Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:
      a. verified the vulnerability and confirmed its existence;
      b. notified the website operator about its existence.
Affected Website: |
espace-projets-interassociatifs.fr |
Open Bug Bounty Program: |
Create your bounty program now. It’s open and free. |
Vulnerable Application: |
Custom Code |
Vulnerability Type: |
XSS (Cross Site Scripting) / CWE-79 |
CVSSv3 Score: |
6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N] |
Disclosure Standard: |
Coordinated Disclosure based on ISO 29147 guidelines |
Discovered and Reported by: |
g0bl1nsec |
Remediation Guide: |
OWASP XSS Prevention Cheat Sheet |
Export Vulnerability Data: |
Bugzilla Vulnerability Data |
JIRA Vulnerability Data [ Configuration ] |
|
Mantis Vulnerability Data |
|
Splunk Vulnerability Data |
|
XML Vulnerability Data [ XSD ] |
|
Vulnerable URL:
![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAAA3CAIAAABVZQ1/AAAACXBIWXMAAA7EAAAOxAGVKw4bAAAQl0lEQVR4nO2dfUwcxf/HtzyUAw4oT1cejvBQpYQ0lBhEVIzGNhUJITTSBxGVWkKxoRVPqAVNRWKoodDGh5DGaEKNSf2jMQ0xBglqPMlZC8WDnpQiEHocV8SDgm7b43qw3z/2l/2tuzNzc8cdXOnn9dfN7OzM+/OZ2fvczrIfNnAcxwAAAACAB/BZawEAAADAugViDAAAAOApIMYAAAAAngJiDAAAAOApIMYAAAAAngJiDAAAAOApvCLGJCcnDwwM4IoA8ADihVeBhyR5iaVeImP9sfYx5urVq8vLy9u3b0cWAeABxAuvAg9J8hJLvUTGusRBjLlx40ZISAjy0MLCwsmTJ3FFejo6OgoLC3FFYIUQZpDHtYlz2O1KOl9laGwRGyJp/+abbwYGBp47d45yOJr2q38VOHQCWZL4dKcmXej21q1bBw4ciI6Ojo+Pf/vtt+/du0etXSrABeBrx4NwRCYmJpRKJc0hQksy2dnZXV1duCKwcqxWK+GoyxNH7naFna8yDm2RGCK0t1gsPj4+er3ebrfTDETZfvWvAocz5VCS4BOnJl3otrCwsKSkxGQyDQ8P5+bmHj9+nLIHFwYlyADczhrvld28eXNkZOSZZ55BFgG3EBAQcB91uyY4a4vQnmXZoKCg7du3+/r60pxI094LrwIaSS6sB6Hbu3fv9vf3f/bZZ/Hx8Vu3bj19+vSFCxec6srPzy81NdVZARIZrp0OkKGKMR999FFycnJkZOTLL7+8sLDAMMzCwkJSUhLLshs2bDh37py4ePr06ZCQkFOnTm3evDk8PPzVV1+9e/curueOjo5du3b5+/tLirt37z516hRfOTAwEBAQwI/LMMyhQ4cefvhhwtHa2lry6bW1tWINi4uLBw8eDAkJSUxMfO+995aWlvj63t7ep556KiQkJD4+/oUXXrh27Rp/P440rbe39/HHHw8MDIyOjt6zZ8/U1BRfv7S0VFdXt3nz5uDg4D179szOzhJGlIMbka8/efJkdHR0bGzsF198wTDM7du3Dx06FB0dnZCQ8P777/PdivcQ5ONK5hFpNUGY+HNra2tycnJ4ePhLL72EXCRIAUhDcM5EasMJRnoDOSNiW5BDSwwR2s/OzjrlPUl7pO3Mfy8KZIeEFSsRjxsCuSwZ1JVOKUnwCc2ky7sNDAycnJwMDg7m60dHR+Pi4hiGmZqaeu6554KDg7ds2XLmzJnw8HDclRIfH3/lyhWh+P333+NayhtIvoUA9+I4xrAsq9frdTrd5cuXzWbz8ePHGYYJCwsbHh5WKpVWq7W0tFRc3L17N8uyly9f7uvr6+vr6+/vb25uxnWOexhTUFDQ3d3NV3777bfLy8udnZ18sbu7u6ioiHA0Pz+ffHp+fr5YQ2Nj4507dwYHBzs7O7Va7dmzZ/n6goKCsrIyo9HY09OTm5urUCh4byBN6+/vr6iomJ6eNhgMarW6qqqKr29ubu7u7u7u7h4ZGYmLixsaGiKMiPM/ckSWZYeHhw0GQ3t7e25uLsMwR48eNZvN/f39nZ2dHR0dbW1tkq7k40rmEWe1Q1iWHRwc5BeJ0Wisr69nZIsEZ7jcEJwzkdpwgnHeQM6IAHJouSE8kZGRTnlP3l5uO/PfiwLZIW79IMUjh0A6AXmlU0oSoJx0ebcC169fr6mpaWlpYRimqqoqNDR0eHi4q6urvb1daBMtQ9JJWVnZjh07xFFHoLe3d8eOHWVlZWQZgNsgb6VNTEwwDPPPP//wRZ1Ol5KSIhxCPo/hTzEajXz9N998k5WVxX82Go1JSUnCKSzLKpXKubk5edFsNgcFBfE7vNnZ2RqNpqSkhO88NDTUaDQSjtpsNvLpNptNbGNUVBTLsvxnvV6fnZ3Ncdzc3Jyfn59km55gmpjR0dGYmBj+s0ql6u/vlzRAjogENyJfL7iO4zi73a5UKsfHx/liR0dHTk4O999pQo4rboC0GidMOEuySHp6enCLRC5AbogEwZlIbTjBOG9wqBnBbeWL51FiL/IzjffkfpPYLr4KcB3SrB9ePM69SCfgrnQaSTifENRKLn8ek8mUkpLy9ddfcxxnt9sVCoV48W/atEloJkGih2XZpqamiIiIvXv3joyM8JUjIyN79+6NiIhoamoSJCFlAG7Ez2EQUiqVwk5CXFzc3Nycw1MUCkVCQgL/OS0tzWg0CqfrdDqhWVdXV3Z2tnD/Ky7GxsampqbqdLr09HSz2XzixInU1NSlpaXu7u6dO3cmJCQQjvr7+5NPF98U37p1y2KxJCUl8cXl5WU/Pz+GYcLDw4uLi3Nycp599tm4uLisrKynn36aYNrvv/9+7NixoaEhm822vLy8vLzMMMzCwsLc3FxGRobYObgRGYYR/xz7+++/yc5UKpXirYOZmRmbzZacnCy05L81aMYVwFmN0yYgXiRqtRq5SHACJIYwGGciteEE47yBnBGHQ1NC8B4Oue3iqwDZIWEekeLlQ+CcgLvSHUoiGEhQK7n8eYqLi6urq/ft28cwzMzMDMMw4sUvNIuPjycMyjBMcHBwXV1dZWXla6+9lp6ezv+VWnp6ekFBwfj4eFhYmNASKQNwI45jjBvx9fWNjY0ViuS/Ws7Pz+/u7h4fHy8oKAgLC8vMzNRqtcJOF/koTQMeq9Xq4+PT19cnLH0fn//bPzx//vyVK1cMBoPZbNZoNE888URNTQ3OtKKiovLy8rNnzyoUCpPJlJeXJ7aackS9Xk/pSRcgjCtGbvUnn3ziFm1IATabTd4S50ykNpxgAoTn7YR5pMEFMRIkV4G8w/r6etw8OiWe8o8UaCQRbCSsOvkO1c2bNwcHB3/99VeHkuSbY/LfPWNjYydOnNBqtY2NjXxNY2NjS0vL4cOHGxsbt2zZgpMBuBnybY58Q0y4XaXcK7t48SJyQ8lut0dFRQm7GZIix3E6nS47O7uwsPC7777jOK6tre3o0aMxMTFms9nhUZoGAkqlUr6dJUGv16vVapxpMzMzfn5+4saCl1QqlV6vd2FEHtyI8u0dmr0y5LiEP/rkrcYJw+2NEBaJXIB8dIIzHWoTKsl7ZZIZETQQhqbZK6NRSD5XfhUgO0TOI1I8Th7BCUKRt51SEsEupFpkt3a7XVwj2Su7ePEi/V5ZZWWlUqnUaDQWi0Vcb7FYqqurlUplZWWlQ+sAt+B6jGFZ1s/PT9jrFIr812JxcbHJZDIYDJmZmQ0NDUIPwk6uVqvdtm2bUC8p8qhUKpVKxZ9iMplCQ0MzMzMpjzpsICiprKzMycnhf5c1Nzc3NjZyHDc0NJSXl/fjjz9aLBaj0VheXl5QUEAwTaVStbW1zc/Pj4yMFBUVCV5qamrKzs4eHBw0mUxVVVVarRY3Is7/yBGR3x3l5eWFhYVGo9FgMDzyyCMff/yxpCVyXPE8Iq3GCaOJMZJFIheANATpTKQ2gmCkN5AzItaAm0exITjbcWLETy/IMUZyFeA6xK0fuXhcjCE7QTyJlJLEpzucdHm3ApInPUVFReLFj/y1gaS0tHRiYgJ3dGJiorS0lCADcCOuxxiO4xoaGoKCgtrb28XF1tZWpVL54YcfqlSqTZs2vfLKK3fu3JH3VlNTU19fL3QlKfKUlJQUFxcLxaysLHEb8lFyA7ESq9VaXV2tVquDgoLy8/P5HzU2m62hoSE1NXXjxo0qlaq0tHR6epo/C2maVqvNyspSKBQxMTEajUbwkt1uP3bsWFRUlEKhKCoq4n9VIUck+F8+IvK7g2XZioqKqKgotVrd0NDAv+Xn0FJONI9IqwnC5J854iKRC0AagnQmUhtBMNIbyBkRa8DNo9gQnO2ENUPjN052FeCsw82jXDwuxpCdIJ5ESkmS08mTLu9WMqiAyWTatWtXUFBQSkpKS0sLfYyhBCkDcC8OYowLUL5wm5qaeunSJVzRO1n9t9ZXPuL98qY9wHnlVeAhSS50K49AayIDcJZVfeYv5vr164QiADyAeOFV4CFJXmKpl