logo
DATABASE RESOURCES PRICING ABOUT US

aligator.cz Cross Site Scripting vulnerability

Description

Open Bug Bounty ID: OBB-1129210 Following coordinated and responsible vulnerability disclosure guidelines of the **[ISO 29147](<https://www.iso.org/standard/45170.html>)** standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence. Affected Website:| **[aligator.cz](<https://www.aligator.cz>) ** ---|--- Open Bug Bounty Program:| **Create your bounty program now**. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| **[XSS (Cross Site Scripting)](<https://www.owasp.org/index.php/Cross-site_Scripting_\(XSS\)>)** / CWE-79 CVSSv3 Score:| 6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N] Disclosure Standard:| Coordinated Disclosure based on **[ISO 29147](<https://www.iso.org/standard/45170.html>)** guidelines Discovered and Reported by:| **roker ** Remediation Guide:| **[OWASP XSS Prevention Cheat Sheet](<https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.md>)** Export Vulnerability Data:| Bugzilla Vulnerability Data JIRA Vulnerability Data [ Configuration ] Mantis Vulnerability Data Splunk Vulnerability Data XML Vulnerability Data [ XSD ] Vulnerable URL: ![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAAA3CAIAAABVZQ1/AAAACXBIWXMAAA7EAAAOxAGVKw4bAAAT70lEQVR4nO2df0xTV/vAr1ihQPlVSkWoE8jGiCFIDGPo0BjGqwwJ6xgiIiL+iCJhiAQdonPMMTQKxDFlxKBRQzayIGPEGGfQGUaIIsPKKquIiFhqh4CFVWxL9X7/OO97cnd/UbFV8Pt8/uo59znnPM9zz73PPefcezqDJEkCAAAAAGyA3etWAAAAAHhjgRgDAAAA2AqIMQAAAICtgBgDAAAA2AqIMQAAAICtgBgDAAAA2IqpG2P8/f1v3rzJlQQmwTT1oYVqT1PrAODNZorGmD///PP58+cLFixgTQKTYJr60EK1p6l1APDGM0GMuX//vouLC+uhkZGRAwcOcCVfkoaGhvj4eK7k64LmDR7nTIh13WUJyIcvozMNS0ywvP9wgU/948eP161b5+np6evr+/nnn4+Pj3OJbdiwwcvLiya2Y8cOR0fH06dPW6IqTe2XOVmTK2vF02R1sG7379/38PCwdXPfffedv7+/s7Pz+++/f+nSJVs3B1gfkpfe3l6RSGTJIR7JSRAeHn7x4kWu5OuCaaPBYLBWVbYG+dCK7VpSleX9hwt86uVyeUpKilqt7uzsjIiIKCwsZBWLj49HYiqVKjIyMj8/nyTJwcFBOzs7hUJhNpstUdWKfXtyZV9997