Lucene search

K
openbugbountyELProfesorOBB:1156678
HistoryMay 06, 2020 - 1:59 a.m.

genealogieonline.nl Cross Site Scripting vulnerability

2020-05-0601:59:00
ELProfesor
www.openbugbounty.org
7

Open Bug Bounty ID: OBB-1156678

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:

&nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence;
&nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence.

Affected Website: genealogieonline.nl
Open Bug Bounty Program: Create your bounty program now. It’s open and free.
Vulnerable Application: Custom Code
Vulnerability Type: XSS (Cross Site Scripting) / CWE-79
CVSSv3 Score: 6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N]
Disclosure Standard: Coordinated Disclosure based on ISO 29147 guidelines
Discovered and Reported by: ELProfesor
Remediation Guide: OWASP XSS Prevention Cheat Sheet
Export Vulnerability Data: Bugzilla Vulnerability Data
JIRA Vulnerability Data [ Configuration ]
Mantis Vulnerability Data
Splunk Vulnerability Data
XML Vulnerability Data [ XSD ]

Vulnerable URL:

![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAAA3CAIAAABVZQ1/AAAACXBIWXMAAA7EAAAOxAGVKw4bAAAUNElEQVR4nO2df0xT1xfAO6xYsfyqpdaKWshWjTGMGEZwQ+cIcYQRUhEZY50japQRdIY44tjiGGNIEA1DQ/gDjRqiZDGEMGPI0pGlc8R1jFXGuo5ggw2WDjss2mGtlff9436/7/v23ru3r0D55fn89e7j3nPPPefwTt/te6cvUBQlAgAAAIAgEDLXCgAAAACLFsgxAAAAQLCAHAMAAAAEC8gxAAAAQLCAHAMAAAAEC8gxAAAAQLCYvzkmLi7u9u3buCbwPABOB+YDEIfTYZ7mmN9++21ycvLll1/mbQLPA+B0YD4AcThN/OSYu3fvhoeH8/5pfHz85MmTuOY06ejoyM7OxjUXKwRrB3WsX4EzLpwwF03wnM6aLqDQvXv3bnR09HSm83t+atKeN6ZsB+HXNASKQzD7lJn6fYzL5aqursY1p8nzmWOmw/r1651O50IUjiN4TmctZ2ZDF1i48EYCXHymyXzcKxsZGRkYGNixYwdvE8CxbNmyBSqcS7CdPsvLARYocPGZPoJyzFdffRUXF7dy5cr33ntvfHxcJBKNj4+r1Wq32/3CCy9cunSJ2Txz5kx4ePipU6dWrVoVHR39/vvvP378GMn5+eeft23bFh4evmbNmt27d//xxx+803V0dOzcuXPp0qWs5q5du06dOoVO3r59e9myZUgZkUh06NChjz76iNzhpZdeIg9nqTEyMvLWW2+Fh4fHxcWdPn2a3iF58uTJ/v37w8PD169f/9lnnz179gzdR58+fTouLi46Ovrdd9+lJfP2R6bYunXr8uXLY2Ji9uzZc+/ePa4d/vnnn0OHDsXExKxdu/bzzz9HA3GKMe/leWfECSQrj+Dum/H2x83LkkOeC8GMAeGOoKc4efJkTEzM6tWrz58/jzuDhLAimVeZe/fuvfnmm+Hh4Rs2bLhy5QrZs2R+//33lStX/vDDD9w/8YYEV3mB0vyaSIgXRCLR22+//eWXX9LNrVu3Xrp0CReZhABjLSEgnwq5buD+oZ49e/bxxx+vWrVqxYoVe/bs+fvvv9F5v9c01I11LRJodoCJ/xzjdrtNJlN3d7fRaLTb7cePHxeJRJGRkRaLRSqVejwenU7HbO7atcvtdhuNxp6enp6ent7e3traWiQqKyursLDQZrPdvHkzNTVVIpHwzojbKMvKytLr9ejk9evXJycnOzs7UVOv12dmZpI7aLVa8nCWGiUlJaGhoYODg3q9/vLly/T5ysrKiYmJvr6+zs5Og8HQ1NSErNTX14esZLPZysvLyf17e3sPHjzocDj6+/tjY2NLSkq4djhy5Ijdbu/t7e3s7Ozo6GhsbCQrRp6RIJCgPC+4/rh5hYxlwYyBgByBprBYLP39/RcvXkxNTeU9Q8OKZF5lSkpKIiIizGbzjRs3mDlGyHqZjI+P5+Tk1NTUbNu2jftXXEjglCdL82sigR7Py8trb29HxyMjIyaTSavV4gKJEGCsJQTkUyHXDZz1amtr9Xq9Xq8fGBhQqVRms1kk7JqGhnM3yoSYHfgXFJGhoSGRSPTw4UPU7O7ujo+Pp/8klUqZPVETDbHZbOh8W1tbUlISRVFjY2Nisdjj8XBnsdlsarUaHbvdbqlUOjY2xm3a7fawsDAkITk5ubS0tKCgAM0YERHh9XrJHWw2G3k4UyWfzyeRSKxWK72KqKgodCyXy91uNzo2mUzJycksK928eZO2Em9/1vIHBweVSiXLpD6fTyqV0gp0dHSkpKQQFGOO5Z0RJxCnPFMg6xi3WL8rFTIX9W+nB+QIego6fnBneEOXF6QAM57JCnCh5WdmZhYXFwuZlxkSOOVZ0nghmAgXriwmJibQ/w5FUY2NjdnZ2YTIJAQYcwkB+RR33RBiPYqiFApFb28va6DAaxozDgMyO8BE7DcJSaVSemNBpVKNjY35HSKRSNauXYuON27caLPZRCJRdHR0bm5uSkpKWlqaSqVKSkp6/fXXabHd3d3o+Ntvv01OTqbvnZnN1atXazSa7u7uTZs22e32EydOaDSaZ8+e6fX69PT0pUuXkjusXbuWPJy5hNHR0cnJybi4OHoV6ODBgwdOp1OtVqPm5OSkWCxmWSk2Npa2Eq7/r7/+WlZWZjabvV7v5OTk5OQky4ajo6Ner5epAPrfwClGg5sRJ5CgPA7e/rh5hYxlwXR6oI5AU7Ae/eKewRETE0Mf379/HykgEomY8UxWgCsB8cknn3R2djY3N+OmxoUEr/K80lhTk03E6wWu8suXL8/MzGxvbz98+HBbW1thYSEhMgkBxlxCQD4lXDf8Wm98fHxsbCwhIYHVWeA1jXUtEglwIsDFf46ZQa5evfrLL7/09/fb7fbS0tJXX3317NmzIpFoyZIlq1evRn3IT5RlZmbq9Xqr1ZqVlRUZGZmYmGgwGJg7XeQOfof7xePxhISE9PT00P+uISEhXq83oP4ikUir1R44cKCpqUkikQwPD2dkZAhUYGoazpTw2ZlXyJM8QVqmyWQS2BOnAK+EiYmJtra21tbWkpKSnJycyMhIbh/hIYGTxpp6CibiVT4vL+/cuXM6nc5oNLa1tbndbrKQKYNTGHfdYEKw3pIlS6amDysOhTgR4IF8m8PdVaDvagXulbW3t6O9MhYmkyk2NpZ10ufzyeVy+iaa1aQoqru7Ozk5OTs7+8aNGxRFNTY2HjlyRKlU2u12IR38DmdqIpFIhoaGUJN5Oy+VSrl33zgr8fYfHR0Vi8VMU3D3u8h7ZVzFmGO5MxIE4pQn7JXhFss7rxBDsRbOigHhjuBOIeRMQHtl7e3twtdLyxeLxWazmaKorKyskpIS7rxCQoIsjRchJmKFKxePxyOTyerr63NycihiZAoJMCpwnzKhrxtCrEdRlEKhMJlMApdPiMOAzA4wmXqOcbvdYrF4YGCA1UQ5Jjc3d3h4uL+/PzExsaKigqIos9mckZHR1dXldDptNtuBAweysrJoyWi/1WAwbN68mT7JaiIUCoVCoUD9h4eHIyIiEhMThXcg/5W57Zubm6vVaoeGhvr7+xMSEuiFFxUVpaSkoE9VtbW1lZWV5H9abn+kRmNjo8vlGhgY0Gq1qP/Dhw/FYrHFYvH5fBRFHThwIDs722az9ff3b9mypaGhgaAYUwfeGXECccozlRGYY3Dz0lYVMhfX