melodyloops.com Cross Site Scripting vulnerability

2020-05-01T14:04:00

Description

Open Bug Bounty ID: OBB-1154138 Following coordinated and responsible vulnerability disclosure guidelines of the **[ISO 29147](<https://www.iso.org/standard/45170.html>)** standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence. Affected Website:| **[melodyloops.com](<https://www.melodyloops.com>) ** ---|--- Open Bug Bounty Program:| **Create your bounty program now**. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| **[XSS (Cross Site Scripting)](<https://www.owasp.org/index.php/Cross-site_Scripting_\(XSS\)>)** / CWE-79 CVSSv3 Score:| 6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N] Disclosure Standard:| Coordinated Disclosure based on **[ISO 29147](<https://www.iso.org/standard/45170.html>)** guidelines Discovered and Reported by:| **roker ** Remediation Guide:| **[OWASP XSS Prevention Cheat Sheet](<https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.md>)** Export Vulnerability Data:| Bugzilla Vulnerability Data JIRA Vulnerability Data [ Configuration ] Mantis Vulnerability Data Splunk Vulnerability Data XML Vulnerability Data [ XSD ] Vulnerable URL: ![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAAA3CAIAAABVZQ1/AAAACXBIWXMAAA7EAAAOxAGVKw4bAAASc0lEQVR4nO2df0xT1xfAn1hqKQ+QUqpSHD82EY1RRhjqxhKnmzrCSP2FzuFEJYrGOEbQKdsYIxsSrcahI2bZjDPEGeMMYcQ4U9nSMMYUsXZNhw1TrLUyLVi0YoHa9/3jfr8v7/t+3D6BajvP56/e++4799xz7uvpu+/13DEURREAAAAA4AdCnrUCAAAAwL8WiDEAAACAv4AYAwAAAPgLiDEAAACAv4AYAwAAAPgLiDEAAACAvwjcGJOUlHTlyhWhIhDsBIVDA1nJQNYNAGgCNMb8+eefXq931qxZvEUg2AkKhwaykoGsGwAw8RFjbty4ERERwXuor69v9+7dQsUR0tDQkJubK1QMfDB2E2ofHR09WtICnwB0KHcCIyVZxg8QX2AMSGuIn1SjxcGDB5OSksLDw2fPnn3+/Hl/dwcEHcO/j3E6nVVVVULFERLsMQbAE4AO5U5gXiUTEhIcDsdT1IufADHgwYMHDxw4cOTIEavVumPHjlWrVv3222/PWikgsJA8awV4uH37tsVimTdvHm8RCHaCwqG0kna7nXVo3Lhxz0QlGrwBJRJJSkoK84P/qK6urqure+ONNwiCWLZsmcPhqK6u/umnn/zaKRBciLqP+eqrr5KSkmJiYtasWdPX10cQRF9fX2JiosvlGjNmzPfff88s7t+/PyIiYu/evRMmTIiOjl67du2jR4+QnIsXL77++usRERFqtXrZsmV//fUXb3cNDQ0LFy4MDQ1lFZcsWbJ3715UeeXKlXHjxiFlCILYtGnT9u3b8Q2mTJmCP52pA1pw2LdvH1oHWLlyZU9Pz/bt22NjY2NiYtatW/fw4UPUcmBgYMOGDREREQkJCZ999tnjx4+5I3r48OGmTZtiY2MnT578+eefoza3bt1atGhRRETE1KlTjx8/jlp+/fXXixYtok/8+OOP165dK0aaUD0ayPDc8fjx4127dk2YMCE8PHzFihU9PT34XsSYi+Vfrg7ctSl6wUdoLJgxcrVFjXfv3h0bGztp0qTvvvuO4MxngjMJWRMDYx/e+cC0T3R09HvvvUfPPSEvYOYVrdv169fDw8MvX75MEERPT090dPQvv/yiVqsvXbpEEIRarf7jjz/QKT///DOBhW7Aq8/KlSu//PJLuvHcuXPRVW+327Oysuj69evXHzp0CN8R8LzhO8a4XC6DwdDS0nLhwgW73b5z506CIKKiojo6OkiSdLvd+fn5zOKSJUtcLteFCxfa2tra2tra29v37NmDROXk5BQUFFit1ubm5qysLJlMxtuj0EJZTk6OTqdDlY2NjV6v9+zZs6io0+mys7PxDTQaDf503oE3NzcbDAa73Z6amupwOIxGY2tra1dXV1lZGWpWWVnZ399vNBrPnj2r1+sPHz7MHdG2bdvsdnt7e/vZs2cbGhpqa2sJgti6dWtkZKTZbD5z5gwdYzQajV6vf/DgAT32pUuXipGGqR+2O/bs2aPT6XQ6ncViiYuLM5vN+F7EmIvlX5FTgukU3rEI1fNq63K5Ojo6TCbT0aNH0Vckaz4T4hajeO0jNB9cLpfRaETXkdVqpQ0iZAHMvKJ1S0pKKisrKy4uJgiivLw8Ozsb3VJwKSgoWLBgAYo9LC5evLhgwYKCggKMPnl5efX19ajB7du3DQaDRqNxuVwymYwZhkNDQxMSEvBGA547KCxdXV0EQdy/fx8VW1pakpOT6UMkSTJboiI6xWq1ovrTp09nZGRQFNXb2yuRSNxuN7cXq9WamJiIPrtcLpIke3t7uUW73S6Xy5GEzMzMkpKS1atXox4jIyMHBwfxDaxWK/507sCdTicqNjc3h4SE9Pf303Z46aWX0GelUulyudBng8GQmZnJMo7H4yFJ8tq1a6jY0NAwZ84cj8cjk8mYVho/fjz6PGfOnFOnTtFC3G63T2mY+mG4g0alUrW3tzNr8L2IMRfTobw6cOcVbRmhsQjV82qLGtMTjLdfppJC85zXPpTwfGBeR83Nzeg6wniBVw7FuUAGBwdTU1MrKiqUSmV3dzdXDn1WVVWVQqHIy8uzWCyo0mKx5OXlKRSKqqoq1JeQPv39/egKoiiqtrY2NzeXZYrS0lKlUqlUKunvBwBA+I4xmAteKMbIZDK63mw2q1Qq9HnVqlVpaWklJSVarfbXX3+l23g8Hrvdjj6fPn16/vz59CFWMS0trampqbu7Oz4+3ul0qlQqj8fz7bffLl26VEwDn6eLGTiz2NvbSxCE8n8oFAo0WObpdrtdKpXS51oslokTJ9rtdpaVaPnV1dUFBQUURR06dCgvL0+MNEz9MNyBcDqdEonE4/EwKzG9iDEXxXEoVwf8lOMdi1A9r7Ys+cyO6HqmkkLznNc+YuYDa1C8XhCSwzUgRVHo7rympoY7KBa9vb0ajUYikaCiRCLRaDT0LwOMPqgedfHmm2/W1dVRFGWz2WizO51Om83W2trK9DsAUBT1VJ/5//DDD5cuXTKZTHa7vaSk5NVXXz148CBBEGPHjp00aRJqg3+jLDs7W6fTXbt2LScnJyoqKi0tTa/XM1e68A18nv6kuN3ukJCQtrY2ieS/lgwJGelfjpYuXYoWcBobG+kVDH8g5A4mY8eOHd1OWQ7l6lBaWjq6PQ4D8W9tsewzjPnA6wWMHK5u3d3dISEh3d3d+I7+/vvv8vJyvV5fWVmJaiorK7Va7ZYtWyorK1988UWMPgRB5OXlHTp0KD8//8KFC6dPnyYIAt1kDw0NhYaGRkVFRUVF3blzRy6X+7IZ8JyBD0HDu48hGAsX9fX1aOGChcFgiI+PZ1V6PB6lUkkvbrCKFEW1tLRkZmbm5uaeOXOGoqja2tpt27ah2wIxDXyeLmbgrCJJktwFkyddK6uvr2fKnzFjhk6nGz9+PFpdGcW1sidyh0qlMhgMzBpML2LMxXUoV4f79++HhIQwl5WE1srosQjVC62V4e9jWEri18pY9qFEzAeufVgWwMjhGtDpdE6cOPHEiRMKhcJsNnNlIoqKikiSLCkpcTgczHqHw1FcXEySZFFREV4ft9utUCgOHDjAvOmPi4tj3utotdrFixcL6QA8nww/xrhcLolEQq/t0kV0wS9fvtxms5lMprS0tIqKCoqizGbz4sWLm5qaHA6H1WotLCzMycmhJaMlYL1eP2PGDLqSVUSoVCqVSoXa22y2yMjItLQ08Q3wR+mVaPExpqioaM6cOeh33549eyorKymKun//vkQi6ejoQGsphYWFubm5VqvVZDKlp6ejNQeNRsO0ElN+eXn5zJkzafuIkSZU/6TuYK7FV1VVZWZmGo1Gm822detWvV6P6UWMuVgOFdIhMzOzsLCwu7vbYrFkZWWxYgx3LEL1vNoKxRh6ArOUZBmfeTqvfXjng5B9MBcFrxzuFbFlyxa0oPrFF1/MmzePOy5Efn5+V1eX0NGurq78/Hy8PhRFrV69OjIy8uTJk3RNTU1NcnJyU1PTnTt36urqFApFS0uLUC/A88nwYwxFURUVFXK5/OjRo8zivn37SJKsrq5WqVTjx49///330bPfwcHBioqKlJQUqVSqUqny8/PpR5R0L6WlpWVlZbR8VhGxevXq5cuX08WMjAxWG3wDzFHmYMXHGLfbXVxcHB8fL5fLs7Oz6d+YO3fupI3jcrk2btyoVCrj4+MrKirQt5XNZlu4cCFJkikpKVqtlinfYDAQBEEbVow0oXo0EJHuYI3a4/Hs2LFDqVTKZDKNRoN+AmN68WkulkOFpkRnZ+f8+fNJkpw+fXpNTQ3r1pk7FqF6Xm2FYgz1vwn89ttvs2YU0/ise0qufXjng5B9MBcFrxyWAdva2kiSRDdwbrc7MTHx2LFjvEMTCUYfiqLq6+tJkqRti6ipqUlMTJRKpenp6U1NTSPpHfhX4iPGDAPMNeyTlJSU1tZWoeLzA3orlPvu0zAYiTtGnRE6VMzj+pETyLMukHUDAF4C63/+V69exRSfH86dO5eVlfUUkk09ZYLCoYGsZCDrBgC8BGje5WDnypUrmzdvFjo6NDT07rvv/vPPP7xH+/r60FvLdA1kcQcAIEiBGOMXCgoKEhMThY6GhoZKpVKhl3TphwqoCFncAQAIXoIjxjydLOUjgZkZvqenx2g0ogwfBEHcu3dvzZo1MTExarX6o48+GhoaIgiiuLiYTmzDYmBg4Mcff6QTL9L/h7h37966detiY2NpOWLyzCckJNCZabh8+OGHYWFhKEMXl1HJYy9m0weRHQmNBT9GAACeIcERYwIfZmZ4l8sll8vpILF+/Xqv12s0GnU6nV6vR80UCoXL5RIjmY4xBQUFg4ODBoOhqamppaWlvLx8hHnme3p6ampqWltbUYYuLqOSx350N30AACC4gBjjXwYGBhobG2tra9Vq9bRp07Ra7cmTJ8WfTmdxf/ToUXt7+zfffKNWq6dOnbp///5Tp04RI8szj2LhrFmzMH/mf+Z57AEACGp8xxih7Oi8icqfSA6qv3jx4ty5c8PCwmJjY1esWHHr1i1Uz5v6nhd8yndWFveRpKYX6oibGZ7G7XZ7vV6pVIqKMpmsv7+fOwSh1Ot0FvewsLCbN2+Gh4ej+s7Ozri4OOYS05M6paenh6kzrxeYOyqyLClmDwJeywi5m4mY7RIAAAgKfMcYoezovInKn1QOQRDt7e0bN27s7u42mUzx8fFbt25F9byp7wmCiOVAYFO+s7K4jzA1PW9H3MzwNFFRUenp6WVlZUNDQw8ePKioqMjIyOAaRyj1Om/irKtXr5aWlmq1Wla9kFN4LRYTE8PUWcgLTOFMS4rZg4DXMj47IsRtlwAAQHCA//sMJjs6N1E5gvcPcUJ5rlh0dnaiPL6Y1Pc2DviU78x/Mo4wNb1QRxQ2R4DZbE5LS5NKpShd4Llz57hteFOvs7K408NPTk4+ceIEt1Mhp3AthvEU0wusHHQsTbh7EHBFYXrh7QghlNYeAICgw8d/MO/cuTM4OJiUlISKqamp6OuGJEl6lSY+Ph6lIh+GHIIgLl++vGPHDrPZPDg46PV6vV4vak8QxOTJk+n2tCi1Ws0SfuPGDZlMxmxstVrRZ5IkmS+kYdQgSTIqKooeUWRkZFhYGCrGxcXRj76FOsIwbdq0y5cv9/X1HTly5Pjx42+99Ra3TXh4+K5du4qKitavXz99+nT07tm5c+cyMzNZL9QtX768uLh45cqVXCFCTuFajAuvF1jCWZpoNJrGxsZly5Y1NjZmZ2ejJzfoJglx9+7dYXR07949h8NBv/nt9Xrp3MMAAAQdz/7q1Wg0hYWFhw8flslkNptt8eLF+PbMbzFEW1ub37QbNeRy+YEDBzA70XJTr3MXym7fvm00Gn///fcn6pprMe63/5N6gRDYgwBlWsPgsyN/bJcAAMCzwkeMUalUUqn0+vXr6Ld/R0cH5q+Fw5Bz9+5du93+6aefomb07YJKpSII4ubNm+imwWKx0KK432Iej8ftdjMbv/DCC34ajsiOuBw9elSpVL7zzju8Rzdv3lxXV7dx40aLxRITE0MQxOPHjxsbG8vLy1n6m0ymJ1KYEPG9L+QFPFOmTFGpVOfPn29tbaVflsPfM4npaNKkSXK5vLe39+WXXxajBgAAAY3P1TSf2dG5SXbR6jwTj8cjlJFepVLV1tY6nU6LxaLRaGhRmNT3LDAp37lPAkaSmh6TQ56504HVamVuy0hRlMfjSU5ObmhooGs6OzuZXXBTr/Pua0D9f+598YmieWFthcL1AvN5DO8zFdYeBLyw9oDg7YiVP583rT0AAMGI7xjjMzs69xuZG8kOHz4slJFer9dnZGTIZLKJEyeWlJQwn+0Lpb5ngU/57nM43JaYGCOUQ55i7HTgdrtlMhn9rUpR1LFjx9LT05lqnDp1aubMmRiz8+5rwBvOuZ+5LXlhnsLrBZ8xhrsHAS/MPSCE3M3Mny+0XQIAAEHHGIqinuZtkz+4cePGjBkznkI2EfEdffDBByaT6fz587xHBwYGUlNTP/nkkw0bNghJmDp16rFjx2bPnj18df3Pw4cPlUql3W4P8Ew/AAA8K579M/9/JVqtFvMUZNy4cXV1da+99hpGQlBkcf+37kEAAMBoAW/s+IXQ0NBXXnkF0wAfYIIC7h4EAAAALCDGAMOEtQcBAAAAl3/D8xgAAAAgMIH7GAAAAMBfQIwBAAAA/AXEGAAAAMBfQIwBAAAA/AXEGAAAAMBfQIwBAAAA/AXEGAAAAMBfQIwBAAAA/AXEGAAAAMBfQIwBAAAA/AXEGAAAAMBfQIwBAAAA/AXEGAAAAMBfQIwBAAAA/AXEGAAAAMBf/AcFgmnRGDuwkQAAAABJRU5ErkJggg==) --- Research's Comment: ![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAAAjCAIAAADNIk3yAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAHhklEQVR4nO3cX0hT/xsH8DO1/TnM/5uZTZ12kYRFgoRRCOFNiFFdVGamYLFASmSMscJsWZSkDtNVIyQMujHSCy/MC4tQsTCxYSqWYc65GaXWbNlJp/4uPr8O+262nVnnG3x9v67Oec7n33MGezjnMxWsrKxQAAAAPAj62wsAAID/LNQYAADgC2oMAADwBTUGAAD4ghoDAAB8QY0BAAC+oMYAAABfUGMAAIAvnGpMfX39li1bRCJRWlra48ePeV2Qw+G4fv06RVEWiyU0NHTN43h3t1gskZGR7LHATXx8/Pnz5xcXFznOG+ja2KTW0NdjXoFA8Pr1a494U1MTm1pAo5GVeCzpN+88AADLf42pr683GAx3796dnJzUarX5+fldXV38LejLly/Xrl3jb3yWVCplGIZhmPn5+ba2tmfPnlVUVHDsm5iYOD09zX2uP5uUwWDwiNTW1q5hnECzAAAIlP8aU1lZee/evaysLLlcfvz48fLy8hs3bvwLK/sXiEQikUgkkUi2b99eXV396NGjgPrytzAfQkJCHj58ODU1xUaeP39uNpvXNtrfygIA1gk/NcbhcNjt9r1797KRzMzM4eFh6ucblaqqqo0bN0ZGRhYWFn7//p20+fHjx6lTp0JDQxMTEy9durS0tMS2r6mpSUpKioyMPHHihMPh8J5OqVQ6nU6BQNDc3ExR1M2bN5OSkqKjo0+ePOneftUpfodYLGYYhmNjj7dM3JO6f/8+Ca6aF5ekxGJxTk6O0WhkI7W1tXl5eezpt2/fzpw5I5fL4+PjL1++zA4i+CeK8zuxly9f7t69WyKRyOXyI0eO2Gw2jncJAMBPjXE6nWKxeMOGDWwkLCxsbm6Ovdrb29vX19fX19ff388+31RUVMzPzw8MDLS3t3d2dppMJrb9wMBAT09