Open Bug Bounty ID: OBB-1137517
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:
      a. verified the vulnerability and confirmed its existence;
      b. notified the website operator about its existence.
Affected Website: |
adelaide.jollypeople.com |
Open Bug Bounty Program: |
Create your bounty program now. It’s open and free. |
Vulnerable Application: |
Custom Code |
Vulnerability Type: |
XSS (Cross Site Scripting) / CWE-79 |
CVSSv3 Score: |
6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N] |
Disclosure Standard: |
Coordinated Disclosure based on ISO 29147 guidelines |
Discovered and Reported by: |
g0bl1nsec |
Remediation Guide: |
OWASP XSS Prevention Cheat Sheet |
Export Vulnerability Data: |
Bugzilla Vulnerability Data |
JIRA Vulnerability Data [ Configuration ] |
|
Mantis Vulnerability Data |
|
Splunk Vulnerability Data |
|
XML Vulnerability Data [ XSD ] |
|
Vulnerable URL:
![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAAA3CAIAAABVZQ1/AAAACXBIWXMAAA7EAAAOxAGVKw4bAAAQI0lEQVR4nO2dfUxT1xvHr6VgoReBUioCjhcJEEIYYYx1G0sMGsWFkPrG2MJGjYQhwY0wxiwaxhqDhoFuxBmzuAXnsu0PZwgxiyPMbR3pnGJTsUPswCGUyhwwwKuWUnZ/f9x5c3/3rbcthYLP56+e09PnfJ/nnN6He9o+rMJxHAEAAAAALyBaagEAAADAigVyDAAAAOAtIMcAAAAA3gJyDAAAAOAtIMcAAAAA3gJyDAAAAOAtfCLHxMfHX79+nasJrGx8cLl9UNLCsuIdBHyHpc8xN27c+Pfff59++mnWJrCy8cHl9kFJC8uKdxDwKZzkmDt37gQHB7M+NT09feTIEa6mcDo6OgoKCriaTuWFhYXxPMslXsgYfuMuzUV9Vogqr7LkAqi4tNwLglP3SUn//PPPnj17IiIioqOj33vvvbm5ucXSyIfny7cgMRciw+k1gTTi0nttofCpN8IKxv37mKmpqcbGRq6mcDzJMZ4TGxs7Pj7uO3aeNBY/xziFlKRWq+12u9FovHTpkl6vr6+vX2ppC8OCxFzIhnf7mrA4wHt2cVjis7K7d++azeaNGzeyNheH1atX+5SdJ4clWW5+SEmPHj0yGAyffvppdHR0cnLysWPHzp07t9TqEARBxGJxUlKS2y9fwJh7vuFJXzx0ym3gPbsICMoxH3/8cXx8fHh4+Ouvvz49PY0gyPT0dFxcHIZhq1atOnPmDLV57Nix4ODgDz/8cO3atWFhYSUlJY8ePeKy3NHRsWXLFn9/f2bz6tWrzz//fGBgYERExO7du0dHR4kxo6OjW7duDQ4OTk5O/uqrr0hTs7Oze/fuDQ4Ojo2Nff/99+fn52lzsRqk3S+7bZxq58GDB2+++WZERMT69es/+OAD5mAqn3zyydatW8nmwYMHd+7cyRVALhmsMxKSnC6EU9fm5+c1Gs3atWulUunu3bsnJia4JiVmbGlpiY+Pl0qlr7zyysTExLvvvhsREREeHr5nz54HDx5QLdOW+6WXXgoODo6Ojt65c+fNmzd5tDGXkpj6yJEjERER69at++yzz3iUI2xbmiYpMDBwZGREKpUS/QMDA1FRUcjjHSKVSjds2HD8+HHihIe2i2gnP0wvmGqZ26CkpIR1w0RHR1+7do1sfv/996zDuAY4jTlr0JiCqcdcrNuMdolglUr6Eh0d/dtvvwn0iDrGqy4AC4LzHINhmNFo1Ov1V65csVqtBw4cQBAkJCSkv78fRVGbzVZcXExtbt++HcOwK1eu9PT09PT0GAyGpqYmLuM8B2UGg6GsrGxsbMxkMsXExFRWVhL9lZWVa9as6evr++6776hpQKvVPnz4sLe39+LFizqd7tSpU7S5uAxScds4lbfeestqtRoMhosXL3Z0dJw8eZJnsEql0ul09+/fJyOwbds2rgByyeCaUchCOHWtqampq6urq6vLbDZHRUX19fXxTErslu7ubqPRaLVaU1JSxsfHe3t7L1++PDQ0VFdXR7VMXe78/Hy1Wj08PNzd3Z2TkyORSHi0sS4lhmH9/f0mk6mtrS0nJ4dHOeuWZkoiuXXrVk1NTXNzM/J4h/T393d2dra1tfGsLH+EaWqZ22DHjh0IgkQwoBlXq9WbNm2iZh2Sq1evbtq0Sa1WuxRznqDRwkvCus1olwh+qQI9YjrlVReAhQHnZWhoCEGQmZkZoqnX6xMSEsinUBSljiSaxEuGh4eJ/vPnz2dlZRGPh4eH4+LiyJdgGIai6OTkJGuTysDAQGRkJI7jDodDIpFQjYeGhhKP5XI5hmHEY6PRmJ2dTVPIapA6xiXjzEARdhwOB4qit2/fJvo7OjqUSiV1FqYqpVJ57tw58imz2cwVQFYZrDPi3AtBE+DUNYVCYTAYaJ1cbiIIMjU1RXR2d3eLRKKHDx8STb1en5iYSFqgLvfk5KRYLLbZbLRZnGrDHy8lMTVt87Aq59nSrDvQYrEkJCR88803OPcOYb4XyJ3D6gWrWto2IKJhYUBzB8OwxsZGmUxWWFhoNpuJTrPZXFhYKJPJGhsbyalxYTHnCRpVsJD3Oy0srFKZcA1jOrUILgCe4zzHcL15eHKMRCIh+/v6+hQKBfHY4XBYrVbyqfPnz+fm5nI1DQbD5s2bo6Ki5HK5TCYj5rVarTTjRP/k5CSCIPLHyGQyhUJBU8hqkDrGJeNcgbJarQEBAWS/2WwmroA8Oebo0aNqtRrH8RMnThQWFnIFkEsG64w8C0EV4NS1qakpsVjscDho/jp1E2dcamlN2nIXFRVlZGRUV1c3Nzf/9NNP/NqYS8mMKpdyHpE0SQRKpbK1tZX0mnWH8NgUsjMJaNsAd4XJyUmVSiUWi4mmWCxWqVRksidxGnOBQcOFvd9Z3aRJFegRl1PedgHwHPGi3Cz9h5+f37p168gm/zfKVCpVaWnpqVOnJBKJxWLJy8vjsWyz2UQiUU9Pj1j8n0cikchut1PHuGTQqXGBrxXCjh07iDv3Cxcu0E42vC1DoE0/Pz8PJ2JCW+6vv/762rVrJpPJarVWV1e/8MILdXV1XNqEL6VLypkHZXfv3u3t7f31119dcOz/EbIzCVi3AfNw7O+//6b1DA4O1tfX63Q6rVZL9Gi12ubm5oqKCq1Wu2HDBi4HmTE/fPgw4p3l5pIqfBirU4vvAuAy/CnIvfsYhHLj2d7eznrj6XA45HI5edhCa967d4/6J4zRaCTmpR1WtLe3k3pQFKXdIFMVchnkOSvjN84VKDfOynAcT0tL6+rqCg0NnZmZ4QkgqwyBZ2WkHZoAp64pFAqj0ShkUuH3MbTlpmE0GmNiYri0sS4la1RZlXOJZJXkcDioPVw7ZGZmRiQSkedv3d3dVMf5dyYV6jYgepyelZWXl6MoWl1dPT4+Tu0fHx+vqqpCUbS8vJwULyTmQoKGC3u/017FJVWgR6xOedsFwHPczzEYhonFYvLAlGwSC7Zr1y6LxWIymTIyMhoaGkgL5OGpTqdLS0sj+2lNHMcVCsXJkyenpqbMZrNKpSLnValUVONkf3l5uVKpJP6iaWpq0mq1MzMzYrG4v7+fuHFmNUhzULhxqi80O6WlpQUFBcPDwyaTKTMzs7W1laqEpoqgvr4+PT09Pz8ff7zjWQPIKoN1Rh47NAFcNknvGhsbs7Oze3t7LRZLZWWlTqfjmlR4jqEtd19fX15e3qVLl8bHx4eHh0tLS4lQcGljLiXrVZtVOZdI5g6kxYF/h2RnZ5eWlo6NjZnN5pycHKrjTC+4cgx1GwikuLh4aGiI69mhoaHi4mLiscCYCwkazrhAs25X2iWCX6pAj6hOLYILgOe4n2NwHG9oaAgKCmpra6M2W1paUBQ9evSoQqEIDQ194403yE99qdZqamrq6upIU7QmjuM6nS4rK0sikURGRlZXV5PzWiyWLVu2oCialJTU3NxM9ttstqqqqpiYmKCgoJdffpn4e+3AgQOkQlaDNAeFG+e6jcNxHMOwsrIyuVweExPT0NBAXMqpSqiPCYxGI4IgRA9hijWArD5yzchjhyqA1Sbt9q62tlYul0skEpVKRf51yZxUeI6hLbfdbm9oaEhKSgoICFAoFMXFxWNjYzz+MpeS9arNqpxLJHMHMl0gd0hQUFBCQgJ1hwwMDOTm5qIompqa2traSn2V083Dug0WHIExFxI0/P8v0FzbDGdcIhaWxXEB8BAnOcYNeL7NRSUpKeny5ctczWWHQK+5wDBMIpEQX3rx0NRCSfIqPrjcbkhiZiAPoW6DBcdLMfflbSaQFeCCL7Oon/lTuXXrFk/zSaOzszMnJ2fxSzYtFT643L4gyavbwBccBJ5Alr7