Open Bug Bounty ID: OBB-1137623
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:
      a. verified the vulnerability and confirmed its existence;
      b. notified the website operator about its existence.
Affected Website: |
bw.vc |
Open Bug Bounty Program: |
Create your bounty program now. It’s open and free. |
Vulnerable Application: |
Custom Code |
Vulnerability Type: |
XSS (Cross Site Scripting) / CWE-79 |
CVSSv3 Score: |
6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N] |
Disclosure Standard: |
Coordinated Disclosure based on ISO 29147 guidelines |
Discovered and Reported by: |
Mughiwara |
Remediation Guide: |
OWASP XSS Prevention Cheat Sheet |
Export Vulnerability Data: |
Bugzilla Vulnerability Data |
JIRA Vulnerability Data [ Configuration ] |
|
Mantis Vulnerability Data |
|
Splunk Vulnerability Data |
|
XML Vulnerability Data [ XSD ] |
|
Vulnerable URL:
![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAAA3CAIAAABVZQ1/AAAACXBIWXMAAA7EAAAOxAGVKw4bAAASNUlEQVR4nO2df0wT5xvAT1ah1itqLZVf0+I2XLYFO2UEHUuIGkeQkOoQGelmdYQhIcQQ3JRsjOBWHaJxbmHGYFI3si2LMYQshiXEGEKYIjaFNQw7xmqtpRuVoXZYsXrfP96vl/PuvetRetDh8/mr79v3fZ/nfd73uYd7r/cwj6IoAgAAAAAkIGq2FQAAAADmLBBjAAAAAKmAGAMAAABIBcQYAAAAQCogxgAAAABSATEGAAAAkIrIjTEpKSl9fX18xdlVBgAAABBDhMaYX3/99dGjR6tXr8YWZ1cZAAAAQCRBYsz169eVSiX2q9u3bx86dIivOE3a2try8/NZRQFlJEUK6WEc7fr160uWLAlNlqSLKF4NPv75559du3bFxcUlJSV9+OGHDx48kEi36UDPK+hCCHcHgDlJ6Pcx4+PjJpOJrzhNsDEmXINPU5mwsGLFCq/XG94xQ0DSRZw+RqNxcnLSarVeuHChu7u7trZ2tjUKPxGyEwBAIiLxrGxkZMRut2dnZ2OLs6tMGImJiQn7mHOJe/fuWSyWU6dOJSUlrVq16tixY2fPnp1tpTDIZLLU1FTmh6kCOwGYw4iKMV988UVKSsrSpUvfeeed27dvEwRx+/ZtrVbr8/nmzZt35swZZvHYsWNKpfLIkSPLli1bsmTJzp077927h8a5cuXKG2+8oVQqk5KS3nrrrd9++w0rrq2tbfPmzfPnz8cWP//8c9bIW7duPXLkCPq2r68vJiYGKUkQxPvvv79v3z7m4Dt27Pjss8/o4rp1686cOfPw4cMDBw4sW7Zs4cKF27dvv3XrFp8y05ROwzwhQZ/5LLZu3boFCxbExcVt37795s2bqP7mzZtvvvmmUqlctWrVd999hxXBYsYWUWA6WDX42i9YsODGjRsLFy5EHYeGhhITE/kUuH///nvvvadUKlesWPHJJ588fPiQHvnQoUNxcXEJCQmnT5/Grr747ljDJiUlXb16FX24fPkyqvz555+Fl4NuwDxqUyqVR48eTUlJWbhw4Y4dO27durVv3764uLilS5fu2rXr33//RV1GRka2bNmiVCpTUlKOHj2KPaDjWgk7HYGdjx0TuxsBQIDgMcbn81mt1u7u7p6eHrfbvX//foIgFi1aNDg4SJKk3+83GAzM4tatW30+X09PT29vb29vr8ViaWhoQEPl5eUZjUan09nV1ZWVlSWXy7ESBQ7KfD5f72PokfPy8jo6OlCDn3766dGjR+3t7ajY0dGRm5vLHLywsLC1tRV9HhkZsVqter2+oaGho6Ojo6PDbrcnJiYODAxIJF3AyFiLWSyW0tJSj8djs9mSk5MrKipQfUVFRWxs7MDAwPnz58XEmBleRL6+WDUE2tNcu3aturq6sbGRT4H6+vqJiYn+/v729vbOzs6TJ0/SIw8ODtpsNrPZnJWVhV198d0JgojjgDW40WjcuHEjij0srly5snHjRqPRyLdMXV1dVqvV7Xa/+OKLXq+3v7//0qVLDoejpqYGNauoqIiOjh4aGuro6Pjmm2+wCmCtxJ0O387HTpNvNwKAEJQgDoeDIIg7d+6gYnd398qVK+mvSJJktkRF1MXpdKL6c+fOpaenUxQ1NjYmk8n8fj9XitPp1Gq16LPP5yNJcmxsjFvkG9ntdisUCjRyRkZGVVVVcXExah8bGzs5OcmUNTExERsbiwZpamrKz8+nKEqj0VgsFq5iYZfONZfAyCyGhobi4+MpigoEAnK5nNl+8eLFWCnM8aVeRJY4bl8+NYJO3+VyrVy58ocffhBQQK1W+3w+9NlqtWZkZNAj03uJ4ll98d2RMiywRvD5fCaTSaVSFRYW2u12VGm32wsLC1UqlclkosWxbD4+Po7qu7q6oqKiJiYmaHM9//zz1OPVHx4eps3FXX2slbDT4dv5QadJ70YAECZ4jGFdg+gNLXB5ksvldP3AwIBGo0Gfi4qKdDpdVVVVY2PjxYsX6TaBQMDtdqPP586d27BhA/0Vsygwsk6nu3DhgsfjSU5OHh8f12g0gUCgubl527Zt3EkVFRWdOHGCoqhNmza1tLSMj4/LZLJAIMBtKYV0rvUERrZYLJs2bUpMTFSr1SqVChnf7Xaz2geNMTOwiMxBsH351BCQhcjMzETrxafA2NgYQRDqx6hUKqxEujtz9afafUqMjY3p9XqZTIaKMplMr9fTUYS2A21zvmViFt1ud3R0NF3Pt/pcK3GnI7DzsWB3IwAII5uJe6XHfP/991evXrXZbG63u6qqav369V9++SVBEM8880xCQgJqE9ovynJzczs6OoaHh/Py8hYtWqTT6To7O/mOqgoLC7/66iuDwdDT03Pu3LlHjx4hHbgtpZA+JfR6fUlJycmTJ+VyucvlysnJmeaA04dvESViZGSkv7//l19+EVCgpqYmKiqqt7dXJvv/fo6K4j0EZq0+QRB+v198d+7h2OjoKLblH3/8UVtb29nZWV9fj2rq6+sbGxvLy8vr6+ufe+654JOfBlwrVVdXY1tidz52mhG4G4H/AMIhKLQ/gQnG0Udrayv25MdqtSYnJ7MqA4GAWq2mzwFYRYGRu7u7MzIy8vPzz58/T1FUU1NTZWVlfHw8fXvExO/3q1Sq48eP0/cZGo3GarUKKxMu6Vzr8Y38999/038CI4sh47POylpbW6W4jwl5Efn6CtzHCMgKBAL0EggoQJIk98wHeyPCXf0pdRd5VlZWVkaSZFVVldfrZdZ7vd69e/eSJFlWVsaSIvI+Bq2+w+FA9UFPSqnHVsJOB7vzsdPk240AIEzoMcbn88lkMvqsmS6iS0ZBQYHL5bLZbDqdrq6ujqKogYGBnJycCxcueL1ep9NZUlKSl5dHj4zOjjs7O1955RW6klXkGxmh0Wg0Gg0ax+VyxcbG6nQ61vg0xcXFsbGxP/74IyqaTKaMjIz+/n6Xy1VRUdHZ2Rle6cKGFRhZo9E0NTWNj4/b7Xa