Pb2/vxMTEhQsXPKYLDw8fGRkhb7EOHz7sdDrNZjNpb7fbdTod2/JXU6yNw+HQ6/XZ2dlr6BtQUvn5+aTLqnlxTEqj0ZhMJlLRrVZre3t7cXExe7WkpMRut/f397e3t7e2tt6+fZvEmZ+0Wm1ubi73BPv7+1Uq1YcPHwYHBxUKxdmzZ7n3BYD1bsWn8fFxqVTqHhkbG4uIiCCXKIqamJgg8ZaWlvT0dHIsk8mcTic5NpvNu3btYtvPzc2ReHd3d3Jyso8ZPdr39PS4t191Ct8rHx8fJytnB5f9JBQK8/LyyIDeHbkv0m9SvvPinlRmZqbRaFxZWdFqtSqVik3N5XJJpdKxsTHSvrW1NSMjw32EwcHBhISE6elpjyzcU/ZxB969excbG+v75gAAsEJ8V6CQkBCXy+UeWV5eDgn5fy+xWBwfH0+OU1JSJiYmKIr6/Pnz9PS0Uqn0bi+VStmXMwqFYnZ21vfs7u3j4uLY9j6m4I6mabKN0dHRodPpGhoaJBJJoINQgSdF/SKvgJLSaDRqtbqgoKChoaGnp4eNf/z4cWFhISkpiZympKSQksZSqVR1dXXR0dGc86NevXql1WqHh4cXFhaWl5eXl5e59wWAdc7PVzN5w7O4uMi+LpubmwsLC/PRhWGYoKCgvr4+9isyKOgP/xUOlylommYYZmlpKTg4mEScTidN02yDoKCgzZs3UxRVWFhYXV3d0NBw7ty5P7vOgAR03w4cOKDVao8ePZqRkbF161aLxcJlilu3biUnJx88eDCghR06dOj06dMmk0ksFk9OTu7fvz+g7gCwnvmpMeHh4XFxcd3d3fv27SOR7u7ubdu2kWOGYaxWK3mUefv2bUJCAkVRmzZtoml6dnY2LS2Np0VzmUIul0dFRb148WLPnj0k0tnZuWPHjlUbl5WVaTQalUr1F39nFeh9U6vVKpWqo6PDPRgTEyMUCt+/f08eZUZGRtgHI5vNZjQa3R96uPj06ZPdbr948SI5xW+dASAg/p8wdDpdUVHRkydPZmZmmpqa9Hq9Vqtlr6rVapvNNjQ0pNfrc3JySDA/P7+4uHhoaGhqaqqqqurKlSvcFySTyRiGGR0d9d2MyxTl5eVFRUVdXV0zMzPNzc1lZWVlZWWrjnbs2LGwsLDGxkY28uOffvN3a38wKVZBQcHTp0+zsrLcg8HBwbm5uaWlpVarlXwo7E/OSkpKrl69StM0yci9V1RUFMMwb968IWm6n5JSfefOHYfDMTo6qtfr15A+AKxfXDZt6urqkpOThULhzp0729raSJDsDFdWVsbExERERBQUFMzPz5NLDMOUlpYqFAqaprOzs8kWtPfGMrsD70Gv19M0XVNT46P9qlN4MxgMSqVSKBSmpqa2tLS4j+axrf3gwQOlUrmwsOCxgUGYTCb3xj52y30n1djY6KOL36R+tRvvPojT6VSpVDKZTKFQ6PV6l8tF4t6fu/toOp2OLM/7tLOzMz09XSwWx8bGqtXqXyUIAOBNsOL17cORxWJJTU39+vXr2roDAMB/Hv4nJgAA8AU1BgAA+IIaAwAAfFn7fgwAAIBveI4BAAC+oMYAAABfUGMAAIAvqDEAAMAX1BgAAOALagwAAPAFNQYAAPiCGgMAAHxBjQEAAL6gxgAAAF/+B4FKogVl2Za/AAAAAElFTkSuQmCC) --- **Screenshot:** ![melodyloops.com vulnerability](/twimages/screen-1154138.jpg) **Mirror:** [Click here to view the mirror](<http://1154138.openbounty.org/mirror/>) ### Coordinated Disclosure Timeline Vulnerability Reported:| 1 May, 2020 14:04 GMT ---|--- Vulnerability Verified:| 1 May, 2020 14:12 GMT Website Operator Notified:| 1 May, 2020 14:12 GMT a. Using the ISO 29147 guidelines| ![](/images/done.png) ---|--- b. Using publicly available security contacts| ![](/images/done.png) c. Using Open Bug Bounty notification framework| ![](/images/done.png) d. Using security contacts provided by the researcher| ![](/images/done.png) Public Report Published [without any technical details]:| 1 May, 2020 14:12 GMT

{"id": "OBB:1154138", "type": "openbugbounty", "bulletinFamily": "bugbounty", "title": "melodyloops.com Cross Site Scripting vulnerability ", "description": " \n\n\nOpen Bug Bounty ID: OBB-1154138\n\nFollowing coordinated and responsible vulnerability disclosure guidelines of the **[ISO 29147](<https://www.iso.org/standard/45170.html>)** standard, Open Bug Bounty has: \n\n&nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; \n&nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence.\n\nAffected Website:| **[melodyloops.com](<https://www.melodyloops.com>) ** \n---|--- \nOpen Bug Bounty Program:| **Create your bounty program now**. It's open and free. \nVulnerable Application:| Custom Code \nVulnerability Type:| **[XSS (Cross Site Scripting)](<https://www.owasp.org/index.php/Cross-site_Scripting_\\(XSS\\)>)** / CWE-79 \nCVSSv3 Score:| 6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N] \nDisclosure Standard:| Coordinated Disclosure based on **[ISO 29147](<https://www.iso.org/standard/45170.html>)** guidelines \nDiscovered and Reported by:| **roker ** \nRemediation Guide:| **[OWASP XSS Prevention Cheat Sheet](<https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.md>)** \nExport Vulnerability Data:| Bugzilla Vulnerability Data \nJIRA Vulnerability Data [ Configuration ] \nMantis Vulnerability Data \nSplunk Vulnerability Data \nXML Vulnerability Data [ XSD ] \n \nVulnerable URL:\n\n![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAAA3CAIAAABVZQ1/AAAACXBIWXMAAA7EAAAOxAGVKw4bAAASc0lEQVR4nO2df0xT1xfAn1hqKQ+QUqpSHD82EY1RRhjqxhKnmzrCSP2FzuFEJYrGOEbQKdsYIxsSrcahI2bZjDPEGeMMYcQ4U9nSMMYUsXZNhw1TrLUyLVi0YoHa9/3jfr8v7/t+3D6BajvP56/e++4799xz7uvpu+/13DEURREAAAAA4AdCnrUCAAAAwL8WiDEAAACAv4AYAwAAAPgLiDEAAACAv4AYAwAAAPgLiDEAAACAvwjcGJOUlHTlyhWhIhDsBIVDA1nJQNYNAGgCNMb8+eefXq931qxZvEUg2AkKhwaykoGsGwAw8RFjbty4ERERwXuor69v9+7dQsUR0tDQkJubK1QMfDB2E2ofHR09WtICnwB0KHcCIyVZxg8QX2AMSGuIn1SjxcGDB5OSksLDw2fPnn3+/Hl/dwcEHcO/j3E6nVVVVULFERLsMQbAE4AO5U5gXiUTEhIcDsdT1IufADHgwYMHDxw4cOTIEavVumPHjlWrVv3222/PWikgsJA8awV4uH37tsVimTdvHm8RCHaCwqG0kna7nXVo3Lhxz0QlGrwBJRJJSkoK84P/qK6urqure+ONNwiCWLZsmcPhqK6u/umnn/zaKRBciLqP+eqrr5KSkmJiYtasWdPX10cQRF9fX2JiosvlGjNmzPfff88s7t+/PyIiYu/evRMmTIiOjl67du2jR4+QnIsXL77++usRERFqtXrZsmV//fUXb3cNDQ0LFy4MDQ1lFZcsWbJ3715UeeXKlXHjxiFlCILYtGnT9u3b8Q2mTJmCP52pA1pw2LdvH1oHWLlyZU9Pz/bt22NjY2NiYtatW/fw4UPUcmBgYMOGDREREQkJCZ999tnjx4+5I3r48OGmTZtiY2MnT578+eefoza3bt1atGhRRETE1KlTjx8/jlp+/fXXixYtok/8+OOP165dK0aaUD0ayPDc8fjx4127dk2YMCE8PHzFihU9PT34XsSYi+Vfrg7ctSl6wUdoLJgxcrVFjXfv3h0bGztp0qTvvvuO4MxngjMJWRMDYx/e+cC0T3R09HvvvUfPPSEvYOYVrdv169fDw8MvX75MEERPT090dPQvv/yiVqsvXbpEEIRarf7jjz/QKT///DOBhW7Aq8/KlSu//PJLuvHcuXPRVW+327Oysuj69evXHzp0CN8R8LzhO8a4XC6DwdDS0nLhwgW73b5z506CIKKiojo6OkiSdLvd+fn5zOKSJUtcLteFCxfa2tra2tra29v37NmDROXk5BQUFFit1ubm5qysLJlMxtuj0EJZTk6OTqdDlY2NjV6v9+zZs6io0+mys7PxDTQaDf503oE3NzcbDAa73Z6amupwOIxGY2tra1dXV1lZGWpWWVnZ399vNBrPnj2r1+sPHz7MHdG2bdvsdnt7e/vZs2cbGhpqa2sJgti6dWtkZKTZbD5z5gwdYzQajV6vf/DgAT32pUuXipGGqR+2O/bs2aPT6XQ6ncViiYuLM5vN+F7EmIvlX5FTgukU3rEI1fNq63K5Ojo6TCbT0aNH0Vckaz4T4hajeO0jNB9cLpfRaETXkdVqpQ0iZAHMvKJ1S0pKKisrKy4uJgiivLw8Ozsb3VJwKSgoWLBgAYo9LC5evLhgwYKCggKMPnl5efX19ajB7du3DQaDRqNxuVwymYwZhkNDQxMSEvBGA547KCxdXV0EQdy/fx8VW1pakpOT6UMkSTJboiI6xWq1ovrTp09nZGRQFNXb2yuRSNxuN7cXq9WamJiIPrtcLpIke3t7uUW73S6Xy5GEzMzMkpKS1atXox4jIyMHBwfxDaxWK/507sCdTicqNjc3h4SE9Pf303Z46aWX0GelUulyudBng8GQmZnJMo7H4yFJ8