AcrFtvb6+7u7tN2yovLw8ICLh8+fLg4GBtba1EImlubrZpi4DVmYoxRqPRuLu7m0wm1uRr5BXfoK0I9uH0ijFYbYPBIBAIdDodym9ubp4/fz5TbGxsTCaT6fV6lN/a2vr2229PQlWIMTyo1eqFCxeiH+Hh4TZty8fH5/LlyzhZWVkZFxdn0xYBq2PResy3337r7+/v6em5bt26kZERgiBGRkb8/Pz0ev2MGTNOnz5NTZaVlbm4uBw+fHj27NkeHh7r169/+vQpquf69etLlixxcXHx9fX99NNP//rrL9bmGhoali9fPmvWLFryk08+OXz4MMq8efOmg4MDUoYgiK1bt+7cuZNf4J133uEvTlPj+vXrixYtcnR09PLyWrVqVX9/P02AOqHx8OHDlStXuri4+Pv7l5aW4jkE1kpo3iMI4smTJ1u3bvXy8po7d+5XX3317NkzVPmBAwe8vLzmzJlz4sQJWuvPnj3bvXv37NmznZ2dV61aNTQ0hPJn/BtWlyJu3brl6en5+++/oyRTB2xjaWmpv7+/h4fH2rVrWTuAJe6iNkcrfuzYsRUrVmDJPXv2rF+/nqq2wWB4/vy5vb09EhAKhWNjY1geizk6Oj548MDZ2Rnld3d3+/j4DA0NUdtiTnjyT/gwLTUajZs2bXJxcZk3b96XX36JHHXv3j1nZ+cbN24QBDE0NOTh4fHbb78xy9JAyrBeLATbdcfVK1idz3W5serPCqtRvr6+f/zxB0EQvr6+165dQ5K//vorjw+pAqxarV69+ptvvsHCixYtQncVjUYTGRmJ8zdu3Hj06FH+hoApB38I6u3tJQgiPT1do9F0d3dHRUVlZGSgQyqVSiQSGQwGNP+Akz09PQRBJCYm9vX1dXd3BwcH42kNqVRaVVU1PDzc09NTVlbW09PD2mhsbGx1dTUzWVVVtXz5cpRZVFQkEAhqampQEg2o+QXy8vL4i9PUqKysPHnypE6n02q1OTk5crmc5/E2ISFBLpdrtdru7u6QkBA8h8CshNV7GzdujIuL6+vrUyqVCxcuLC8vR55PS0vTarUXLlxQqVQ09YqLi8PCwjo6OtRqdXZ2dlNTE8o3/I9du3YlJyfTfIh11ul0gYGBx48fxxUydcAdIC0tTaPRdHV1RUZGZmZmsprAailPc9TiarVaKBSOjo6iQ8HBwfX19bSeEBYWlpOTYzKZRkdH4+LiEhMTuToMrt/Hx6e1tZXWFvMkopPFM46hWVpQUJCcnNzT09PZ2bls2bKjR48isaKioqVLl5IkmZmZmZKSwlqWBnIv82Lhuu64egWr87kuN1b9JQx4jGLi7e0dFRXV1tbGPNTa2hoVFeXt7Y2SrFrV1taGhYUhAY1GIxQKdTod6hVcLQLTBYtiDL74W1paAgIC8CHWGy4q0tfXh/Lr6upQ7xkeHhYIBKwLGH19fX5+fui3Xq8XiUTDw8PMpEajcXJyQjWEh4fn5uaiTt/b2+vq6moymfgF+vr6+Ivz+KG7u9vb25vLZLPZLBQK8TVcV1fHOk+NKmF6z2w2i0QiXLyhoSEiIgK5EfuBiVQqbW9v5zqqVCrfeuutwcFBmg9xu7GxsThacOlAMjpAc3MzVwdgtZSrOWbxiIiI2tpanG8wGGg9obOzMzQ01N7e3snJiSAIvD5HE0Oo1eqAgAD8DME/DzZhjKElJRIJno5TKBR4vshkMgUFBRUWFkokEq1WO6GXSO6Lheu6m7BXkP9zPs/lxqq/mgGPUUz0en1xcbFYLE5KSurq6kKZXV1dSUlJYrG4uLgYtcil1djYGLpCSZKsqKiIj4+nuS4vLw9FPtz9gOnCi63HUFf5eGIM9emjs7NTKpWi38nJyaGhobm5uSUlJVeuXMEyZrNZo9Gg33V1dVFRUfgQLRkaGnr58mWtViuTyXQ6nVQqNZvNVVVVCQkJlghMWJxKe3t7dHS0j4+PRCIRi8Xu7u5cJms0Gnt7e6rJ2EvMSpjeoxXv6upixjMaOp1OIBDwrGAvXrwYDQVoPkTVFhQU2NnZnTx5Esuz6kC+SAdgtZSrOWbxgwcPpqenkyR59OjRpKQkknHqseFlZWX4mZdLLCIiAo3DmG29ZIwZHh4mCAI/7IvFYty9SZJsbGwkCIKrafLfwwWS+2KxREkqrM5nvdz49WeFaRQXw8PDcrlcIBCgpEAgkMvleBUNwXUTSE5ORk1ER0ejUSl1HIOGNVevXrX1WwaA1Xml38f8+OOPVVVVISEhJpMpNzf3s88+Q/kzZ86cM2cO+s3/1nJsbGxjY+O5c+fi4uLc3NxCQ0ObmpoaGxtjY2MtEZiwOBW5XL506dKmpiaFQnH+/PnJmWyVSriYOXMma/6xY8cCAgI+/vhjlKT5cGxsrK6urqamJj8/H69IvTxcllrYXEJCAip17ty5hIQEptoIJyenI0eO7Nu3D+cwxR4+fNjR0YF7l3UxGAx2dnZtbW0KhUKhUHR0dCgUCnxUq9Xa2dlptVqu4goKVtSK1fmslxuX/l4MLDcKcffu3aysrKampv3796Oc/fv3NzU1ZWZm3r17F4tx3QSSkpLq6+sfP37c2tqKTigazqK3z93c3Hx9ffEoFphO8IegyY1jCMrwv76+nvrUiVEoFDKZjJZpNpslEgmesaElSZJsaWkJDw+Pj48/f/48SZIVFRXZ2dne3t54GMQvMGFxzMDAAH4cQ9ryjGPQXFlvby/Kx3NlrJUwvcc1V8b/ZpFUKlUoFMx8tVodFBSEp1NoPuzt7RUIBJ2dnSRJxsXFZWVl8ehAWtwBuCzlao5ZM0mSwcHBjY2N7u7uo6OjzFOPOH78OHqpidU6nEnLobY1OjpqZ2dHnf170bkykUjEOkup0+m8vb1ramrEYjEymdVMmmKsF8sLjWN4uhk1E19urPpzzZWxGsUkIyNDJBLl5uai6VnM4OBgTk6OSCTC67hcWhkMBrFYfOTIEeqkgo+PD3WsU1JSEhMTw6UDMDWZfIzR6/UCgQDPveIkXsZUq9VKpTI0NBQtY3Z2dsbExKBX3fv6+jZv3kx9DRFN0TY1NQUHB+NMWhIhlUqlUimSV6vVrq6uoaGhlgvwH6XOFEul0oqKCp1O19XVJZfL0b1PIBCoVCo0SUV1TmJiInopQKlUUtf8mZWwem/z5s3x8fG0NX/m3YSqXnFxcXh4OFrzR8+PKD8hIaG2thav/NN8SK1WpVIJhcKOjg4uHcgX6QCslvI0RytOkuS+fftCQkJQr2A99WazOSAgoKGhAeewipGM75ZoVoSHh2/evFmr1aK3GJCq1JNLO9E0VTMyMiIiIpRKpUajOXTo0P79+1F+ZmYmmuUrKipatmwZl5k0xVgvlhedK2M6n+dy49KfFVajmKSmpuJnLFYzU1NTyYluAikpKa6urj/99BPOwd/HDAwMVFdXi8XilpYWHm2BKcjkYwxJkoWFhU5OTqdOnaImS0tLRSLRwYMHpVKpu7t7Wlra2NgYSZImk6mwsDAwMNDe3l4qlaampjLXRfPy8goKCnD9tCQiJSWF+k5RWFgYTYZfgOcozdimpqawsDChUOjt7Z2bm4sMz8/PxyZT5bVabVxcnEgk8vPzO3jwIPYSayVM7+n1+i1btkgkEplMVlhYyHz9iame2WzetWuXRCIRCoVyuRw/P9LGqTQf0irJzs5Gbw2x6sCU5+kArJbyNEcy+g+atEFJ1lN/5swZ6iCGS6yX8W0gTQ30ppZIJJo/f355eTkWpp5c6m+aqgaDIScnRyaTOTk5xcbGojFTW1ubSCRCIxKDweDn53fmzBlWM5mKMS+WF40xTOfzXG6s+rPCY9Tk4NGKJMn6+nqRSIQ8gCkvL/fz87O3t1+4cCHz5U9g6jNBjJkEL/P5WGBg4NWrV7mS0wWVSjXhOuorYxr5UK/XC4VCNMtnodrTyDpWXuZiAYBpgeBVrv1MyO3bt3mS0wWFQhEQEPC6tfgv08iHFy9ejIyMRF9EWqj2NLIOAP5/MkX3XZ52fP311ydOnHj06NG1a9cKCgpWrly5bds2a1U+Pj6+Zs2av//+21oVTkFGRkbQW8uvWxEAAKwJxBjrsGzZsoqKCplMlpqamp2dffbsWT8/P2tVPmvWLHt7+7y8PGtVOAXBCxKvWxEAAKzJ9Igxr2YX8ZchJCQkMTHRaDTeuXMnNTW1o6MjJycHHzUajWvWrKFuk/Xo0aO1a9einep37NhhNBpR/u3btz/66CM3N7fZs2dv2rQJf1CSk5ODPoV7UzEajWfPnnVwcHjdirxS5s2b988//7xuLQDAhkyPGDP10el0xcXF6Lder3dycsK3S6PRGBMTYzabqfJpaWlCoVCpVDY1NXV0dOzduxflx8bGymQylUrV3t5uMBgyMjJQvlgs1uv1r8oaAAAA6zC11vzfSLRabXR0dGpq6oULF1DOkydPrly5Mjg4iHYIPnjwYEpKyuHDh41GY3Z29saNG9GIJz8/n3UDAgAAgOnCxOMYrm3nmfu9v2g9KJ9rT/j+/v4VK1a4uLi8++67P/zwA0/NXBuks26EPuEO9s7OzqtXrx4aGtq5c6eXl5enp+eGDRuePHnC0xD/Fu7z5s3bs2cPNcfZ2fnp06d4C3qTyYR2rXdwcNi+fTsKMOPj49XV1VFRUUx7J9xHHQAAYIowcYzJzs7WaDTt7e0XLlxoaGioqKggCEKv13d0dLS0tLS2tvb19RUUFEyuHoIg2tvbt2zZotVqlUqlTCbLyspC+VlZWa6urp2dnefPn6fGGNaNlfR6fWtra1tbW1tbW3t7+6FDh5CwXq9XqVRKpfLUqVPojyi41NDr9QqForm5WaFQaDSaoKCgwcHBjo6Oq1ev9vb2YgNZG3Jzc8NbuKemplrkeApFRUW0te6ff/7ZycmptbX1+PHjTPn09PQPP/wQ/YcHAADAlIb/8xmebedZ93snOT4r49oOiwbeEx7tAEbd8xx/jM3cWIl/g3TqRuj8O9hT/2bRzs4Of2/c0tKC/06RtSGa1awe4PrarrCwMDo6mraD8tjYGNolpbKyklmcdR91AACAKcgE45iBgQGTyeTv74+SQUFB6D4rEonwW1IymQxtGD6JegiCuHHjxn/+8x9fX18vL6/w8HCDwYDkCYKYO3culsdV+TIgCEIoFFKF+/r60G+RSER9IY1HDZFI5Obmhi1ydXV1dHRESR8fn8HBQfSbq6HJ8csvv5w5c6ampoa2g7Kjo+OSJUsOHTrEOo5xdnbevXt3d3e3yWSaP3/+yygAAABgU17/e2Uvuvs9zybk04tbt25lZGTU1dV5enqinPHx8evXr2OBgIAAjUbDWpa5jzoAAMAUZIL3yqRSqb29/b1799Czv0qlmtynhVz1PHr0SKPRfPHFF0gMDxekUilBEA8ePECDhq6uLlwV8483zGazwWCgCr/11ls2MsfChibk8ePHcrm8rKxswYIFOPP58+eLFy8eGBhAYy+u+rdt21ZdXb1ly5auri4cnwAAAKYgE4xjZs6cmZycnJOT8+DBg1u3bhUWFqakpFhSr/HfEATBWo+Xl5dYLP7+++9HRkbu3LlTWFiI242JicnNze3v70fyuGbWuTKCIKjCcXFx1jWHCmtDEonEYDDcuXOHIAg7Ozva1zA0nj17lpSUFBsbm5CQQHWRg4NDTExMZmZmf3//zZs38/Pz09PTURGz2SwQ/PeBQK/XK5XK0tJSCDAAAEx1JlyxmXDbedpW6niFg0plZSXr1vEk9+73arV6+fLlIpEoMDCwpKSE5z9WLdwgncscpiTTIurO6syGEHgLd4PBIBQKaavxtJcCaP7BzQ0MDCQnJ7u7u8tksqKiIly8trY2JCSEywMAAABTkxkk4x9Hph33798PDg5+BXtyWN7Q9u3blUrlpUuXrNKu0WgMCgrau3fvpk2brFIhAADAqwG+87cJJSUlVvzDdgcHh+rq6g8++MBaFQIAALwaXv97ZW8ks2bNeu+996xYIQQYAACmIxBjAAAAAFvxJqzHAAAAAFMTGMcAAAAAtgJiDAAAAGArIMYAAAAAtgJiDAAAAGArIMYAAAAAtgJiDAAAAGArIMYAAAAAtgJiDAAAAGArIMYAAAAAtgJiDAAAAGArIMYAAAAAtgJiDAAAAGArIMYAAAAAtgJiDAAAAGArIMYAAAAAtuL/ADsMXzXWWjtwAAAAAElFTkSuQmCC) --- Research's Comment: ![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAAAjCAIAAADNIk3yAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAHhklEQVR4nO3cX0hT/xsH8DO1/TnM/5uZTZ12kYRFgoRRCOFNiFFdVGamYLFASmSMscJsWZSkDtNVIyQMujHSCy/MC4tQsTCxYSqWYc65GaXWbNlJp/4uPr8O+262nVnnG3x9v67Oec7n33MGezjnMxWsrKxQAAAAPAj62wsAAID/LNQYAADgC2oMAADwBTUGAAD4ghoDAAB8QY0BAAC+oMYAAABfUGMAAIAvnGpMfX39li1bRCJRWlra48ePeV2Qw+G4fv06RVEWiyU0NHTN43h3t1gskZGR7LHATXx8/Pnz5xcXFznOG+ja2KTW0NdjXoFA8Pr1a494U1MTm1pAo5GVeCzpN+88AADLf42pr683GAx3796dnJzUarX5+fldXV38LejLly/Xrl3jb3yWVCplGIZhmPn5+ba2tmfPnlVUVHDsm5iYOD09zX2uP5uUwWDwiNTW1q5hnECzAAAIlP8aU1lZee/evaysLLlcfvz48fLy8hs3bvwLK/sXiEQikUgkkUi2b99eXV396NGjgPrytzAfQkJCHj58ODU1xUaeP39uNpvXNtrfygIA1gk/NcbhcNjt9r1797KRzMzM4eFh6ucblaqqqo0bN0ZGRhYWFn7//p20+fHjx6lTp0JDQxMTEy9durS0tMS2r6mpSUpKioyMPHHihMPh8J5OqVQ6nU6BQNDc3ExR1M2bN5OSkqKjo0+ePOneftUpfodYLGYYhmNjj7dM3JO6f/8+Ca6aF5ekxGJxTk6O0WhkI7W1tXl5eezpt2/fzpw5I5fL4+PjL1++zA4i+CeK8zuxly9f7t69WyKRyOXyI0eO2Gw2jncJAMBPjXE6nWKxeMOGDWwkLCxsbm6Ovdrb29vX19fX19ff388+31RUVMzPzw8MDLS3t3d2dppMJrb9wMBAT09Pb2/vxMTEhQsXPKYLDw8fGRkhb7EOHz7sdDrNZjNpb7fbdTod2/JXU6yNw+HQ6/XZ2dlr6BtQUvn5+aTLqnlxTEqj0ZhMJlLRrVZre3t7cXExe7WkpMRut/f397e3t7e2tt6+fZvEmZ+0Wm1ubi73BPv7+1Uq1YcPHwYHBxUKxdmzZ7n3BYD1bsWn8fFxqVTqHhkbG4uIiCCXKIqamJgg8ZaWlvT0dHIsk8mcTic5NpvNu3btYtvPzc2ReHd3d3Jyso8ZPdr39PS4t191Ct8rHx8fJytnB5f9JBQK8/LyyIDeHbkv0m9SvvPinlRmZqbRaFxZWdFqtSqVik3N5XJJpdKxsTHSvrW1NSMjw32EwcHBhISE6elpjyzcU/ZxB969excbG+v75gAAsEJ8V6CQkBCXy+UeWV5eDgn5fy+xWBwfH0+OU1JSJiYmKIr6/Pnz9PS0Uqn0bi+VStmXMwqFYnZ21vfs7u3j4uLY9j6m4I6mabKN0dHRodPpGhoaJBJJoINQgSdF/SKvgJLSaDRqtbqgoKChoaGnp4eNf/z4cWFhISkpiZympKSQksZSqVR1dXXR0dGc86NevXql1WqHh4cXFhaWl5eXl5e59wWAdc7PVzN5w7O4uMi+LpubmwsLC/PRhWGYoKCgvr4+9isyKOgP/xUOlylommYYZmlpKTg4mEScTidN02yDoKCgzZs3UxRVWFhYXV3d0NBw7ty5P7vOgAR03w4cOKDVao8ePZqRkbF161aLxcJlilu3biUnJx88eDCghR06dOj06dMmk0ksFk9OTu7fvz+g7gCwnvmpMeHh4XFxcd3d3fv27SOR7u7ubdu2kWOGYaxWK3mUefv2bUJCAkVRmzZtoml6dnY2LS2Np0VzmUIul0dFRb148WLPnj0k0tnZuWPHjlUbl5WVaTQalUr1F39nFeh9U6vVKpWqo6PDPRgTEyMUCt+/f08eZUZGRtgHI5vNZjQa3R96uPj06ZPdbr948SI5xW+dASAg/p8wdDpdUVHRkydPZmZmmpqa9Hq9Vqtlr6rVapvNNjQ0pNfrc3JySDA/P7+4uHhoaGhqaqqqqurKlSvcFySTyRiGGR0d9d2MyxTl5eVFRUVdXV0zMzPNzc1lZWVlZWWrjnbs2LGwsLDGxkY28uOffvN3a38wKVZBQcHTp0+zsrLcg8HBwbm5uaWlpVarlXwo7E/OSkpKrl69StM0yci9V1RUFMMwb968IWm6n5JSfefOHYfDMTo6qtfr15A+AKxfXDZt6urqkpOThULhzp0729raSJDsDFdWVsbExERERBQUFMzPz5NLDMOUlpYqFAqaprOzs8kWtPfGMrsD70Gv19M0XVNT46P9qlN4MxgMSqVSKBSmpqa2tLS4j+axrf3gwQOlUrmwsOCxgUGYTCb3xj52y30n1djY6KOL36R+tRvvPojT6VSpVDKZTKFQ6PV6l8tF4t6fu/toOp2OLM/7tLOzMz09XSwWx8bGqtXqXyUIAOBNsOL17cORxWJJTU39+vXr2roDAMB/Hv4nJgAA8AU1BgAA+IIaAwAAfFn7fgwAAIBveI4BAAC+oMYAAABfUGMAAIAvqDEAAMAX1BgAAOALagwAAPAFNQYAAPiCGgMAAHxBjQEAAL6gxgAAAF/+B4FKogVl2Za/AAAAAElFTkSuQmCC) --- **Screenshot:** ![aligator.cz vulnerability](/twimages/screen-1129210.jpg) **Mirror:** [Click here to view the mirror](<http://1129210.openbounty.org/mirror/>) ### Coordinated Disclosure Timeline Vulnerability Reported:| 30 March, 2020 17:05 GMT ---|--- Vulnerability Verified:| 30 March, 2020 17:15 GMT Website Operator Notified:| 30 March, 2020 17:15 GMT a. Using the ISO 29147 guidelines| ![](/images/done.png) ---|--- b. Using publicly available security contacts| ![](/images/done.png) c. Using Open Bug Bounty notification framework| ![](/images/done.png) d. Using security contacts provided by the researcher| ![](/images/done.png) Public Report Published [without any technical details]:| 30 March, 2020 17:15 GMT