9Xk8bX6/XM9uHHGPCuIi0hfn6CscYPsNST64dnwJlZWWZmZnoz/aGhob6+nquRBrW6k+1uxgMBgMdBrg4HA6DwUB/nlKMoSiqoKBAr9c7HA6bzZaWlsZdfayVsNPB7nw++HYjAAgQeoyhKKqurk6hUJjNZmbx6NGjJEkePnxYo9EsXrz43XffRc8tJycn6+rqUlNTo6OjNRqNwWDweDwsKdXV1TU1NfT4rCJq1tDQwBoZUVxcXFBQQBfT09Ppvlzvam1tJUmS7h4IBD744AO1Wi2Xy/V6PfrbM1zSgxoWfeZajKKozs7O9PR0uVweHx9fVVVFG9/lcm3evJkkydTU1MbGxpBjDBWmRRQzHYEYwzd9rrZ8Cvj9/r179yYnJysUitzcXHTrwxckWKs/1e7hJYQY4/F48vLySJLUarWHDx/mrj7WStjpYHc+H3y7EQAECBJjQmA6npmamnrp0iW+4gwzY9Jn5lo2Jaaj0lT7RuD0/0MMDg6yfiIBABHFjD7zD8q1a9cEijPM7EoHADFYrdaVK1fOthYAwEsk5pKZM/T19aGXorncvXuXIIgHDx68/fbb4UpXhRVEywLmDAcPHjx9+vTo6Ojly5dramrKyspmW6MIpa+vb8+ePQINkAP+9ddfM6bSU0hk3cfMMYxGY1VVVXl5OfcrlD5k/vz50dHRzOwm08FqtWLrIa3vHCM7O3vv3r3l5eXLly+vrKzcuXPnbGsUoRiNxqKiIoEGyAGrq6u//fbbGdPqqSPsp2/oZ0Isjh8/HnZBkQlKXUxRlNfrjYqKYv2eze/3FxUVMR8/WCyWKb0vzXoUzMfFixd1Op1CocjMzOzv7xc/vkjoaVISPFBhPgYP4cHy0/yAB7yP3pZcB+R6HzV1BwSmiiRnZSjnFZOnJ7URnR7f5/MpFApmSt379+/n5OQEAgFme5VK5fP5wq5GUVFRXV0delFu9+7dYR+f+V8AIi07faTpM8OA96HPLAfEeh8hmQMCNFI9j4l5Euy7xE8bHo9n06ZNKLGj1AQCgfT09CVLlqSnp09OTkotLrzZ6SFb/jQB7+Myk94HPEHQOx2fz1daWqpWq5OTk+vq6gKBADqLaGxs1Gq1ixcvLi4uZqZgwp5UoEqTyaRWq+Pj45ubm/kq+cSxmmHhe4VFpCC6JZqaQqEoLCz0er3V1dUoQZPRaESpDPkEjY+P04ZFr5jwKclXbG9v53Zhvg1jMpno4yO/3797926SJJcvX15bW8tMPFVbW5uWllZeXp6Wlmaz2YKuBZ/Zmb1oucxpms1m1hse2I3hdrtzc3PRKx1BX+jBgrUMtgFWH4HVFKleT09PVlYWSZKJiYnbtm0bGBjAWjIQCOzfv1+j0SgUioKCAuE3Tnp6ejIzM+VyuVqtRm+hshoE3aUsO/OdE3JVnapTBHXAiPI+5rbkKslXE3SPASEQ/D6msrLS7XZbLJb29va2trampiaCIHw+X39/P0rS7nQ66azjAnDzimMr+cSJTLEukFVejCBCdH51rCBWevygNuGCzQnPl8mfLyM9QRAkSQ4PD5vN5vb29pdffjnoWvBZAwvrnwKwRsZuDL509CJT5fNZBjGHs+UL7NLpO+CUnEKMA0aO97G2pUgE9hgQOsIhKBAIoKsVKra1tWVmZjqeTNLe1dVF54qnHj91VDOoqKhw4PKKcysFxIlJse7gyRIvUhDdMmh+dT5BFP9r28xZC9zHcHPCC2Tyx2akpyiqubk5LS3N4/FkZ2fn5ORQFDU0NES/qSfe7MKvnbNe7KdH5m4MgXT0ItN/YS1DzfVs+cK7FOuAWO/DqjpVpwjqgBHlfRSPAwrfx2D3GDBNgsQYViJxu90eHx8f9OqjUCiYm29sbEzkeosRJ4BDXFZ5PkHclnz5PPgEUU9e4EKIMQhmTni+TP58GekpxmXO7Xar1WqTyXTp0iU6f1poZhcZY7BdRKajF8NTlS0/hF2K9T6sqiE