tq1a6jY0NAwZ84cj8cjk8mYVho/fjz6PGfOnFOnTtFC3G63T2mY+mG4g0alUrW3tzNr8L2IMRfTobw6cOcVbRmhsQjV82qLGtMTjLdfppJC85zXPpTwfGBeR83Nzeg6wniBVw7FuUAGBwdTU1MrKiqUSmV3dzdXDn1WVVWVQqHIy8uzWCyo0mKx5OXlKRSKqqoq1JeQPv39/egKoiiqtrY2NzeXZYrS0lKlUqlUKunvBwBA+I4xmAteKMbIZDK63mw2q1Qq9HnVqlVpaWklJSVarfbXX3+l23g8Hrvdjj6fPn16/vz59CFWMS0trampqbu7Oz4+3ul0qlQqj8fz7bffLl26VEwDn6eLGTiz2NvbSxCE8n8oFAo0WObpdrtdKpXS51oslokTJ9rtdpaVaPnV1dUFBQUURR06dCgvL0+MNEz9MNyBcDqdEonE4/EwKzG9iDEXxXEoVwf8lOMdi1A9r7Ys+cyO6HqmkkLznNc+YuYDa1C8XhCSwzUgRVHo7rympoY7KBa9vb0ajUYikaCiRCLRaDT0LwOMPqgedfHmm2/W1dVRFGWz2WizO51Om83W2trK9DsAUBT1VJ/5//DDD5cuXTKZTHa7vaSk5NVXXz148CBBEGPHjp00aRJqg3+jLDs7W6fTXbt2LScnJyoqKi0tTa/XM1e68A18nv6kuN3ukJCQtrY2ieS/lgwJGelfjpYuXYoWcBobG+kVDH8g5A4mY8eOHd1OWQ7l6lBaWjq6PQ4D8W9tsewzjPnA6wWMHK5u3d3dISEh3d3d+I7+/vvv8vJyvV5fWVmJaiorK7Va7ZYtWyorK1988UWMPgRB5OXlHTp0KD8//8KFC6dPnyYIAt1kDw0NhYaGRkVFRUVF3blzRy6X+7IZ8JyBD0HDu48hGAsX9fX1aOGChcFgiI+PZ1V6PB6lUkkvbrCKFEW1tLRkZmbm5uaeOXOGoqja2tpt27ah2wIxDXyeLmbgrCJJktwFkyddK6uvr2fKnzFjhk6nGz9+PFpdGcW1sidyh0qlMhgMzBpML2LMxXUoV4f79++HhIQwl5WE1srosQjVC62V4e9jWEri18pY9qFEzAeufVgWwMjhGtDpdE6cOPHEiRMKhcJsNnNlIoqKikiSLCkpcTgczHqHw1FcXEySZFFREV4ft9utUCgOHDjAvOmPi4tj3utotdrFixcL6QA8nww/xrhcLolEQq/t0kV0wS9fvtxms5lMprS0tIqKCoqizGbz4sWLm5qaHA6H1WotLCzMycmhJaMlYL1eP2PGDLqSVUSoVCqVSoXa22y2yMjItLQ08Q3wR+mVaPExpqioaM6cOeh33549eyorKymKun//vkQi6ejoQGsphYWFubm5VqvVZDKlp6ejNQeNRsO0ElN+eXn5zJkzafuIkSZU/6TuYK7FV1VVZWZmGo1Gm822detWvV6P6UWMuVgOFdIhMzOzsLCwu7vbYrFkZWWxYgx3LEL1vNoKxRh6ArOUZBmfeTqvfXjng5B9MBcFrxzuFbFlyxa0oPrFF1/MmzePOy5Efn5+V1eX0NGurq78/Hy8PhRFrV69OjIy8uTJk3RNTU1NcnJyU1PTnTt36urqFApFS0uLUC/A88nwYwxFURUVFXK5/OjRo8zivn37SJKsrq5WqVTjx49///330bPfwcHBioqKlJQUqVSqUqny8/PpR5R0L6WlpWVlZbR8VhGxevXq5cuX08WMjAxWG3wDzFHmYMXHGLfbXVxcHB8fL5fLs7Oz6d+YO3fupI3jcrk2btyoVCrj4+MrKirQt5XNZlu4cCFJkikpKVqtlinfYDAQBEEbVow0oXo0EJHuYI3a4/Hs2LFDqVTKZDKNRoN+AmN68WkulkOFpkRnZ+f8+fNJkpw+fXpNTQ3r1pk7FqF6Xm2FYgz1vwn89ttvs2YU0/ise0qufXjng5B9MBcFrxyWAdva2kiSRDdwbrc7MTHx2LFjvEMTCUYfiqLq6+tJkqRti6ipqUlMTJRKpenp6U1NTSPpHfhX4iPGDAPMNeyTlJSU1tZWoeLzA3orlPvu0zAYiTtGnRE6VMzj+pETyLMukHUDAF4C63/+V69exRSfH86dO5eVlfUUkk09ZYLCoYGsZCDrBgC8BGje5WDnypUrmzdvFjo6NDT07rvv/vPPP7xH+/r60FvLdA1kcQcAIEiBGOMXCgoKEhMThY6GhoZKpVKhl3TphwqoCFncAQAIXoIjxjydLOUjgZkZvqenx2g0ogwfBEHcu3dvzZo1MTExarX6o48+GhoaIgiiuLiYTmzDYmBg4Mcff6QTL9L/h7h37966detiY2NpOWLyzCckJNCZabh8+OGHYWFhKEMXl1HJYy9m0weRHQmNBT9GAACeIcERYwIfZmZ4l8sll8vpILF+/Xqv12s0GnU6nV6vR80UCoXL5RIjmY4xBQUFg4ODBoOhqamppaWlvLx8hHnme3p6ampqWltbUYYuLqOSx350N30AACC4gBjjXwYGBhobG2tra9Vq9bRp07Ra7cmTJ8WfTmdxf/ToUXt7+zfffKNWq6dOnbp///5Tp04RI8szj2LhrFmzMH/mf+Z57AEACGp8xxih7Oi8icqfSA6qv3jx4ty5c8PCwmJjY1esWHHr1i1Uz5v6nhd8yndWFveRpKYX6oibGZ7G7XZ7vV6pVIqKMpmsv7+fOwSh1Ot0FvewsLCbN2+Gh4ej+s7Ozri4OOYS05M6paenh6kzrxeYOyqyLClmDwJeywi5m4mY7RIAAAgKfMcYoezovInKn1QOQRDt7e0bN27s7u42mUzx8fFbt25F9byp7wmCiOVAYFO+s7K4jzA1PW9H3MzwNFFRUenp6WVlZUNDQw8ePKioqMjIyOAaRyj1Om/irKtXr5aWlmq1Wla9