Open Bug Bounty ID: OBB-1148554
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:
      a. verified the vulnerability and confirmed its existence;
      b. notified the website operator about its existence.
Affected Website: |
dissolt.ru |
Open Bug Bounty Program: |
Create your bounty program now. It’s open and free. |
Vulnerable Application: |
Custom Code |
Vulnerability Type: |
XSS (Cross Site Scripting) / CWE-79 |
CVSSv3 Score: |
6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N] |
Disclosure Standard: |
Coordinated Disclosure based on ISO 29147 guidelines |
Discovered and Reported by: |
H_chabik |
Remediation Guide: |
OWASP XSS Prevention Cheat Sheet |
Export Vulnerability Data: |
Bugzilla Vulnerability Data |
JIRA Vulnerability Data [ Configuration ] |
|
Mantis Vulnerability Data |
|
Splunk Vulnerability Data |
|
XML Vulnerability Data [ XSD ] |
|
Vulnerable URL:
![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAAA3CAIAAABVZQ1/AAAACXBIWXMAAA7EAAAOxAGVKw4bAAASR0lEQVR4nO2dfUxT1xvHay1QywWxlsqbWtxExgxjyhhzbGO6OIKNqQ6RkU4rEkViHCHokBjGmEGDaDZnjDGaMGfcspjFEGOYqcY0hPmCrLKGYccY1lo6rEhd1Vpr7++Ps53c333rpbSC8Hz+uufcc+75Puec9uk9vfc5U0iSFAEAAABACBCPtQAAAABgwgI+BgAAAAgV4GMAAACAUAE+BgAAAAgV4GMAAACAUAE+BgAAAAgV48LHJCcn37hxgyv5gjIxrAAAABgNY+9jfvvtN5/P99prr7EmX1AmhhUAAACjxI+PuXXrVlRUFOspp9O5Z88erqRwWlpaVq5cyZXEMmbMmMGvJwBoVwvYBCasVoSU0fRMYHXv37+/YcOG2NjYxMTEzz777OnTp4G1HhjBnQmjAU/OEVVB4gOoKxpPtgOAXwK/jxkeHm5oaOBKCkeIj8HMnTvX4XAE0IoQAjaByfP3Mc8fnU7n8XiMRuPFixfb29tra2vHWtFkIaSfAgAILmO8VjYwMGA2m3Nzc1mTrERERDwHYaNBiBUvOo8fP+7s7Dx69GhiYuKCBQsOHDhw+vTpsRb1wiCRSFJSUqgHI2X8fwoAACHIx3z99dfJyckzZ8785JNPnE6nSCRyOp0qlcrlck2ZMuXbb7+lJg8cOBAVFbVv375Zs2bNmDFj/fr1jx8/5rpyS0vL8uXLw8LCmMk7d+58+OGHUVFRCxYsOHXqFCpAXSW4du3aO++8ExUVlZiY+NFHH/3+++88+Q8fPty8eXNsbOzs2bO/+OKLZ8+e0ZTQLKKeQo3u2bMnNjY2Pj7++PHjtMUK2ooH1QpWMU+ePNm4cWNUVNTcuXM///xzLObatWtvvfXWtGnTYmNj16xZc+fOHdbWRSLRs2fPdu7cOWvWrMjIyDVr1ty7d49rpJiGcA0Na12uKtOmTbt9+3ZkZCQq1tvbm5CQMHp7WY0N2F4qq1at2rdvHzq+ceNGREQELr958+bt27ezThIuPayTk8t8JomJidevX0cHV65cQZk///wzj35qGer0Q8f79+9PTk6OjIxcu3btvXv3tm/fHhsbO3PmzA0bNjx8+BCVHBgYWLFiRVRUVHJy8v79+5lrdKziRzT9mLBOaWBS4d/HuFwuo9HY3t5+9epVm81WXV0tEommT5/e09NDEITb7dZqtdTkqlWrXC7X1atXOzo6Ojo6Ojs7GxsbuS7Os1C2devW6Ojo7u7uc+fOUT/GGLVardPpLBZLW1tbTk6OVCrlyd+2bZvNZuvs7GxtbW1paTl8+DDtajSLmJ3Q09NjMpmam5tzcnL4e4xqBauY+vr6R48edXV1tba2GgyGI0eOoMKdnZ2bNm2y2+0mkykpKWnr1q1crTc2Nur1er1ebzabExISuru7uUaKaQjr0PDU9TuaN2/erKqqampqCoq9rF0dsL0YtVqt1+vR8dmzZ30+X2trK0rq9fr8/HwRxyRh1cM1OVnNj2XAqlCn0y1btgz5HibXrl1btmyZTqdjnkL90NbWZjQabTZbamqqw+Ho6uq6fPlyf39/TU0N1hweHt7b26vX60+cOMHaRawfKIHTj9VMrikNTCJIXvr7+0Ui0YMHD1Cyvb193rx5+BRBENSSKImqWCwWlP/TTz9lZmaiY4vFolKpcBWXy0UQxNDQEDPp9XqlUin1IjExMdRWhoaGJBKJ2+2mCWbN93q9BEH09fWhZEtLS3Z2No8JrJ2AdbJWRPJoVnCJVCgULpcLHRuNxqysLGajvb29cXFxrK2TJKlUKjs7O5kiWUeKVoY5NPyjzDWaCKvVOm/evB9++CEo9rIaG7C9VGw2m0wmQ9qysrIqKyuLi4vRdaKjoz0eD+skYdXDNTm5zLcyYFXocrkaGhrkcnlhYaHZbMb5ZrO5sLBQLpc3NDSgbqROP6RweHgYJdva2sRi8aNHj3C3vPzyy1gztg5rxnCJFzj9hJiJpzQwqZD4dUIEQeAb84SEhKGhIb9VpFLp7Nmz0XFqaqrFYsHV29vbcbHz589nZWXhe3ZqcnBwUCQSUS9Ca2LGjBkFBQXZ2dlLly5NSEjIzMx87733uPIHBwc9Hk9ycjK+GvrkCIcgCIHP/1CtYBVz//59h8OhUqlQeZ/PJ5H8Owq//vrrjh07uru7PR6Pz+fz+XysrTudzqGhofT0dKZIvyPFNTQ8dbmqIAoKCioqKtauXRsse5ldPRp7MfHx8SkpKe3t7WlpaTabrba2NiUl5dmzZ3q9/oMPPggLCxsYGGCdJEw9XJOTa04mJibyCMNERkbu3LmzrKyspKQkLS0NP6eXlpamVqv7+vqmT5/OWpEgCHwqKSkpOjp62rRpuFvQ0wGDg4M+n49qHe0iXOKZPcA1HKxmck1pYPLg38cEkalTp8bHx+PkiJ4oY/L9999fv37dZDLZbLbKysolS5Z88803rPl4ueA5QLOCVYxYLO7o6MBftWLxvyuWGo2mtLT0yJEjUqnUarXm5eXxNDR16tTQWSGQgYGBrq6uX375BeeMZ3vz8/P1en1fX59arZ4+fXpGRobBYMALZUGBdU4yF8fu3r3LWv3PP/+sra01GAz19fU4s76+vqmpqby8vL6+/qWXXgqWVIHiuQozh4PVzBENMTAx4b/N4VkUErhWdubMGdrqCsLr9SoUCnzzzkxSlyPOnDlDWyujYTQak5KSuPJHv1ZGy3/w4IFYLMYLNW1tbUgezQoukQRBMJcaBgcHJRIJtTCPyUql0mg08oikjhQ1k3Vo+EeZZzS9Xi+XsYHZyzUEgdlLo729PSsra+XKlefOnSNJ8vDhw9u2bYuLi7PZbCTHgiqrHq7JyWW+wLWysrIygiAqKysdDgftlMPhqKioIAiirKyMZKyV8fQDTiLN/f39KJ+5VsYlXuD0YzWTa0oDk4rAfYzL5ZJIJHjhGCfRt1JBQYHVajWZTBkZGXV1dfgKeMHXYDAsXLgQ59