8hY36x93mXAc9y7d0+n06nVavmhgYGB119/nXzuiy+++Ndff1GOBanRAQCQAzFmPVNRUVFVVdXU1CQ/VFZWJry1gMTf33/jxo2EP9cWA6nRAQBA47ltOMonAfPz801NTTT9eGJD1iE0Vjg0wRsQi+Sz/4r/hsdqte7fv19iaX9/v/CiO5kPPvigqqpqhQrXjasBABDw4H1MYmKixWJx2Iz/1vCcjBVCY4WXm8AjFsln/xUS5S4uLubl5dntdskpERERLMvSdO6WF9nWjasBABDw7F6ZW9K/C1m7V5K+eyWspyT2SKanp3fu3MlnIXQBN6ZGX/euBoAHDccxBpnKG5cgXZxFXJ7+XZ6jXp4JXJ6UW8jaHR8f/9tvv/GVTuXupjSBQeXMF6xYiQnuStHP588PDg7et2/f7OxsbW1tdHR0ZGTkgQMHbt++7ZRIMYmJie+8847DlYD0LUOR+J1mtTCi/PArcTUAAF6F4xiDTOWNyw0uzyIugMxRL88ETkjKLcap3N30JpCtWIkJK0/Rz6de7+np0ev1ZrM5LS3NYrEMDg5eunRpYmKCT6dPL9I15L5lKBK/r/lqAQBgzSA/rsGl8sblBhenyJanMUdmxZc86UUm5ZZDn7ub3gSyFSsxwS0p+hmGmZ+f5+t7enp8fHyELAM6ne6hhx6iF4l8ui6vFNcgfcvRJX6nWS3ucjUAAF6Fg/sYIZX3W2+91dra+vPPPzPE3OCEFNm4HPUS+KTco6OjNpstPT0d1xuyWXp6us1mGx8fr6urE/6nnlMmkK1YiQkrT9GvVCqFnORqtTo0NDQwMJAvxsXFCU/LKUU6C9K3DCbxu7etFgAA1grHe2Xnz5///PPPMzIybDabRqM5cuQIX0+fG9xZxsbG+Dx9QlJuymaNjY1arfbw4cNjY2P3hQn3ETjfyhO/g6sBAPh/nLrrEVJ5O8wNzhH3ysQJ/yUn4pJyS6DM3e2UCWQrVmKCe1P0c7JXhYQipUgX9so4lG8pE7/TrBbOTa4GAMCrcHAfc+3ateeff/6nn36anZ2dnJz89NNPMzMzGYaprq6uqKi4evXq1NTUkSNHfvnlF5p4ptFopqam/vjjj4aGhoKCAr4yKirKarX++eeffJFlWYPB0NraGhkZSegK1ywyMvLMmTMGg0F4scN7TECeK8HX13f//v3V1dWTk5N8y5KSEhphTon08fGRvw0jx263i/9Xpty3Op0uJiZG2NnzHlcDAOAtkEMQLpW3w9zgHOqHMzIrPif7HwHuhd4EztF9jMsmuDdFP0e8j6ERabVaFQqF5CG5XMyFCxcyMjIIvqVM/E6zWjg3uRoAAK9iA8dxqxDJbty4sW3btn///XcVxvIQKzFh1cynH+iNN94wGAw//PADrsHi4mJaWtq777578OBBXJutW7d++eWXjz32mItyMayD1QIAAM+a5fYH1paWlha9Xk9oEBAQ8NVXXz355JOENpAaHQAAMpB3+QHF39//0UcfJbchBxgAAACHQIwBAAAAPMUqPY8BAAAAHkDgPgYAAADwFBBjAAAAAE8BMQYAAADwFBBjAAAAAE8BMQYAAADwFBBjAAAAAE8BMQYAAADwFBBjAAAAAE8BMQYAAADwFBBjAAAAAE8BMQYAAADwFBBjAAAAAE8BMQYAAADwFBBjAAAAAE8BMQYAAADwFP8Dqaw+2VRkrrUAAAAASUVORK5CYII=)
Screenshot: ![espace-projets-interassociatifs.fr vulnerability](/twimages/screen-1138090.jpg)
Mirror: Click here to view the mirror
Coordinated Disclosure Timeline
Vulnerability Reported: |
10 April, 2020 10:52 GMT |
Vulnerability Verified: |
10 April, 2020 11:00 GMT |
Website Operator Notified: |
10 April, 2020 11:00 GMT |
a. Using the ISO 29147 guidelines |
![](/images/done.png) |
— |
— |
b. Using publicly available security contacts |
![](/images/done.png) |
c. Using Open Bug Bounty notification framework |
![](/images/done.png) |
d. Using security contacts provided by the researcher |
![](/images/done.png) |
Public Report Published |
|
[without any technical details]: |
10 April, 2020 11:00 GMT |
Vulnerability Fixed: |
12 May, 2020 13:49 GMT |
— |
— |