kFN4LRYTE8PUWcgLTOFMS4rZg4DXMj47IsRtlwAAQHCA//sMJjs6N1E5gvcPcUJ5rlh0dnaiPL6Y1Pc2DviU78x/Mo4wNb1QRxQ2R4DZbE5LS5NKpShd4Llz57hteFOvs7K408NPTk4+ceIEt1Mhp3AthvEU0wusHHQsTbh7EHBFYXrh7QghlNYeAICgw8d/MO/cuTM4OJiUlISKqamp6OuGJEl6lSY+Ph6lIh+GHIIgLl++vGPHDrPZPDg46PV6vV4vak8QxOTJk+n2tCi1Ws0SfuPGDZlMxmxstVrRZ5IkmS+kYdQgSTIqKooeUWRkZFhYGCrGxcXRj76FOsIwbdq0y5cv9/X1HTly5Pjx42+99Ra3TXh4+K5du4qKitavXz99+nT07tm5c+cyMzNZL9QtX768uLh45cqVXCFCTuFajAuvF1jCWZpoNJrGxsZly5Y1NjZmZ2ejJzfoJglx9+7dYXR07949h8NBv/nt9Xrp3MMAAAQdz/7q1Wg0hYWFhw8flslkNptt8eLF+PbMbzFEW1ub37QbNeRy+YEDBzA70XJTr3MXym7fvm00Gn///fcn6pprMe63/5N6gRDYgwBlWsPgsyN/bJcAAMCzwkeMUalUUqn0+vXr6Ld/R0cH5q+Fw5Bz9+5du93+6aefomb07YJKpSII4ubNm+imwWKx0KK432Iej8ftdjMbv/DCC34ajsiOuBw9elSpVL7zzju8Rzdv3lxXV7dx40aLxRITE0MQxOPHjxsbG8vLy1n6m0ymJ1KYEPG9L+QFPFOmTFGpVOfPn29tbaVflsPfM4npaNKkSXK5vLe39+WXXxajBgAAAY3P1TSf2dG5SXbR6jwTj8cjlJFepVLV1tY6nU6LxaLRaGhRmNT3LDAp37lPAkaSmh6TQ56504HVamVuy0hRlMfjSU5ObmhooGs6OzuZXXBTr/Pua0D9f+598YmieWFthcL1AvN5DO8zFdYeBLyw9oDg7YiVP583rT0AAMGI7xjjMzs69xuZG8kOHz4slJFer9dnZGTIZLKJEyeWlJQwn+0Lpb5ngU/57nM43JaYGCOUQ55i7HTgdrtlMhn9rUpR1LFjx9LT05lqnDp1aubMmRiz8+5rwBvOuZ+5LXlhnsLrBZ8xhrsHAS/MPSCE3M3Mny+0XQIAAEHHGIqinuZtkz+4cePGjBkznkI2EfEdffDBByaT6fz587xHBwYGUlNTP/nkkw0bNghJmDp16rFjx2bPnj18df3Pw4cPlUql3W4P8Ew/AAA8K579M/9/JVqtFvMUZNy4cXV1da+99hpGQlBkcf+37kEAAMBoAW/s+IXQ0NBXXnkF0wAfYIIC7h4EAAAALCDGAMOEtQcBAAAAl3/D8xgAAAAgMIH7GAAAAMBfQIwBAAAA/AXEGAAAAMBfQIwBAAAA/AXEGAAAAMBfQIwBAAAA/AXEGAAAAMBfQIwBAAAA/AXEGAAAAMBfQIwBAAAA/AXEGAAAAMBfQIwBAAAA/AXEGAAAAMBfQIwBAAAA/AXEGAAAAMBf/AcFgmnRGDuwkQAAAABJRU5ErkJggg==) \n--- \n \nResearch's Comment:\n\n![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAAAjCAIAAADNIk3yAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAHhklEQVR4nO3cX0hT/xsH8DO1/TnM/5uZTZ12kYRFgoRRCOFNiFFdVGamYLFASmSMscJsWZSkDtNVIyQMujHSCy/MC4tQsTCxYSqWYc65GaXWbNlJp/4uPr8O+262nVnnG3x9v67Oec7n33MGezjnMxWsrKxQAAAAPAj62wsAAID/LNQYAADgC2oMAADwBTUGAAD4ghoDAAB8QY0BAAC+oMYAAABfUGMAAIAvnGpMfX39li1bRCJRWlra48ePeV2Qw+G4fv06RVEWiyU0NHTN43h3t1gskZGR7LHATXx8/Pnz5xcXFznOG+ja2KTW0NdjXoFA8Pr1a494U1MTm1pAo5GVeCzpN+88AADLf42pr683GAx3796dnJzUarX5+fldXV38LejLly/Xrl3jb3yWVCplGIZhmPn5+ba2tmfPnlVUVHDsm5iYOD09zX2uP5uUwWDwiNTW1q5hnECzAAAIlP8aU1lZee/evaysLLlcfvz48fLy8hs3bvwLK/sXiEQikUgkkUi2b99eXV396NGjgPrytzAfQkJCHj58ODU1xUaeP39uNpvXNtrfygIA1gk/NcbhcNjt9r1797KRzMzM4eFh6ucblaqqqo0bN0ZGRhYWFn7//p20+fHjx6lTp0JDQxMTEy9durS0tMS2r6mpSUpKioyMPHHihMPh8J5OqVQ6nU6BQNDc3ExR1M2bN5OSkqKjo0+ePOneftUpfodYLGYYhmNjj7dM3JO6f/8+Ca6aF5ekxGJxTk6O0WhkI7W1tXl5eezpt2/fzpw5I5fL4+PjL1++zA4i+CeK8zuxly9f7t69WyKRyOXyI0eO2Gw2jncJAMBPjXE6nWKxeMOGDWwkLCxsbm6Ovdrb29vX19fX19ff388+31RUVMzPzw8MDLS3t3d2dppMJrb9wMBAT09Pb2/vxMTEhQsXPKYLDw8fGRkhb7EOHz7sdDrNZjNpb7fbdTod2/JXU6yNw+HQ6/XZ2dlr6BtQUvn5+aTLqnlxTEqj0ZhMJlLRrVZre3t7cXExe7WkpMRut/f397e3t7e2tt6+fZvEmZ+0Wm1ubi73BPv7+1Uq1YcPHwYHBxUKxdmzZ7n3BYD1bsWn8fFxqVTqHhkbG4uIiCCXKIqamJgg8ZaWlvT0dHIsk8mcTic5NpvNu3btYtvPzc2