6cIdwZ1CyBlWJHPRarXMePa7XhbM6SwWi0Qi6evrozju5g0JsvJMabwIMZHfHENRVEFBQURExNdff42auMgUEmAI4T7FXTeEWI+iqOrq6uTk5L6+vuHh4ZKSEoPBIPCaxorDgMwOMJl6jqEoqqKiIiws7OLFi8zm6dOnpVJpTU2NQqGIiorau3fvxMQERVFer7eiokKj0YSGhioUCp1O53A4WLMcO3asvLycls9qIgoKCnJzc+lmUlISqw+5A+GvrMU6HI6srCypVKpWq2tqauiFezyeo0ePxsbGhoWFZWZmWq1WspW4/SmKMhgMSUlJEolEqVSWlpbS/Y8fP06b1O12Hzx4UC6Xx8bGVlRUoP8lnGJMHXhnxAkkKE8rIzDH8M4rcCw9F9fpwh3BnULgGVYksxgeHt65c6dUKtVoNHV1dWQFuLCmO3LkyPbt21mrpjAh4Vd5pjQuQkwkJMe0t7dLpVL0j0zhI1NIgCGE+5Rw3fBrPYqifD5fWVmZXC6XSCRardbpdAq8prHiMCCzA0z85JgpQN55IKPRaG7duoVrziEWi0WhUMy1FjzMW8WmDNnpi2+9wPz06fy5+Cx0ZvU7f7/8+eefhOYcYjKZ4uPj51oLHuatYlOG7PTFt15gfvp0/lx8FjrzsZbMPOGLL744f/78/fv3f/rpp/Ly8qKiornW6L/MW8WCxOJY7+3btz/44ANCh6dPn77zzjt//fXXrKk0hywOnwKCmPE7o+nslc0rDAbDli1bQkNDX3zxxfr6+rlW5//MW8WCxOJYb2JiYk1NDbnP3r17dTrd7OgztywOnwJCmPkcgwPVNEXHM5iHmGKDPXYKao+NjRUWFsrlcpVKVVZW5vV6CUKEfPvq8Xjy8/P9qsF8lNyvzOnT0NCgVqvDwsKSk5P1ev2MyAzGh5WpWWPKmtAB5nQ6Q0JCuC+rP3z4UKlUWiwW1Ozt7aVfUAeAxcHs7ZUx62bPYK346RRmn4Wi7oWFhV6v12QydXV1dXd3nzhxYjprf/LkSUZGhs/nm1klp8nZs2fr6+svXLhgs9nKysry8/N//PHHuVZqXkAHmNvtDgsL4xZ7bmho0Ol0GzZsQE2ZTBa8NxwBYE6Ys+/8n4fi6o8fP+7t7bVYLCtWrBCJRGfOnCkoKDh58uSU1+5wONLT03U6HV3NE4dYLNZoNMyD4FFTU9PS0vLGG2+IRKLdu3c7nc6amppvvvkmqJMuAh49etTa2kpXUQKAxQn5Nker1dbW1qJjk8kUGhrqcrlQ8+DBg8eOHTMajSkpKRKJRC6Xo/fUqP/tLVRXV8vlcqVS2dzc7HK56BlZ71t4PJ59+/ZJpdJ169adOHGC+Uw9UwJFUUajMTU1VSqVqlSqnJwcs9nMEov6cPXhPc8dS4Nmr62tZb3ig87X19er1WqZTKbT6ZA1cP1ZXLlyZfv27ayNF+a7F9XV1UJ2clgSrFZrWFgYejva6XRGRUV1dXXxDuzs7CRLZnbgWjsvL6+qqorukJKScvHiRWRGZkVRtB/IFc59eQItpK6uTq1WR0VFFRQU0NHFXSZBDq0wr+sDsjAhnuk+AiOWGWDopTHWXNXV1byBRzf9+gsA5j9+ckxzc/POnTvRcVVVlVgsbm1tRc34+Piurq6mpqYLFy64XC6Hw3H06FGtVkv9r5zM3r17HQ5HZ2cn2m6m62az3hsvLy/Pz8+3Wq1ms3nHjh3nzp3DSVAoFM3NzWNjY1ar9cyZM+iFMqZYiqJ49cGdZ42loUsV2Gy2wcHBzZs3o1IF6HxhYaHdbh8cHExLSysqKiL0Z2KxWFQqldFoZF1H0Dvk9EBmAVoWTPVYF6yqqir0RlhxcTEqJs2LUqlMS0vr6enh/sloNKalpTG/DOBa+9q1a3RZILvdLpFIXC7X8PCwRCLBzchk3759WVlZzJfAaS/b7faBgYHU1FQhZYm5ctB5nOsDsjAunpmaCI9YOsCsVitrLW63Wy6Xx8fHq1Sq8vJy3tcVCf4CgIWCnxzjt5w+szOhIDmFf99bYIX2aZb4xunJO3YI8/MEQ5iq4Lj+NMPDw/Hx8Sg9s2oi4erGD3MgLNnr9W7cuLGiokIul9NvQXNxu93V1dUymSwvL48unTIwMJCXlyeTyaqrq2lH8FqbW+adpcyxY8fQxZpbK563mNUQscg8r3dwRbFY0C6emoVZQliaCIxY5kDuWurq6tBr5yjz8ZZd4fUXACws/D9XlpiY2NXV5XA4YmNjXS6XQqHw+XzNzc2oQF5vb296erpKpZLL5TKZDFcAg8LkGFRVm/4gKZPJ0Bu/vBLy8/MTExNLS0vr6uq+//57rlicPgHpic4zP5ubzWZerYYYJR15+9OkpKTQH7eZQtDdAHPgFPbKEOjn1+hZCIyNjWm1WrqGoFgs1mq1zE0qBK+18/Pz0RTp6ektLS0URTHvY9Btza1bt7irsNvtoaGhdHNgYECpVJKrevAuk1cOOuZ1caAW9hsnAUUsIcdoNBo683V0dNAfYrhCWP4CgIWF/+fKUD3869ev89bD12q127dvNxgMJpPpxo0bwr4D+j90NW+TyWQymfr6+gjF1a9evdrc3JyQkOD1ektLSw8fPsztg9NnmnpOh5GRkb6+Pl5tCcRwIPd3OBwhISEOh4Pc7c6dO6gyYGVlJTpTWVlpMBiKi4vv3LnD7MlrbfSriA8ePDAajajsOdoLevr0qUgkioyMXLNmTWhoaFhYWECLnRECdTGvhf0KCShicTx48MBqtdK/SaPRaOx2O29Prr8AYIHhNwsR6uELL0hOYe5jKMEV2lkEVOI7ID0pzt4X/fMEhPsY3v4In8/HrJZI2Ctj1o0PaK/M5XIplcrW1laZTIbKj/NSVFQklUpLS0udTifzvNPpPHr0qFQqRV8vcaGtzSrzjlCpVPSNDkVRdXV1GRkZLAm4vbJA72Nwe2U4FwdkYYFxIjxicfcxKFHRq2hvb+ctg4/zFwAsIAS9g0mohy+wIDn177rZzA4CK7TjSnyzCrPjSnzznmeNZZagF/H9PAE5x3D70zC/2OD9zp9bN54A1zjFxcV5eXkURVVVVe3YsQM3UKfT8T7xRYulXzIn/BADq8w7RVENDQ3oAZDR0dGWlhaZTNbd3c2Vzy38LiTHeP6Nz+fDFZbHuT4gCwv5zQWBEUsxAsxms7GejNBqtRkZGUNDQ319fZs2bbpw4QJFUYODg0z1yP4CgAWBoBxDqIcvsCA5gq6bzXp2WUiFdkKJb2ZhdlyJb9x5XpXQMffnCQg5hrc/qxtTON3E1Y0nwJLQ09MjlUrRR3WPx6NWqy9fvuxXCBmCtVll3hHoPf/Q0NAtW7bgnpzGPbvMXBfLUNzb7qamJtyzyzgXB2RhIb+5IDBiESjAmpubJRIJ83t7p9NZUFAgk8nWrVtH15i5du1aQkICQT0AWHC8QFHUrO3LLRTu3r27efPmR48eBak/8Bzy4Ycf9vf3f/fdd7gOT5482bhx46effrp///7ZVAwAgsr8qu0PAIuVuro68tMBy5Yta2lpee2112ZNJQCYBaC2PwDMBkuXLn3llVfIfSDBAIsPyDEAAABAsIDvYwAAAIBgAfcxAAAAQLCAHAMAAAAEC8gxAAAAQLCAHAMAAAAEC8gxAAAAQLCAHAMAAAAEC8gxAAAAQLCAHAMAAAAEC8gxAAAAQLCAHAMAAAAEC8gxAAAAQLCAHAMAAAAEC8gxAAAAQLCAHAMAAAAEC8gxAAAAQLD4D50PVFujhTVkAAAAAElFTkSuQmCC)

Screenshot: genealogieonline.nl  vulnerability

Mirror: Click here to view the mirror

Coordinated Disclosure Timeline

Vulnerability Reported: 6 May, 2020 01:59 GMT
Vulnerability Verified: 6 May, 2020 02:12 GMT
Website Operator Notified: 6 May, 2020 02:12 GMT
a. Using the ISO 29147 guidelines
β€” β€”
b. Using publicly available security contacts
c. Using Open Bug Bounty notification framework
d. Using security contacts provided by the researcher
Public Report Published
[without any technical details]: 6 May, 2020 02:12 GMT