u8oJz/fr1ffv28QyYm5t79dVX//rrL4EGnRZCn5ub0+v1MTExLqikMD09TXxd1b2XAysD2AbAimQF5hi1Wh0XF8czwN/fPyAgoKamRog1IYXQy8rKKisr3S7/R54Cu/dyYGUA2wBYmTg9TSOKpy7CsZ0nkCLHx8dFIhHtu0A2m62oqIj2e0zih4pOOXz4cGVlpYfyhBz4Los4AwAAuITz+xgfL9BNQIrEMCwoKIhaTnV2djYvL8/hcFDHy2QyDMOEWIZC6AAAAG6zAs/KaIyNjW3evJkoaOgqPlUIHQAAYNnhJMfQCnSzlt3mqozNWm7dk4LwQqqIf/vttzR5sbGxBw8eFB4Rqo9OC6EjbIXEvVQIHQAAYNnhJMfQCnRzld3mqozNLKbtYUF4p1XEt2/f7nYsmLXQnRZCRzgKiS9aIXQAAACfxuknNrRfsDPLbnNVxmYW0/awILyQKuJcn67z/Cwf56iFLqQQOs5WSNy9KuI0SQILoQMAAPgyrn0eI5VKNRrNwMCA3W5PTU0l+yUSyfr164nHKSkpw8PDxGMURak/KLt3757dbo+PjydHEtdcFEVDQkKIzpiYmDVr1gQGBhLNqKgo6qflXBN5SGpqqt1uv337tkajIf/1YWdnZ3Z2NqE/LCxs165dSqXynXfeaWlp+fnnn4kx09PTk5OT6enpNIM0x6kIdIEr1AAAAMsIlz/zHxwcJMrM8VfnXl5otVqdTldRUTE4OEh2Mguhnz59Oj093W63V1dX79+/n3zKS4XEV2SoAQB4onAtx+zbty8jIyMyMtJsNms0GrLfZrONjIwQj81m81NPPcX6coVCERAQ8OeffxLN/v5+/h9LMhE4katoNBqz2axQKDIyMogaAfPz8xcuXKB9a/mZZ54pKSnRaDSff/55e3s7giAhISEymYy/CoB7LnCFGgAAYBnhPMfI5XKbzfbHH38gCIJhmMlkamlpCQ8Ppw2rrq4eHR39/fffGxoa8vPzWU35+fkVFRVVVVWNjIwQI1977TVXFbNORIoUiUS0n8Kw4nA4yP8ZRRAeHn78+HGTyUT8bkav10dGRpLHejdv3ty2bduPP/44MTExMjJy4sSJjIwM4qmqqqqysrIbN26Mjo7u37//l19+8dAFoskTagAAgOWC8xwjlUoPHTqUkZFx5syZs2fPxsbGMsegKJqVlZWZmZmTk5Oenl5bW8tl7aOPPoqMjMzMzMzLyysoKKioqHBJLtdEpMjOzk4EQcgrNRdGo5H1BiI2Nvbs2bMI46AsMTFRqVSWl5dHRUVlZWXZbLbTp08TT9XW1m7cuDE3NzcxMdFisTj97MSpC8R3l7lCDQAAsIxYheO4hybu3LmTlpZ2//79BRHk+URvv/22yWT64YcfuAbMzs6mpKQcOnRo7969XGOSk5O/+OKL5557zn25bCxarAAAAHyBJavt7z2am5uJ//XExerVq7/88ssXX3yRZwwUQgcAAPCcFVhLxt/f/9lnn+Ufw59gAAAAgAVhBeYYAAAAwEdYgM9jAAAAAIAVuI8BAAAAvAXkGAAAAMBbQI4BAAAAvAXkGAAAAMBbQI4BAAAAvAXkGAAAAMBbQI4BAAAAvAXkGAAAAMBbQI4BAAAAvAXkGAAAAMBbQI4BAAAAvAXkGAAAAMBbQI4BAAAAvAXkGAAAAMBbQI4BAAAAvMX/AAg3Q45lZBzmAAAAAElFTkSuQmCC)
Screenshot: ![adelaide.jollypeople.com vulnerability](/twimages/screen-1137517.jpg)
Mirror: Click here to view the mirror
Coordinated Disclosure Timeline
Vulnerability Reported: |
9 April, 2020 21:43 GMT |
Vulnerability Verified: |
9 April, 2020 21:57 GMT |
Website Operator Notified: |
9 April, 2020 21:57 GMT |
a. Using the ISO 29147 guidelines |
![](/images/done.png) |
— |
— |
b. Using publicly available security contacts |
![](/images/done.png) |
c. Using Open Bug Bounty notification framework |
![](/images/done.png) |
d. Using security contacts provided by the researcher |
![](/images/done.png) |
Public Report Published |
|
[without any technical details]: |
9 April, 2020 21:57 GMT |