ReHd3d3Jyso8ZPdr39PS4t191Ct8rHx8fJytnB5f9JBQK8/LyyIDeHbkv0m9SvvPinlRmZqbRaFxZWdFqtSqVik3N5XJJpdKxsTHSvrW1NSMjw32EwcHBhISE6elpjyzcU/ZxB969excbG+v75gAAsEJ8V6CQkBCXy+UeWV5eDgn5fy+xWBwfH0+OU1JSJiYmKIr6/Pnz9PS0Uqn0bi+VStmXMwqFYnZ21vfs7u3j4uLY9j6m4I6mabKN0dHRodPpGhoaJBJJoINQgSdF/SKvgJLSaDRqtbqgoKChoaGnp4eNf/z4cWFhISkpiZympKSQksZSqVR1dXXR0dGc86NevXql1WqHh4cXFhaWl5eXl5e59wWAdc7PVzN5w7O4uMi+LpubmwsLC/PRhWGYoKCgvr4+9isyKOgP/xUOlylommYYZmlpKTg4mEScTidN02yDoKCgzZs3UxRVWFhYXV3d0NBw7ty5P7vOgAR03w4cOKDVao8ePZqRkbF161aLxcJlilu3biUnJx88eDCghR06dOj06dMmk0ksFk9OTu7fvz+g7gCwnvmpMeHh4XFxcd3d3fv27SOR7u7ubdu2kWOGYaxWK3mUefv2bUJCAkVRmzZtoml6dnY2LS2Np0VzmUIul0dFRb148WLPnj0k0tnZuWPHjlUbl5WVaTQalUr1F39nFeh9U6vVKpWqo6PDPRgTEyMUCt+/f08eZUZGRtgHI5vNZjQa3R96uPj06ZPdbr948SI5xW+dASAg/p8wdDpdUVHRkydPZmZmmpqa9Hq9Vqtlr6rVapvNNjQ0pNfrc3JySDA/P7+4uHhoaGhqaqqqqurKlSvcFySTyRiGGR0d9d2MyxTl5eVFRUVdXV0zMzPNzc1lZWVlZWWrjnbs2LGwsLDGxkY28uOffvN3a38wKVZBQcHTp0+zsrLcg8HBwbm5uaWlpVarlXwo7E/OSkpKrl69StM0yci9V1RUFMMwb968IWm6n5JSfefOHYfDMTo6qtfr15A+AKxfXDZt6urqkpOThULhzp0729raSJDsDFdWVsbExERERBQUFMzPz5NLDMOUlpYqFAqaprOzs8kWtPfGMrsD70Gv19M0XVNT46P9qlN4MxgMSqVSKBSmpqa2tLS4j+axrf3gwQOlUrmwsOCxgUGYTCb3xj52y30n1djY6KOL36R+tRvvPojT6VSpVDKZTKFQ6PV6l8tF4t6fu/toOp2OLM/7tLOzMz09XSwWx8bGqtXqXyUIAOBNsOL17cORxWJJTU39+vXr2roDAMB/Hv4nJgAA8AU1BgAA+IIaAwAAfFn7fgwAAIBveI4BAAC+oMYAAABfUGMAAIAvqDEAAMAX1BgAAOALagwAAPAFNQYAAPiCGgMAAHxBjQEAAL6gxgAAAF/+B4FKogVl2Za/AAAAAElFTkSuQmCC) \n--- \n \n**Screenshot:** ![melodyloops.com vulnerability](/twimages/screen-1154138.jpg)\n\n**Mirror:** [Click here to view the mirror](<http://1154138.openbounty.org/mirror/>)\n\n### Coordinated Disclosure Timeline\n\nVulnerability Reported:| 1 May, 2020 14:04 GMT \n---|--- \nVulnerability Verified:| 1 May, 2020 14:12 GMT \nWebsite Operator Notified:| 1 May, 2020 14:12 GMT \na. Using the ISO 29147 guidelines| ![](/images/done.png) \n---|--- \nb. Using publicly available security contacts| ![](/images/done.png) \nc. Using Open Bug Bounty notification framework| ![](/images/done.png) \nd. Using security contacts provided by the researcher| ![](/images/done.png) \nPublic Report Published \n[without any technical details]:| 1 May, 2020 14:12 GMT\n", "published": "2020-05-01T14:04:00", "modified": "2020-07-30T14:04:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://www.openbugbounty.org/reports/1154138/", "reporter": "roker", "references": [], "cvelist": [], "lastseen": "2020-08-25T21:57:57", "viewCount": 5, "enchantments": {"dependencies": {}, "score": {"value": 0.5, "vector": "NONE"}, "backreferences": {}, "exploitation": null, "vulnersScore": 0.5}, "openbugbounty": {"patchStatus": "unpatched", "mirror": "http://1154138.openbounty.org/mirror/"}, "immutableFields": [], "cvss2": {}, "cvss3": {}, "_state": {"dependencies": 1645650733, "score": 1684001301, "epss": 1678951884}, "_internal": {"score_hash": "e28042a7439a9e66275cf245f52f5978"}}