logo
DATABASE RESOURCES PRICING ABOUT US

quiltinginthecountry.com Cross Site Scripting vulnerability

Description

Open Bug Bounty ID: OBB-1153991 Following coordinated and responsible vulnerability disclosure guidelines of the **[ISO 29147](<https://www.iso.org/standard/45170.html>)** standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence. Affected Website:| **[quiltinginthecountry.com](<http://www.quiltinginthecountry.com>) ** ---|--- Open Bug Bounty Program:| **Create your bounty program now**. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| **[XSS (Cross Site Scripting)](<https://www.owasp.org/index.php/Cross-site_Scripting_\(XSS\)>)** / CWE-79 CVSSv3 Score:| 6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N] Disclosure Standard:| Coordinated Disclosure based on **[ISO 29147](<https://www.iso.org/standard/45170.html>)** guidelines Discovered and Reported by:| **Dipu1A ** Remediation Guide:| **[OWASP XSS Prevention Cheat Sheet](<https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.md>)** Export Vulnerability Data:| Bugzilla Vulnerability Data JIRA Vulnerability Data [ Configuration ] Mantis Vulnerability Data Splunk Vulnerability Data XML Vulnerability Data [ XSD ] Vulnerable URL: ![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAAA3CAIAAABVZQ1/AAAACXBIWXMAAA7EAAAOxAGVKw4bAAAT6klEQVR4nO2df0xT1/vH77CyUipgLVd+VIaoBRlDZpSxjTijxBEkpHOMbaxBhoQhI8wZ4pA5xphBwgfJ4pwhRg0aY5bFGEOahRFcSOMYQ+xqV0ntkFVWK4MGgVVAwN7vH+ez873r/dHbSgU/PK+/7rn33HOe85xz73N/nPu+z1AURQAAAACAD/CbbwMAAACA/1kgxgAAAAC+AmIMAAAA4CsgxgAAAAC+AmIMAAAA4CsgxgAAAAC+YkHEmNWrV9+4cYMrCQBzCwwwAHhizH+M+e2335xO54YNG1iTADC3wAADgCeJmxhz586dZcuWsW4aGxs7cuQIV1I4LS0tWVlZXMkFCPaJi3PoHuDxm/Dy+Zmr6nyB14PhCeDdABPSorntBXppT9ifXjTk/v3777//fmhoaGRk5CeffDIzM4PWnz17dv369QEBAevXr//666/dluO2pfSjb/ny5R4ZSbA17eOPPw4ICDh79qynRQFCoXixWCxSqVTIJp6c/CQnJ7e1tXElFyZTU1OUOw+gPI9TPj/06rx2vo9YaPbQ8W6ACWnRnLcaD4Mn7E8vqsvKysrNzbVarSaTKTU1taKigqKokydPKhQKjUZjt9s7OjrWrl1bU1PzmFXjDBaLJSQkxCMjEfSDy263+/n56fX62dlZL4oChDDPz8ru3btnNpu3bt3KmlywPPvss3OSxxf7Ajw8LQMM8bQMg8nJSZ1Od/LkycjIyNjY2MbGxosXLxIEUVNTc+bMmZ07d65YseK111777rvv6urqHjx48Dh1iUQipVJJX/AUulcdDodEItmwYcOSJUsexyqAD/4QhK4avvrqq+joaJlMplarR0dHKYoaHR3FJTQ3N9OTR48elUql9fX1JEmGhITk5eVNTExwld/U1JSTk8NMqlSq+vp6tFKv1/v7+6N6KYoqKipau3Ytz9by8nL+3cvLy+k2WK3WHTt2SCSSmJiYxsZGdHHEvEfBF030Kymcx8UhzJuMhoaG6OjokJCQ3NxcbIzNZsvIyJBKpdHR0Q0NDcyqufZlrY7ZTRRFTU1NFRQUSKXSqKioqqoqfL02OztbUVFBkqREIsnOzrbb7RRFORyOoqIiuVyuUCiqq6tRZi5XeGRbbW2tXC4PCws7derU8ePHd+zYgQusrKzMy8tzGRiemofMkEgkOTk5dru9vLxcLpfLZLL8/HyHw8E63lir6O7uTklJEYvFcrk8OzvbarUyW8SVzcVRrNay9jgruDRm7ax96pEf6FUwD1Wu4cSV34ULFy5s2bIFmT09PU3f1N3djcwQ6GeBtLa2CsxD7yO73e5y1qKPUi4jvfDzIsf9fYzD4dDr9Z2dnd3d3TabraKigiCI4OBgk8kklUqnpqbUajU9+cYbbzgcju7u7p6enp6eHp1OV19fz1U418uYzMzM9vZ2tFKj0TidztbWVpRsb29XqVQ8WzMyMvh3z8jIoNtQWloaFBRkMpna2tqam5vdOoQVF4e4bHU4HAaDAflwYGCgsrISV+3v79/X19fe3n7u3DnWkln3ZVbH2k0EQdTU1ExMTBgMhtbWVq1W29TUhNbX19e3t7e3t7ebzeaIiIje3l6CIMrKymw2m06na21tbWlpOXHiBH+rhdtmMpmMRmNzc3NqaqpKpdJqtX///TcqpKWlZdeuXS4le2QeavvVq1f1er3NZouLi7Pb7QaDoaury2KxYG8T/x5vrFXodLqioqLBwUGj0ahQKEpLS1lbxJrNBVZrhfS4C8zaufpUuB/oPch6qHINJ7eH9q1bt8rLyxsaGhwOh1gsXrp0KX3r5s2bAwMDhfs5lAGri/Lz87dv3379+nXWrdeuXdu+fXt+fr7L+hUrVricteijlMtI7/y8qOEPQRaLhSCI8fFxlOzs7IyJicGbWN9GoF0GBgbQ+kuXLm3atAktDwwMREdH410cDodUKh0ZGWEmbTabRCJBT06Tk5P379+fm5uLCg8KChoYGODZOj09zb87/dpqdnZWLBbTrfXuPoZiu/9g9eHVq1eRD1HV/f39PFVz7cufjd5NcrkcX1jp9frk5GS0TJKkTqejaMzOzkqlUmxPS0tLSkoKjys8sg33MiIlJeXixYs4J/P9k0fmEQSB79uuXr3q5+eHr687OzvXrl2Lll3GG7MKF/r6+sLCwpgt4spGz8NqLVePs8Lzvo21T4X7gV4F66HKNZx4Dm2E1WqNiYn59ttv+T3mAo+frQxYS3A4HLW1tTKZLCcnx2w24/VmszknJ0cmk9XW1iKP8Z+1XEYpq5Fe+HmRI3IbhKRSKZ6JERERMTIy4nYXsVi8atUqtBwXFzcwMIB37+zsxNna2tqSk5Px5BB6Mjw8XKlUdnZ2xsfH22y2qqoqpVL56NGj9vb2tLS0VatW8WxdunQp/+70a6uhoSGCIOjWum2dF9B9qFAokA+HhoacTufq1av5q2bdlz8b7qb79+/b7fbo6Gi03ul0ikQigiDGxsZGRkYSExPpJQwNDU1PT9PtQYeTp+1izeYyBUilUmk0mjfffFOj0WRkZLi8ePDUPKlUGhwcjM0ICgoKCAjArsCPROgDjLUKgiB+/fXXAwcO9Pb2Tk9PO51Op9PJ2iK32Vit5elx+hX68PAwa6UIrj4V7gc6XIcq11HPlR+RnZ29b9++t99+myAIkUg0OzvL1QqBfo6MjOR0BI3AwMCDBw8WFxcXFBTEx8fjWW3x8fGZmZn9/f3YLTwwRymXkV74eTHjPsbMIUuWLAkPD8dJ/lnLGRkZ7e3t/f39mZmZwcHBSUlJWq0WP+ni3yokw2JgamrKz8+vp6cHn4b8/P7/6eg8vufctWsXehyh0WiYDzEQc24ec9YyswqVSlVYWNjU1CQWi61Wa3p6OmtRArMJR6/XC8zJ36fzyL179wwGw88//4yS6PZ0ZmaGfkl3/fr1uLi4wMBAgQ5kPhzjCsC3b9+uqqrSarU1NTV4ZU1NTUNDQ0lJSU1NzZo1azxt0Zz38uLEJ6Nzamrqzz//RMtmszkqKoqZ59GjRxqNBh/zLknin1cy+LygUqkuX77c0dGBggT/ViEZECRJEgRBtxYtyGSyiYkJ/M7AarXOhWP+BUmSfn5+d+7cQUmTyTTnVYSHh0skkpGRkch/QDE+ODhYJpO5fOtOkqS/v/8ff/yB7UEXy75wxbp160iSvHLlSldXFzPqe2SeQFwGGGsVw8PDNpvts88+W7NmTWRkpFgsZi1KSDZWa3l6PJIGf0O4+tQ7hByqAvOTJGk0GnEyODhYoVBotVq85ubNm1u2bCEE+5kgCD0D1mx79+5NSkoKCwszm80HDx7E6w8ePGg2m0mSTEpK2rt3L3/TXBBuJOAG/kdpPK8lHA6HSCTCTz9xEj3BQNMwjEZjUlJSdXU1LgE/eddqtQkJCXi9SxJBkiRJkmgXq9UaFBSUlJQkcKvbDNgSlUpFtxY3MDk5ubCwcHBw0Gw2p6amMt/HjI+Pi0Qik8mEJvbQHcLzMJ3uw+zsbJVKZbFYjEZjYmIi17wyt/7nyVZcXJySkmI0Gm02W319Pf5Aoba2Njk52WAwWK3W0tJSrVZLUVRhYWFWVtbAwIDRaNy4ceOxY8d4XOGdbZiqqqrExMTMzExmj3hkHo8Z9CRzgLFWQZLkiRMnRkdHzWazSqXiGu2s2VzGA6u1rD3OCr1dLrWz9qlAP1D//uyG9VDlfwPHdWhTjO+66N/HaLXa+Pj4w4cP8ziQ2VKBqNVqi8XCk8FisajVatamsb5b5TFSuJ8BhPcxhqKo6upqiUSCZxmiJJoFWFdXx5zgSC+tvLy8srISF+WSROTm5mZnZ+Pkpk2b6Hn4t/JnoFtCn7tMn07a19e3bds2qVQaHx9/7NgxZoyhKKqiooLpAda5y6w+HBwczMzMRDNZ6+rqPIoxXNVRjBPKvn37FAqFRCLJyMjAL5xnZ2cPHDggl8vFYrFKpeKZHMzlCu9sw6BrUuw6l2zCzRN4zDMHGGsVWq1206ZNYrE4LCxs//79XKOdKxt9PLBay9rjrLi0i147a58K9ANzdDEPVf7Z6qyHNrNGRHNzc1xcnFgsViqV+JJFuJ/nHI9iDKuREGM8xU2M8QKB80mUSmVXVxdXcr6YxyFiMplIkpyXqucFNLeVZybP3LJABhidee9x4VO/vMsPAJSQeWU+4tatWzzJRYher4+JiZlvK54cbW1tqampXkhOeccCHGCLrceBxcnjvvNfzDLpN27c4HmRODMz8+677/711188JXz55ZenT58eHh7+5ZdfKisri4uLfWDmQmRsbOz48eM5OTnzbciTZtH2OLBoeawYs8hl0vPz83mmNi1dutTf37+8vJynhK1bt544cUKhUKjV6rKyst27d8+9lQsS/EB/vg150izaHgcWL4/zoO3w4cOlpaWe7jWHT3W9e33itQGjo6O1tbVoGSm24ok0Q0NDubm5MpksIiJi3759aL1Op8MfMPPQ0dGRlJQkkUhSUlIMBoMXhglHoMfGx8fDwsJMJhNe09/fn5WVFRISQpJkYWEh/s7Zbrer1Wq5XB4REVFRUeGiTwUAwCLnse5jFv6/XuYWFGPQMlJsxR+o5+XlicVio9Go1WoNBsOhQ4cIgpDJZA6Hw22x77zzTnV1NfrIq6CgwHf2C+fYsWNqtTo2NhavyczMjIuLM5lMXV1ddru9pKQErc/Ly3M6nXq9/scff+zo6KB/AQcAAOD9fYzNZgsJCfHiuvXpvY/hmlWMpkhhCanu7m6kWSSwIrlcjoSYNBpNYmKiF4YJR4jHxsfHExISsFwVRVFDQ0MikQgn9Xq9QqGgKMrhcPj5+dG1m5RKpQ+sBgDgacX9fczDhw/37NmzbNmy55577vPPP3/06BFa39LSsmPHDiQU8eDBgw8++CA0NHTVqlVffPEFyoN+OXf06NHVq1cvX778vffeGxsbY5bPui9BENeuXXv55ZcDAgJCQ0Pfeuutu3fvovV37959/fXXly1bFhsbe+HCBX7juQpx20Bk/JEjR0JDQ8PDw0+fPj02NhYdHe1wOJ555hmXv+YFBgZOTk4iQVmCIKanp/39/ZkV/fDDD6xGlpSUZGRkfPjhh5WVlS4tQmb85z//Wbly5fLly3fv3j05OclqHo8nPfIYQRDHjx8vLy+n/y4wNDRUqVR+8803BEFMTk42NTUhJRi73S6RSOjaTUj/DQAAAOE+xnAJidMflPGIrrNq2tPh2pdLWBtJ8ff29n7//ff0MyarDLgQDXYepXS61je/ej+dw4cPs77N5lIgRwK9zc3Nra2tzz//vMtWHvV1FylyLk965LEHDx40NjbW1NRERkZ++umnOFBpNJrKysqAgICgoKCOjo5Tp07xeAAAAOC/uL3TYRUSp8uk84uuM7Xf3UqgM23AwtpcUvyUABlwVg12rgayan3zfIGPqa6uTktLY/0EnVWB/NSpU4mJiYODg1u3bk1PT0d24k/z+NXX6eZxedJTjzU0NKCP3vv6+hISEvC32WVlZRs3buzu7m5ra1MoFOgnTvzfPAMAALiJMUjTW/4PMpkMnf4uXbq0bds2lMdms/n7++NdzGYz66mcVc2Ca1+KonQ6XVpaWkREBKoX7Wuz2cRiMc7f29vLf1JjLYRuAFcDWUOI2xhz+fLlmJgYpErClWdkZESlUuHXG/gvJjabTS6X19bWdnV1YV01i8Xi0l4u87g86anHlEolDkgtLS0opE1PT0skEjzn7cKFCzjUQYwBAIAHN9/5cwmJP4EZZZ4Ka7PKgLstZA6V0m/evFlcXNza2rpixQquPC4K5MPDwyMjIy+++CJBEOHh4c3NzSqVqqenBz378jVMj5nN5v7+fvyDEKVSabPZCIIYGRmZnp5+4YUX0PqkpCRfCFEDAPC/h5sYg4XE0XkQgWTSq6qqUBLLmKOfL3kkus61LxbWRtnwb3+wFD86D2IpfoLtDxxchbhtoBfcv39fpVI1NjbyfJG6d+/e8+fPFxUVmc1mFIdkMplIJPr999/XrVtHEMTOnTsLCgpOnjxJ10hHauq4vVzq61ye9MhjEonE6XTSC0HVrVy5UiQS3b59G/2EAxcul8snJibGxsbQa3+r1YqqAwAA+C9u73SYQuJMmXSPRNeFSKBT3OrfXFL8rAjRYBeilI6gC48PDAzgZ1Czs7NpaWllZWVTNCiK6uvro5vHqkBeUlLyyiuvGI1Gu93e3Nwsl8vDwsIOHTqEnUYIUF/n6QVPPaZSqdLT0y0Wi8FgiI+PP3PmDFpfWlq6bdu2/v5+nU6nVCqxLG56erparbbZbEj2H1sOAABACdFdZgqJM2XSPRVddyuBTnGrfyMpfqlUqlQq6VL8rAjRYBeilI7BwuNTU1NisRj/IsUlcqOKLl686PZ7l6mpqYqKiujoaLFYvHHjxvPnz/f390skEvQ7E4Hq6zy94KnH7HY7EiyIioqqq6uj21laWkqSZFRUVENDA15PFziA7/wBAHDhGYqiPL31iY2NPXfu3EsvvTQX91FPMR999JHRaLxy5Qrr1ocPH8bFxR06dGjPnj1eV3Hnzp2EhAT8D0oAAICnC29iDICYmZnR6/WbN2/myvDTTz+9+uqrj1MFxBgAAJ5qIMYsaCDGAADwVPO4/48BAAAAAC7gPgYAAADwFXAfAwAAAPgKiDEAAACAr4AYAwAAAPgKiDEAAACAr4AYAwAAAPgKiDEAAACAr4AYAwAAAPgKiDEAAACAr4AYAwAAAPgKiDEAAACAr4AYAwAAAPgKiDEAAACAr4AYAwAAAPgKiDEAAACAr4AYAwAAAPiK/wP6RUty1FOH+AAAAABJRU5ErkJggg==) --- **Screenshot:** ![quiltinginthecountry.com vulnerability](/twimages/screen-1153991.jpg) **Mirror:** [Click here to view the mirror](<http://1153991.openbounty.org/mirror/>) ### Coordinated Disclosure Timeline Vulnerability Reported:| 1 May, 2020 08:03 GMT ---|--- Vulnerability Verified:| 1 May, 2020 08:10 GMT Website Operator Notified:| 1 May, 2020 08:10 GMT a. Using the ISO 29147 guidelines| ![](/images/done.png) ---|--- b. Using publicly available security contacts| ![](/images/done.png) c. Using Open Bug Bounty notification framework| ![](/images/done.png) d. Using security contacts provided by the researcher| ![](/images/done.png) Public Report Published [without any technical details]:| 1 May, 2020 08:10 GMT Additional notification email sent:| 15 May, 2020 05:33 GMT