OSJElqNBrqRWhfuN3d3Xl5eRcvXnQ4HBaLpbS0VK1W8+SXlpauXLnSYrGYTKZFixYdPHiQJMkHDx5IJJKenh6v18u0CEtl/ZhlZWWVlpba7Xaz2ZyTk4Pk0azgElNWVpadnY1+MDY2NtbX16PySqXy8OHDw8PDZrNZo9Hw+JiGhoasrKyuri6r1bp161aDwcD/XYNs4Roavz6GazSpvRQUe7l8zEjt5UKpVCqVSqTZarVGR0dnZGTgs8xJwqWHdXJymS8QrVaLfQAr/f39Wq2WDMjHkCRZUFCg0Wj6+/tNJlN6ejqtu7jEC5x+XJpZpzQwqQjcx5AkWVdXJ5PJmpubqcn9+/cTBLF3716lUhkTE7Nu3Tr8DyT1alVVVTU1NfhStCRJklardfny5QRBpKSkNDU10b5wPR5PXV1dSkpKeHi4UqnUarV2u50n3+Vybdq0SaFQJCUl1dXVIadCkmR1dTXThObmZp6PMaK3t3fp0qUEQaSlpR08eBDJo1nBJcbtdldUVCQlJclksvz8fPzb2WAwZGZmSqXSuLi4yspKHh/j9Xp37NihUCikUqlGo3E4HELuONEBc2j81mUdTeZ8GL29XN/pI7KXh+Li4oKCApzMzMykjhdzknDpYZ2cXOYHncB8jN1uV6vVBEGoVKq9e/fSuotLvMDpxyWVdUoDk4opJEkGd/Ht1q1bCxcu/Oeff/iLLViw4MSJE2+++SZr8gVlnFshcGhGWQUY/9y8efPdd9/9+++/x1oIMPF5rv/5U7l58yZP8gVlYlgBTHiMRuO8efPGWgUwKRj7uMsTlRs3bmzZsoWnwNOnTz/++GP4LRlcmG8CIuBW7Msvvzx+/Pjdu3evXLlSU1NTVlY21oqAScGY3cdMeHQ6XVFREU+BsLCw8PDwqqqq77777rmpmvAYjUbWfAhUnJubW1FRUV5ePmfOnG3btq1fv36sFQGTg7H+Q2jigMI2o2OHwyEWi6nPXLnd7qKiItrfp52dnUF58/nSpUsZGRkymSw7O7urq2ukakOKw+HQarUKhSIhIaG6utrj8eBTAcgeh00AAMADrJUFDerWAC6XSyaT4eC4T548ycvL83q9tCpyudzlco2+6aKiorq6OvSOW0lJyUjVhpR169b5fD60BcClS5eobxcGIHscNgEAAB9j7eQmDvxPlO7evZv5GCjXo7EjRaFQoDf7zp49m56ePlK1ocPlconFYmo0rZSUFHw2ANnjsAkAAHjw72O4XhpoampSqVQxMTHFxcX440eSpNvtLikpIQhizpw5tbW1uHxDQ4NCoYiLizt27Bgzh7Uh8r+vQlpJJqhYY2Mj65sfzOr8RslkssLCQofDUVVVpVAo5HK5TqejhiNkNjQ8PIzdNu31GppI/hxMa2ur36HB1NbWpqenl5eXp6enm0wm2tmrV6/m5OQQBJGQkLB69eru7m5WtUyjuAaF9Zqswvjf3uCR3dfXJ5PJUHQAh8MRExNz8eLF4DZx6NCh5cuX42RNTc26desCaAIAAB78r5VxBTzv6upCYdUtFgs1IBhrIHdmeHBmDlf4fWZJ1ijiPFHrmbHZuYwSEiOdtSH+rQECgD/SOw0UBKW5ubm1tfXVV1+lnWXGbGeq5eo9rkEZTRB7IbKTk5NramoqKipEIlFtbW1+fv77778f3CY0Go3BYMDPm7W0tKxevTqAJgAA4IPfBfEEPKdG66KGVWcGcmeNjU/L4QkpJmKEFmdGRuKPWs+Mzc5llN8Y6Tyx7v2GBuC/j2FufMAa6Z3JsWPH0tPT7XZ7bm5uXl4eSZK9vb1KpRKd5YnZTosPzzSKa1CEB7HnuQPgl02SpMfjSU1NraurUygU+IX54DaRnZ19+vRp3Bs4xozwJgAA4MePj7HZbOHh4ThpNpvRJh9cHzkUX13xH3K5XKlUClkjYm2ItSQr/f39UqkUJ7u7u9FXCWv1kRpFTXI1RI7ax3i9XhSckcrQ0JBGo6EGFmSCN/Ow2WwKhaKhoeHy5cvUMFxFRUUZGRmVlZVNTU2XLl1iVctqFNegcF2TCU+v+pVNkiTaVQwFlwtFE3v37tXpdCRJHjp0qLCwMIAmAADgJ8jvx7jdbmYgd4/HE9xWmMsXHR0dwW3i+UPb+EDEEemdxt27d4eGhl5//XWRSBQfH9/c3KzRaDo6OqibdY4oZrtABAax5xoXIbJFIpHdbheLxXa7HecEt4nVq1ej5NmzZ/EWkxNydgHAWOHHxyiVyvDw8L/++gvtbtTT04M3m2IlPj5eJpPhzzbi1q1bfnWMqCHme3Zer9ftdt++fRvtHGU2m+fMmRMso2gIb2g0bNmy5eTJk5s2bTKbzTNnzuQqJpfLJRLJH3/8MX/+fJFItGLFipKSkqNHj5pMJmqxxYsXL168WCQS5efnq9Vqpo9hNYq/o5jXZI5LTEzMo0ePnE4n2kTLarUqlUqBsp1OZ1VV1alTp8rLy7Va7SuvvCJiG/rRNDF//nylUnnhwoXLly//+OOPKFN4EwAA+MfvnY7fgOe0pQNmIHeBz1Oxht8XvlYmEhC1PmCjqGtlrA2R/781gMVioa4+cVnd29tL3SsBh38mBUR6x5SXly9ZssRkMjkcjubmZvQE3a5du9BZrpjtVLU8RrEOyoiC2Ofl5Wm1WpvNhjZBwML4ZaMCaP1q9+7dubm5PD0QcBPkfw+e+Q3Cz9UEAAD8BP7sMi7Qz9iqhBbIXaCP4Xl22a9IgVHrAzaK6mN4Yt3jrQHcbrdUKqX9V88Uc/r0afzSRsAvrLjd7urqapVKJZVKFy1adPLkSfTgL9rVgyfgPG0jA1ajWAdlREHsBwcHi4uL5XI57Q15ftkdHR0EQaDHENxut0qlOnHiRHCbQKC7Fqp3H1ETAADwE/zY/mPCcwtBL7yhTz/91GQyXbhwgavAkydPUlNTd+3atXHjxhFdOehM5gD+Dx8+VCgUNpuNumU9AADBAmJihoqmpiau+IyIiIiIkydPvv322zgH/+0MPDfOnz+fk5MDDgYAQgTEKwsVYWFhb7zxBn8ZqoOJi4v76quvQiwK+D+cTid6anmshQDAhAV8zHghIiJi6tSpY61icoH/fxprIQAwYZkg/8cAAAAA4xC4jwEAAABCBfgYAAAAIFSAjwEAAABCBfgYAAAAIFSAjwEAAABCBfgYAAAAIFSAjwEAAABCBfgYAAAAIFSAjwEAAABCBfgYAAAAIFSAjwEAAABCBfgYAAAAIFSAjwEAAABCBfgYAAAAIFSAjwEAAABCxf8AP3uqNSWEtKUAAAAASUVORK5CYII=)
Mirror: Click here to view the mirror
Coordinated Disclosure Timeline
Vulnerability Reported: |
21 April, 2020 21:21 GMT |
Vulnerability Verified: |
11 May, 2020 08:07 GMT |
Website Operator Notified: |
11 May, 2020 08:07 GMT |
a. Using the ISO 29147 guidelines |
![](/images/done.png) |
— |
— |
b. Using publicly available security contacts |
![](/images/done.png) |
c. Using Open Bug Bounty notification framework |
![](/images/done.png) |
d. Using security contacts provided by the researcher |
![](/images/done.png) |
Public Report Published |
|
[without any technical details]: |
11 May, 2020 08:07 GMT |
Vulnerability Fixed: |
8 May, 2020 20:58 GMT |
— |
— |