40m83Z2dkffPDB3bt3VzPIFVkbamJQs8L5flZnwciemmxlX6ca4YOcm5vzeDyNjY3CZxcXF/fv3y9MtrGxsb+/X03PD/yd5DEU+3VMMBhsbW1VKi5TvO0xD6m8vLzZ2VmNOucnxW63Ly0t0TQ9MDAwNDT08ccfa3RGchjLoWagVnaFrziVcx3nWXD4IBmGSUlJSU5O5p9aXFzctWtXOBwW1s/IyGAYRk3PeCdZffF4r+zGjRs+n+/ll1+WLUJUhK/PFcRPyp07d9xu99dff52dnb1169aOjo5z585F1ZVOpyssLFxmGLE1F1qRgeJzWU5SMdNoruPKzMxMeXl5e3t7DG3xTvJAqNpjvvjii4KCgg0bNrz11lsLCwsURS0sLOTn5zMMs2bNmm+//VZY7OjoSE1NPX369MaNG9PT09955507d+5w/QwPD7/44oupqanZ2dmvv/76n3/+KXu67u7uioqKxMREUbGmpub06dPcwdHR0eTkZC4YiqKOHDly7NgxcoUtW7aQm4vCuH79+quvvpqamrp169YffviBOxgxhuHh4eeff37t2rVms3nPnj3Xr1+n/n8f49SpU2azedOmTd98843K0ZDtbXFx8d13301NTc3Ly/vkk0/u3bunNLyi+ydKDTlc5TNnzhQUFKSnp7/55pt8aoQ5Wrt27bVr1wwGA3d8YmIiKytLZXac7Ozs33//nXv8yy+/KFXjCesIl4rsGe/du9fc3Lxx40aDwbBnz565uTlKbjqE97hkV69owSuFyueSnZ3922+/qUyKr6A0aNIsCCmoz0I2MKW2smv41q1bR44cMZvNubm5n376KbeihAvJYDDs27dvbm7u2LFjZrN5w4YNBw8evHXrlsogf/75Z1F4eXl5H374IXk8ZceWUrFaVA61+rMDpWaPYRiGpumhoaFLly4FAoETJ05QFLVu3brx8XGj0RgKhWpra4XFmpoahmEuXbo0MjIyMjLidrvb2tq4rqqqqux2u9/vHxwcLCsr0+v1smdUulFWVVXF33Xt6em5f/9+X18fV+zv76+srCRXsNls5OaiMOrr69PS0sbGxnp7e/k9JmIMbrf78OHDMzMzXq83Jyenvr6eH8bx8XGv13v27NmysjKVoyHbW0tLy+3btz0eT19fn8vl+uqrr1QOr1JDHsMwHo+Hm2u/33/y5EnZCaIU7jlcvny5qamJ+4wpG4xZQtSD3W7fuXMnv+WIDA8P79y50263y4Yhe8a2trb+/v7+/n6fz5eVlTU2NsZnKpoO4SBIV69owUcMVWVSooyUZlA2C0IKKrNQCkzp9Ss9Y0NDQyAQcLvdfX193d3dnZ2dfE2apgcHB2maDgQC27Ztm52d9Xg8Fy9enJyc5NdVxCBramoiDq+SGFZLbEMNEbBEk5OTFEXdvHmTKw4NDW3evJl/ymg0CmtyRa6J3+/njp8/f764uJhl2fn5eZ1OFwqFpGfx+/35+fncY4ZhjEbj/Py8tBgIBFJSUrgeSkpKHA7HgQMHuDOmpaUtLS2RK/j9fnJzYUjhcFiv1wuzWL9+vZoYhJ1MTExkZmbyY8InpTQaoiEV4XszmUwMw3AHaZouKSlR2aFsQ2Fl4VwPDg4qzbVojjjT09ObN2/+6aeflILh6oiIKjAM09rampGRsXfvXp/Pxx/3+Xx79+7NyMhobW3lUxCGoXRGi8XidrtFB6XTEXH1yg6CbKhSsjWlGRFeINIsCCmoz0I2MKW20jOGw2Gj0fjXX39xxe7u7tLSUr5mMBjkjg8ODiYkJNy+fZsrDg0NPf300yqDVHpFKL35KI0tq261qBxqiErkPUY0l9xbrexT/LLQ6/X88bGxMYvFwj1+4403rFarw+Fob2//9ddf+TrhcDgQCHCPz58//8orr/BPiYpWq3VgYGBmZiYnJycYDFoslnA43NXV9dprr6mpELE5LxAIiLLgEyd34na7y8vLs7KyTCZTRkYG10r2pSIdDWk1aW/z8/MURZn+LyMjgzC8wg4JDZUmVGmuRZPCKS0t/fLLLwnZqTc/P2+z2XQ6HX9Ep9PZbDb+bUs2DOkZg8GgTqcLh8Oi/qXjrGb1yk6iNFSVSclmJDtoslkQUog2C1FgSm2lDQOBQFJSEl/0+Xz8JyqlhSQsqgkytj0mttXCqh5qiMqq/sz/xx9/7OrqKioqWlpacjgc77//Pnf8iSee2LRpE/eY/BtllZWV/f39PT09VVVV69ats1qtLpdLeKeLXCFiczXIndhstpdeesnlctE03dvbG8NoCEl7C4VCCQkJIyMjNE3TNO3xeGiaVtMhoWG0pDfKbty44fF4hGeUDSbivTKKoq5evVpfX+9yuVpaWviDLS0tLpfrvffeu3r1qlIYhNUVW5oRyYaqsqZsRoQZ1CgL9Sk8RJazWigtF8xjirwFxXYdQwkugS9cuMBfAgvRNJ2TkyM6GA6HTSYTf/UtKrIsOzQ0VFJSUl1d3dvby7JsZ2dnQ0NDZmYmfxlErhCxuTAS4b2yCxcu8IkTOvnnn3+EH2lpmiZcx0hHQ1RNqTej0Si9/6OmQ3JDlXMtnRTuoOiINBhWxb2yuro6o9HocDhmZ2dFT83OzjY2NhqNxrq6OqUwpGe0WCw0TZMzZdWtXlErQqgqkxJlpJSCbBYRr2PUZCEbmFJb6RkJ98pUXsdEDDK26xg21tXCqhtqiErsewzDMDqdjr+Nyxe5pbN79+7p6Wmv12u1Wp1OJ8uyY2Nju3btGhgYmJ2d9fv9hw4dqqqq4nvm7o26XK7t27fzB0VFjsVisVgsXP3p6em0tDSr1aq+AvlZ4S1am80mzEL4OiF0YrFYOjs7g8Ggz+ez2WxKe4zsaNy8eVOn042Pj/NX67K91dXVlZaWer3eQCDQ1tbW0tKi1KH0bVHakE+ZMNfCwGQnRTR05LkmqK2tnZycJFSYnJysra1lJWtD6Yytra0lJSUej2d6epr7wC7NlJXsMdLVy0oWfMRQVSbFZ0QYNGkWavaYiFnIBqbUVvat9tChQ9XV1X6/3+v17tixg7tZGtUeQw7S7/cL76fJJsuy7MTEhPAU0rFVuVpUDjVEJfY9hmVZp9OZkpJy9uxZYfHMmTNGo/Gzzz6zWCzr169/++23uR/3LS0tOZ3OwsLCpKQki8VSW1s7MzMjOktTU9PJkyf5/kVFzoEDB3bv3s0Xi4uLRXXIFQjPipKdnp6uqKgwGo2FhYXt7e3CxAmduFyu4uJivV6fmZnpcDiU9hil0Thx4oRwSGV7C4VCjY2NOTk5KSkplZWV3Kcz2Q5F55U2FL0xEeaaD0x2UkSVCXO9UkRhKJ0xHA4fP37cZDLp9XqbzcZ9YCfvMbKrlyNa8CuLMGjSLCLuMTFnodRW9q2WYZjDhw+bTKacnByn08l9NlK/x0QMsqurS6/XS3+lQnSKc+fOFRUVEcZW5Wph1Q01RCXCHhOD5UxJYWHhxYsXlYoQD+JkUjQK49F4Q1lOFqs2AipP1NDQIP0FE6FQKJSfn9/V1UWoEyeL9vGkW92f/kRw+fJlQhHiQZxMSpyEAVprb28n/3JKcnLy999//8ILLxDqYLU8QPH4XTIAAJzExMTnnnuOXIe8wcCDhT0GAAC0soZlWcLTU1NT27dv/++//wh1FhYWOjs7m5ubVzo2AAB4uEXYYyiKWlxcJH+fq5p9CAAAHkOR75U9Dl8YDgAAWlD7fzCX+Z3nAADwGIriZ/4r/p3nAADwaIvu98o6Ojpyc3OfeuqplpaWnp4e7iD3rxeSk5O575KbmJgoLy+vqKjYt2/flStXVjxiAAB4WESxx+j1+tzcXO7xtm3b/H6/bDWDwdDc3DwxMbG0tPTMM8+sQIwAAPBw0uTvYx7JLwwHAIBoRbHHhEKha9eucY99Pt+TTz4pW+3o0aNWqzUzM9Pn8+GPZgAAHmfRfV+Zw+H4/PPPg8Gg0+m02WzcQZPJFAqFrly5smXLFoqiGIbxer15eXkrHywAADxUoriOMRqNxcXFO3bsKCsrKyoqOn78OHfcYDB89NFHVquV+93l7777DhsMAABQav7On4M/5gcAgGjhOzEBAEAr2GMAAEAr2GMAAEAran8eAwAAEC1cxwAAgFawxwAAgFawxwAAgFawxwAAgFawxwAAgFawxwAAgFawxwAAgFawxwAAgFawxwAAgFawxwAAgFawxwAAgFawxwAAgFawxwAAgFawxwAAgFawxwAAgFb+B35UZMw+xgHsAAAAAElFTkSuQmCC)
Screenshot: ![dwarslaesie.nl vulnerability](/twimages/screen-1126916.jpg)
Mirror: Click here to view the mirror
Coordinated Disclosure Timeline
Vulnerability Reported: |
28 March, 2020 20:25 GMT |
Vulnerability Verified: |
28 March, 2020 20:38 GMT |
Website Operator Notified: |
28 March, 2020 20:38 GMT |
a. Using the ISO 29147 guidelines |
![](/images/done.png) |
— |
— |
b. Using publicly available security contacts |
![](/images/done.png) |
c. Using Open Bug Bounty notification framework |
![](/images/done.png) |
d. Using security contacts provided by the researcher |
![](/images/done.png) |
Public Report Published |
|
[without any technical details]: |
28 March, 2020 20:38 GMT |