logo
DATABASE RESOURCES PRICING ABOUT US

gullid-asakura.jp Cross Site Scripting vulnerability

Description

Open Bug Bounty ID: OBB-1130250 Following coordinated and responsible vulnerability disclosure guidelines of the **[ISO 29147](<https://www.iso.org/standard/45170.html>)** standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence. Affected Website:| **[gullid-asakura.jp](<http://gullid-asakura.jp>) ** ---|--- Open Bug Bounty Program:| **Create your bounty program now**. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| **[XSS (Cross Site Scripting)](<https://www.owasp.org/index.php/Cross-site_Scripting_\(XSS\)>)** / CWE-79 CVSSv3 Score:| 6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N] Disclosure Standard:| Coordinated Disclosure based on **[ISO 29147](<https://www.iso.org/standard/45170.html>)** guidelines Discovered and Reported by:| **geeknik ** Remediation Guide:| **[OWASP XSS Prevention Cheat Sheet](<https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.md>)** Export Vulnerability Data:| Bugzilla Vulnerability Data JIRA Vulnerability Data [ Configuration ] Mantis Vulnerability Data Splunk Vulnerability Data XML Vulnerability Data [ XSD ] Vulnerable URL: ![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAAA3CAIAAABVZQ1/AAAACXBIWXMAAA7EAAAOxAGVKw4bAAASbElEQVR4nO2dfUxT1//Hr1ixwEUBCyrU8TCDhhi2GEMwQcfUqGHEVETmNjaZM44QpowYh5gwhgsq0z0QR4zRTM2ykWUxhhDCCHFLx4gPiB1jDBm62iE2CEi1slIr9/fH/e3kfu956G3ppZ1+Xn/13Ht7zvt8Pudweg/t+84QBIEDAAAAABUI8rcAAAAA4KkF1hgAAABALWCNAQAAANQC1hgAAABALWCNAQAAANQC1hgAAABALQJijUlMTPz1119pRcCHBGBsA1ASAAC+wv9rzG+//TY5OfnCCy8Qi4APCcDYBqAkAAB8iJs15vbt2+Hh4cRTNpvt0KFDtKJyGhoaNm3aRCsqRKqT9hp/S2RkpOd6vZGkKsob8i62U8GtNiTp4cOHe/bsiY+PDwkJWbJkyZEjR548eeIXYbdv354hYdGiRfv373/8+LFKTXs9cabC/fv333777ejo6Li4uA8++MC73r3//vshISFnz5716F2o+2pPQHbrDPySkacY7+9jxsbGqquraUXl+GSNoREfHz88POyr2gIT5X2c/jXGLUjSjh07LBZLS0uLxWKpq6trbm7u7Oz0lyqe5x0Oh8PhGB8fb2pq+umnn6qqqlRqy+uJMxUKCgqcTqfJZLp48WJ7e3tFRYWnNYyMjNTW1l66dCk/P18NhSqhZLL4JSNPMwITs9nM87ySU4wrGQwODkZERDidTmJROdLWFSoxm80RERGeNuSdpEDA69hOBXYQkKTx8XGNRjM2NhYIwvBTbW1tS5cuVanp6R8