7BR8R5X18aouxA2uPAdNEkvdjoqKikpKSmDV37twJrwjxKdb/c3BzwmPhy0g/Ojo6Njb26quvEgSRkJBgNpv1en1vby99PhlRTGkdIVu+GLjeJwXc6fT29kotdAYQ6X2AeILEGI1GEx0d/eeff6akpBAEMTg4qNVqpdNGvDi+9w39fv+NGzeeffZZgiDsdvvy5cunKYgPkYKmyp49e1paWkpLS+12+9KlS5GqBEEwZaGWCQkJCoWCDic0KpVKJpP9/vvvL7zwAkEQW7Zs2b1796lTp2w2G59QrDVUKtXExMTdu3fRK5wulyvkSWk0mqioqOvXr69YsQKNT3/Ft45cuJYhCOLAgQOlpaWffvqpTqczGAxff/11eNVjsXbt2rVr1xIEkZubm5eXx40xixYtUqlUfX19q1evZn3Fneno6Kjb7f74449Rkft764j1PgI3nUAgMPe8DwgDQe90SkpK8vPznU6nzWZbs2bNiRMnxJyisH6hPzw8LOa+VYw4ARzissrzCeK2FLhbxwqiGOnxnU4n846eb9ZDQ0NMEdic8HyZ/LEZ6SmKKi8vX79+vc1m83q9ZrMZ/Z7no48+wiogYI2MjIySkhKPx2O327Oysph6Mv8pgJizqaDp6IPydGbLn+ouxXof91eC3EHEi+MjoryPoiisA3KVYTqg8B4DQiP03y7TDbhbgRvJamtrRcaYoOIEcIjLKs8niNtSYJdjBSFQevzm5ma5XM59csgScfbs2bS0NOF58WXyx2akR/X79+/XarVyuXzNmjUtLS3Dw8MKhQJd78RbY2hoaMOGDSRJvvTSSydOnGBdAel/CiDmmh40HX0YCSHGRGy2/KnuUqz3HT9+XGSMESOOj4jyPrPZ7Pf7uQ7IVUaMAwLTIfy5ZGYR8dFoZgRVVlZu2LBBoIHf79dqtQJv/MxJIjwdfYSrF7FEmvdR4ICRAeTElJDGxkbh5w0xMTEtLS2vv/76jKkUCUR4OvoIVw8QDzhgJAAxRkLmz5//2muvCbd5Svb3wYMHExMT8/Pzh4eHa2pqamtrZ1ujJ4hw9YDQAAeMBOD/xwAzQXZ2dlNTU3JyssFgiMB09BGuHgD8d5lHUdRs6wAAAADMTeA+BgAAAJAKiDEAAACAVECMAQAAAKQCYgwAAAAgFRBjAAAAAKmAGAMAAABIBcQYAAAAQCogxgAAAABSATEGAAAAkAqIMQAAAIBUQIwBAAAApAJiDAAAACAVEGMAAAAAqYAYAwAAAEgFxBgAAABAKv4H63Krra8ZcioAAAAASUVORK5CYII=)
Screenshot: ![bw.vc vulnerability](/twimages/screen-1137623.jpg)
Mirror: Click here to view the mirror
Coordinated Disclosure Timeline
Vulnerability Reported: |
10 April, 2020 01:05 GMT |
Vulnerability Verified: |
10 April, 2020 01:16 GMT |
Website Operator Notified: |
10 April, 2020 01:16 GMT |
a. Using the ISO 29147 guidelines |
![](/images/done.png) |
— |
— |
b. Using publicly available security contacts |
![](/images/done.png) |
c. Using Open Bug Bounty notification framework |
![](/images/done.png) |
d. Using security contacts provided by the researcher |
![](/images/done.png) |
Public Report Published |
|
[without any technical details]: |
10 April, 2020 01:16 GMT |