n4+Pjer3ebreLxStXrixevNjTSryWPTAwsHz5cvFFWlqaFzWoTaDN3P86iu5jvvjii8TExHnz5r355ps2m43jOJvNlpCQYLfbZ8yYcfbsWWnx008/DQ8P/+STT+bPnx8ZGbl9+/Z//vmHVnNDQ8P69etnzZqFF+/evfvKK6+Eh4cnJiYeO3ZMvK2W3eq6vd2WXX/nzp0NGzaEh4cvWbLkm2++Ybzx6tWrK1euDAkJiY6O3rp16507d9DxVatWhYeHx8XFbdmy5Y8//mBcjPj999/nzZv3888/M7ogHj906FB0dPTChQtPnz7NVoL3UXxBi7w0tsReTExMvPPOO+Hh4fHx8R9++CHaqsIFEKU+efJk//798+fPDwsL27p168jICGoaHz8ySZOTkxzHaTQaYi6mX5gMrVbrcDgYYojxVDJWZfNIdpaYekZbeOr/+uuvsLCw69evcxw3MjISGRn5448/hoSE/P3332FhYWIr/f39sbGx3L+zIyws7Pnnn//ss88YM2tkZEQm+9GjR++++250dPSiRYs++ugjMSzEg3FxcdeuXRNfXL58Wazwhx9+oLWFQNcQI0DMMj4e3E4WdkYAL3C/xtjtdpPJ1N7efuXKlcHBwbKyMo7j5s6d29vbK24p5OfnS4ubN2+22+1Xrlzp6Ojo6Ojo7OysqamhVc7YKCsuLg4ODu7v729tbT137tyUe/r/dc6ZM6enp6epqYm9xnR2du7atctqtXZ3d+v1+uLiYvF4dnZ2QUGBxWJpa2vLyMjQarWMi0VsNltOTs7hw4dXrVrFlme323t7e7u7u8+cOZORkcFWQquBFnlpbIm9qKqqGh8f7+rqam5uNhqNJ06cYAjApdbU1LS2tra2tvb19cXGxvb09CBJ+PiRSQoLC8vKytq2bdsvv/zy6NEjWaemX5gUm81WWVmZlZXFEEOMpxJk80h2lthBWlvE1CcmJpaXl5eUlHAcV1FRkZWV9fLLL0ubuHHjxt69e48ePcr9Ozt6e3tbWlrOnDmDronGmDdvnkz27t27BwcHOzs7m5ubGxoa6urqaAeJFBQUrF27Vlx7cK5evbp27dqCggKxSIwAI8v4nGJEjJ0RwBvYtzlms5njuAcPHojF9vb2pKQkdIp4yy++xWKxiMfPnz+/YsUK8bXFYklISEBvsdvtPM+Pjo7iRZfLpdVqb926hSoR97XwRvHjtNdinVJhCvfK+vv7FyxYIAjC6OioRqNxOBxKLkZNZ2VlFRUV4YHCu8BxHIoGu3IpSiIvjS2tFzqdDu2fmEwm4j6GKIAoNSYmprOzE9dGGz+y7D948KCsrCw5OVmj0SxevLiystLlcvlFmHhK9y/BwcGvv/46EoCLocVTyVjFizTEDjLaoqXe6XQuXbq0srJSp9NZrVbpuwYGBpKSkurr6wXm7BjAELCZxfM8mq0NDQ3p6enEg7Te2e326urqqKiovLy8vr4+dLyvry8vLy8qKqq6uloMOy0CjCxLx4OSyQJ7Zb6FvDshhed5dMsfGxs7Ojrq9i1arXbRokXi66VLl1osFvT29vZ2dFlLS0taWhq6JZcWh4aGJicnExMTUSVuG3XL0NAQx3FSYehUdHQ0en3v3j2O465fv75v376enh6n0zk5OSlu5kRGRubm5qanp69ZsyY2NnbFihUvvfQS7WKRAwcONDc3nzp1SolCnufxDQpG5Ti0yEtjS+zF/fv3h4eHExISxOsnJyfRzhVRgEyqzWYbHR1NTU0ldoo4fmTZF/c0Dh06NDEx0dnZWVpa6nK5Dh48OP3COI4LDQ01mUwcx7W2tpaVlZ06dSokJITjOKIY2qiYOngHGW3RUj9r1qzjx4+vW7eutrZ2/vz50vpzc3NLSkpeffVVjjk74uLi2DqHhoacTqd0tprNZuJBWg1hYWH79+8vLCzcsWNHSkoK+p5bSkpKdnb2rVu35s6dKx4hRoCdZdqmHy1igG+Z1t/HzJw5c+HChaio6jfKPMIkQTxiMBhWr15tNBpNJlNTUxO68ttvvz116lRqaqrT6SwtLX3vvfcYF4+Pj58/f76+vr6srIyx3c+GVrlHyGKL98LhcAQFBXV0dIhB6OrqchsKnJkzZ3otCTF79uyVK1fW1tZ+9913HMdNvzCO44KCguLi4uLi4rZv367T6dBHBJoY4qiYOsQOetGW1WoNCgqyWq3Sg3fv3u3q6lLydnyvzLvusLl582ZxcbHRaJR+ha+qqspoNBYVFd28eRMdpEXA0ywD0wT7Nod2v088RbwJvXDhAroJleJyuXQ6HbqVxotardZsNotFdOf+4MGDoKAgtMXR1tbm9V7ZhQsXaHtlQ0NDGo0GFU0mE/FKk8mk1+tpF5vNZo1G09PTIwhCdnZ2cXGxeIGSLnikxG3kZbEl9kIQBJ7n8d0GogCi1JiYGJPJRNOGiqJ+XBLagBIxGo1o82o6heGn6uvr9Xo92pwhipGC4qkw0bSdGSWpR20xJt3Y2NiCBQvq6+ujoqLE0Sjicrmk8WfMjmnYKyssLOR5vrS0dHh4WHZqeHi4pKSE5/nCwkL8jSgCSrIsKPszBXtlvsX7NcZut2s0GrR5iopi8nJzcwcGBrq7u1988cXKykpUA5qrRqNx2bJl6LisKAhCbm6uwWAwm83d3d2pqamo3bS0tJ07d1qt1r6+voyMDLT2aDSa3t5el8slfS3TbzAYpMIY/4+JiYmpq6sbGxvr6+szGAzilT09PRs3brx48eLw8LDFYtm5c2d2djbtYmnTvb29Wq22q6uL0QXayCZWLt2Plk0bPPKy2NJ6UVhYmJ6e3t3dPTg4WFNTU1VVRRNAlFpdXZ2WltbV1TUwMCB+IMU7hcaPTFJvb29MTMzJkycHBwfHxsbEs9XV1eLZ6RRGTERKSsqJEydoYmjxpCVaOj4FbB5JM4t3kNYWY9IVFRXl5eUJgvDxxx9nZmZK+yX7r4by2YFHaefOnZs2bbJYLN3d3cuXL6+traUdJJKfn48+UNKay8/PF+ijV0mWBQWTRcAyAkwR79cYQRAqKytDQ0PPnDkjLR47dozn+cOHD8fExERERLz11lvj4+N4bXv37i0vL0dVyYqCIFit1uzsbJ7nExISDh8+jNrt7+9fs2YNz/MpKSm1tbXoeFlZGRKDXsv0DwwMrF+/nuf55OTko0ePMmaR0WhcsWKFVqtdsGBBaWmpeKXT6aysrExOTg4ODo6JicnPzxf/iUq8WNb07t27V69ezegCbY3BK2fcQRIjL4strRcOh6OkpESv14eGhmZlZaFPoG4FiLhcrn379ul0Oq1WazAYxA+ktPGDp7upqSkzM3POnDmhoaGpqaknT55Ep6ZTGDERX3/9dUJCgvjTIlwMLZ60RAv/O1YFyTySNY13kNYWLfUdHR08z4uf1h0OR0JCwrlz5/Aui4izIzQ0NCkpiT078CjZ7fZdu3bpdDq9Xo++r0E8OEVoEVCSZUHBZBGR/WUDpoKbNcYLFN5pJicnX7p0iVaUIX7O9Y2+pw7ZtMEvYMfWLwSgpP80Pt/eUfsXyn4HNsSmDfffK1OJGzduMIoyTCZTUlKSyoqeWtix9QsBKAkAADXws+8yw9X/4MGDp0+fvnfv3uXLl8vLywsLC/2kMaB5/Phxe3u7Xq/3YZ1+N9v3uwAAAHyF3+5jOHeu/pmZmSUlJUVFRc8999zu3bu3b9/uP6WBy65duxoaGhT+/kYJfjfb97sAAAB8iO/vY+Lj4x8+fKjkSvbvY1atWnXt2rWJiYk///xzz549vpLnK8v9abDuV+Ix/tVXX42MjGzevJnzJPIMpFmYmJh47bXXGN1UIwg++ZlUgFi4T5uPvU9SL6vw/v37Pqww0PB5xAAa/twrC5zfYAYmfvEYR1mYmJjYuHGjy+ViXKzGoxN8MgzAwh0AAgS/rTF3797t6+vLzMwkFgG/IM2C1Wpdt26d6JbIYPbs2SoJmCK+FeYdGo0mOTlZ+gIAnjXcrzG4k7anDupEGK7+REtwhnE9brcuXnzs2LHExMTIyMg33nhDZuVy5MgRWT0MJ3biUwZo9bD14/XTpMo8xr/88ssNGzagtx84cAD/BxXeLjFTjO5IsxAfH3/gwAF2EqWdIjquu/Vsl13g9gEE+DAj9tELC3flUomG+cS3EH3sAeCZwv0aQ3TSVuigznA6YmyU0SzBacb1RLt1u93e1dUlOrdbLJby8nLUlt1u7/gX9qMHRGhPGaDVo9zSHNWDS5V5jBsMBqPRiHaQGxoacnJyZPUQ28UzxXhowlT2qYjjhOHZLjNsxwUot3Bn+Ldzii3clUulGeZPj68XAPzHYP98huikrdxBneh0JLhz9SfaHDG8uHG7dZlze1tbm8y5Ha+H4axFe8oAsR6GfoalP02q9C3p6enff/89Oi5LCrFdPFO07uBJIWqQgc7SHNeJnu24YTsuQLmFO3E0emHh7pFUomE+bbQDwLOMm+8u07zEFTqo01zB2a7+NEtwohc3zftd6tyu1+ulzu0eeXoznjJArMcjS3MRhlQpBoOhsbFxy5YtjY2NWVlZsv830NqVZYrRHVlSPII2Toie7bhhOy7AIwt3hn87pzjdHkklGua79cAHgGcQ93tlyr3EcW9t2u6BD79RxvB+f8rIyckRDd4bGxvxjbKpM8UvdNHGCe7ZTjRsxwVMv4W7cqkcyTAf9soAgIBHdz2ik7ZyB3Xi7oFbV38le2VSL27cbp3teEish+bETnvKAMNIn6hfudM7w5xx2bJlra2tERERqB4Eba9MVgOtOzT/f4V7ZTKQ4zrNsx03bFf4AAJ8mBE1eGHhrlyqQDHMh70yAMBxs8YQnbSVO6gTcevqT7QEZ3hx43brbtcYYj1EJ3aB8pQBRj00S3Mllv6MpycIglBRUZGamoqs44X/tWfH2yVmitgdPAtIj6wG4mMFaI7rbM92ZNiOC1Bu4a5kjVFi4a5cqsA0zAcAQIqbNYbopK3cQZ2IW1d/oiU4w4sbt1t3e3NQU1OD10NzYic+ZYBRD83SXImlP/vpCeI2ICq69VcnZorYHTwLxCZoRYa/vUIUPoAAH2Zu1xifW7gzDPMBAJDhe29/t3jk6o8IEC9u/z5lwG63a7Va2XeopgLqjndm+z5Mikpu/wEybADgmcUPnpgeufoHGv59ykBLS0tGRoYPna9Qd/yeBb8LAABADfzpu/xf4eDBg7GxsZs2bbp161Z5eXlFRYVfZNhstuPHj2/btm2K9fiqO2o8VgAAgKcNf99IKcWPmx5Go3H58uXBwcGLFy/+/PPP/aJBEITg4OCcnBz8Z4me4qvuFBQUREVFnT9/fop6VAX2ygDAv8wQBMHfyxwAAADwdOLn52ACAAAATzGwxgAAAABqAWsMAAAAoBawxgAAAABqAWsMAAAAoBawxgAAAABqAWsMAAAAoBawxgAAAABqAWsMAAAAoBawxgAAAABqAWsMAAAAoBawxgAAAABqAWsMAAAAoBawxgAAAABqAWsMAAAAoBb/B+YmsSoh2pqIAAAAAElFTkSuQmCC) --- **Screenshot:** ![gullid-asakura.jp vulnerability](/twimages/screen-1130250.jpg) **Mirror:** [Click here to view the mirror](<http://1130250.openbounty.org/mirror/>) ### Coordinated Disclosure Timeline Vulnerability Reported:| 1 April, 2020 12:44 GMT ---|--- Vulnerability Verified:| 1 April, 2020 12:50 GMT Website Operator Notified:| 1 April, 2020 12:50 GMT a. Using the ISO 29147 guidelines| ![](/images/done.png) ---|--- b. Using publicly available security contacts| ![](/images/done.png) c. Using Open Bug Bounty notification framework| ![](/images/done.png) d. Using security contacts provided by the researcher| ![](/images/done.png) Public Report Published [without any technical details]:| 1 April, 2020 12:50 GMT