Open Bug Bounty ID: OBB-1156712
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:
      a. verified the vulnerability and confirmed its existence;
      b. notified the website operator about its existence.
Affected Website: |
muskogeenow.com |
Open Bug Bounty Program: |
Create your bounty program now. It’s open and free. |
Vulnerable Application: |
Custom Code |
Vulnerability Type: |
XSS (Cross Site Scripting) / CWE-79 |
CVSSv3 Score: |
6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N] |
Disclosure Standard: |
Coordinated Disclosure based on ISO 29147 guidelines |
Discovered and Reported by: |
Dipu1A |
Remediation Guide: |
OWASP XSS Prevention Cheat Sheet |
Export Vulnerability Data: |
Bugzilla Vulnerability Data |
JIRA Vulnerability Data [ Configuration ] |
|
Mantis Vulnerability Data |
|
Splunk Vulnerability Data |
|
XML Vulnerability Data [ XSD ] |
|
Vulnerable URL:
![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAAA3CAIAAABVZQ1/AAAACXBIWXMAAA7EAAAOxAGVKw4bAAARvElEQVR4nO2db0xT1/vAr1ixwgX5U6rWOoEZNMYwsjDGNnVGiRpGTGXoHGPKIlNiCCMMjUPDkBkkCiZzG/HFTJxZnC8MM8QYtnXGdIz5t6tdRWyYqbVWhqUTVxQRub8XJ9+T+7v3nNPbSvn7fF7dc3rvOc95nufcp/fc9jlTBEHgAAAAACAEhI22AAAAAMCEBWIMAAAAECogxgAAAAChAmIMAAAAECogxgAAAAChAmIMAAAAECrGboxJSkq6fv06rQiMImALAAAUMkZjzF9//TU0NPTKK68Qi8AoArYAAEA5fmLMnTt3oqKiiB/19vYeOHCAVnxBmpub161bRysOL4wxAnKCsIVEw+NR4cPr3gExHtXFcdydO3diY2MDvWS4Riq217ArMFBnCEIVE4ngn2MePnxYW1tLK74gIxljgIB4cVvMnz/f4/EMlzwjw/C6d0CMR3WNOmJ7DbsCR9EZxiNjca3s/v37drt9xYoVxCIwigyXLaZPnz4c4kwWQF0vCChwFFEUY7788sukpKT4+PgPP/ywt7eX47je3t7ExESfzzdlypTvvvtOXDx8+HBUVNShQ4dmzZoVGxu7ZcuWJ0+eoHauXLmybNmyqKiouXPnvvvuuzdv3iR219zcvHr16mnTpkmK6Jm3oaEhKSkpMjLyvffe6+np2blzZ0JCQnx8/EcffdTX18eRVmbED6psGW7cuBEfH//bb7+hYl9f3/bt2xMSEubNm7dv377nz5+j+vv377/zzjtRUVFJSUkNDQ24/adPn27dujUqKmr+/Pmff/45Op9YKR5LbGzsBx98gBRL63T9+vWHDh1CJ1y/fn369On4/O3bt+/cuVM8iufPn3/22WezZs2KjIzcsGFDT08PrWWFKpWbBl1ItDJNaWKLYAMRRSVqjMaVK1feeOONGTNmJCQkbNiw4d69e6j9AwcOJCQkzJkz59ixY/IaRi9yD5F4O00StnolVlY+TKwudmtEzchdndYp0RBEUzLEuHfv3po1a6KiohYuXHjy5EmGbDTxONLdhiYJrV5iLyUKpM1oOXJnIMpAU4XcXdlamgD4jzE+n89isbS1tV2+fNntdu/evZvjuJkzZ3Z0dPA839/fX1BQIC6uX7/e5/Ndvnz56tWrV69eNZvNBw8eRE3l5OQUFhY6nc7W1talS5eq1Wpij4yFMiRMa2urxWJxu92LFi3yeDxWq/XixYsOh6OystLvcBgy9Pb25ubm1tXVLVu2DNWUlpa63W6z2dzS0tLc3NzY2IjqS0pKwsPDOzs7jUbjiRMncAs1NTWPHz+2Wq0tLS0mk+no0aO0SjQWq9WKFOt0OrHwxE5zcnKMRiM64ezZs0NDQy0tLahoNBqzs7PFYzx48KDRaDQajXa7XafTtbe3M1oOSKUSWxCtTFMaEaKoNI0RMZvN27Zt6+rqstlser2+pKQEydbR0WGz2Y4fP7506VJiDa0XuYdIvJ0mCU29RCsHOkysc1prcoiuTuuUaAiaKWlilJSUREdHt7e3nzt3zm+MIYpHvNswJCHWM+zFkJw4o+XIGyfKQFMF0V0nOAITh8PBcdyjR49Qsa2tLTk5GX/E87z4TFRElzidTlTf1NSUnp4uCILX61WpVP39/fJenE5nYmIiOvb5fDzPe71eeRG1/PDhQ/RRa2trWFjY48ePsWwLFiwgChYTE4OOiTLg87Ozs3fs2IHrBwcHeZ6/ffs2KjY3N2dmZqJ6tVqN65uamnD7Go3G5/OhY4vFkpGRQauUKLa1tRUpltap2+2OiIhAkmdkZJSXl+fn56N2oqOjBwYGxCPSarVms1miZGLLClVKs4XcyrReiK5CE5WoMSV0dnbOnj0byYZdCEsrrqH1QvNSyRDkMNQrt3JAw5TMLFprEmgDoXUqNwTNFRmuq1arxS6B54VC8Wh3G8ZMJNYL/99efhXImNFExI0TZVCoCuSujI4mBiq/QYjnebyyodPpvF6v30vUavW8efPQ8aJFi5xOJ8dxsbGxeXl5mZmZK1eu1Ol06enpb7/9Nm62ra0NHf/8888ZGRn4WVVS5Hl+5syZ6Fiv10dHR8+YMQM34vfNHkOGPXv2tLS0fPvtt/jk7u7ugYGBpKQkPBDko93d3UNDQ+J6dPDvv/96PJ7ExERUHBoaUqlUxEo8FqxYvV6PFEvrdM6cOSkpKW1tbYsXL3a73VVVVSkpKc+fPzcajVlZWXhdkeO43t5er9ebmpoqGTutZeUqldiCaGVaL0SIojI0lpCQgE978OABOvjzzz937drV3t4+MDAwNDQ0NDSEBiVZ7pDU0HpheIgYuSQM9cqtzBCAOEbxKIityS8kDoTWKdEQDFPSXJfjOLFLMNRF0zPxbsOYicqdjS05cUYTJZdAlIGhCqK7Tmz8x5hh5Icffrh27ZrNZnO73eXl5W+++eZXX33FcdzUqVPnzJmDzgn1L8rkMlRUVDx+/LipqenUqVMlJSW5ubn4nhsQ/f39YWFhV69exffEsLAwYmVwkmdnZxuNxtu3b+fk5MycOTMtLc1kMskXyhBTp04NrhcGIfp1n0RUhsYsFov8coPBUFRUdPToUbVa7XK51q5dq6RTRi80LxVDlCQgaAIE3bL8QvlAKisrGd4YCp+hyUYUr6KiIkQCBM2LG1pCcO46vmE/5jDWnRSulZ05cwatokiwWCx6vV5SOTg4qNFo8IOnpMgQRlx89OhRWFiY+ImY9uSLZHA4HCqVqr29XRCEnJyckpIS3DtjrczhcKB68YMwz/PylR9iJW0sjMf/tra2jIyMdevWnTt3ThCExsbG0tLS2bNnu91uSeNardZisUgqFa5iEVUqkGxBtHIQa2VyUYkaI9Ld3a1SqXDRYrHExMTI17WIK11KesFeGvRaGUO9CocpnlmM1hQOhNap3BCMtTKa64oXiM6cOROoeIFOiiDWyhiSE2c0kUDXyrAqiO6qUEXjl+BjjM/nU6lUdrtdUkR3n7y8PJfLZbPZ0tLSqqurBUFob29fu3bt+fPnPR6P0+ksKirKycnBLaOVWZPJtGTJElwpKSq/IWZkZBQVFXV1ddnt9qVLl+J6ogziZjs6OtRqtdVqRcWioqJ169Y5nU6bzfbqq68eOXIE1efl5RkMBofDYbPZUlNTcfvFxcWZmZnoq9nBgwdrampolYyx0DoVBEGr1Wq1WqQrl8sVHR2dlpYm0aEgCLW1tRkZGVar1eVylZSUmEwmWsvKVSq3BdHKxF4ePXqkUqk6OjoGBwclYyeKStQYDa1W29jY+PDhQ7vdbjAYlMcYYi80L5V4O5FA1atwmMHFGNpAaJ0SDUF0RYYYBoNB7BKBihfEpKDVi+2lRIG0GU1E4gxEGWiqkLsro6OJQfAxRhCE6urqiIiI48ePi4sNDQ08z9fV1Wm12piYmM2bN6N3yAMDA9XV1SkpKeHh4VqttqCgoKurS9JLRUVFZWUlbl9SVH5D7OzsXLlyJc/zixcvPnLkCK4nyiBptrS0dPny5ejY5/Nt27ZNo9Ho9frq6mp0ixQEoaurKycnh+f5xMTEuro63H5/f39ZWZler4+IiMjOzkbfboiV7OBN7FQQhPz8/Ly8PFxMT0/H+pF8t9q1a5dGo1Gr1QaDwePx0FpWrlKiLeRWpsm/e/du7Cp+RSVqjIbJZEpPT1er1bNnzy4vL1ceY4i9MLxU4u1yAlWvwmEGF2NoA6F1SjQE0ZQMMVwu1+rVq3meT0lJqa+vD1S8ICYFY7JgeylRIG1G0xA7A1EGmirk7sruaAIwRRCE4V18u3PnzpIlS/77778grl24cOGJEydef/11YnFscuvWreXLl//zzz+jLUhokdjiRawMAGOZSTKjR4wRfefvl1u3bjGKYxOLxZKcnDzaUoSccWELAHhxJsmMHjHGYi6Zsc8XX3xx7Nixl1566fvvv6+srCwuLh5tiUaamzdv9vf3M0549uzZ+++/D18GgXEBmtEPHjy4dOnS5JzRoQNiTDCsWLGioaHh7t27+/btKy0t3bJly2hLNNJ8+umn7B9hT5s2LTw8fAz+GhUA5KxYsaKxsVGv1xcUFEzOGR1CgniH4/V6CwsLNRqNTqfbtWuX5E/mfhG/ggvilZfkxV1ZWZlarWa8iQ0R+/fvx79yVo7fn8AG1NSLa085KNcsOvZ4POivP6jY3d2dn58fFxen0+nKyspwvdlsngx/YwYAgEEwzzGFhYUDAwMWi+X8+fNtbW1VVVXDHvkYiDN19/T0HDly5OLFi4wsUiFism03IM5n7vP5IiIicC7bzZs3q9Vqm81mMpmsVuvevXtRfVxcnM/nGx1xAQAYGwT8zv/Jkydms7mjoyMyMpLjuMOHD+fn5we0Y49KpUpJSREfBAq+u6Gb3cjvyQjbDWD6+vouXLjg8XiQP9TV1eXn5+MU0QAATHL8PMd88803a9aswcU9e/YUFxffvXsX3VA4juvs7NTpdJzivP0cx82dO/fatWvo4NKlS6jyp59+YkuCT8CZunt6euQZvCX524mZtJUntKclQhfvPhBo/nMJxMtpCcADzZ3uN4s4Y98BsSYZye0jIyOfPHmC/WFgYCA8PJxhPgAAJhV+YozBYDCZTPhvEM3Nzbm5ufjTW7duVVRU1NfXc/Sc+QkyiB0VFhauWrUKxR4JV65cWbVqVWFhoaQ+Pj5ekmRbnr+dlklbYUJ7WiJ08UJZoPnPJRAvp4lNSxhOVLKSLOKMfQfEmlSY3J7juP3792/evFlez7AvAAATGb9vbDIzM0+fPi3873UxfqPrcrmSk5NPnTolMPP2u2QQe/H5fLW1tXFxcRs3bsRJGux2+8aNG+Pi4mpra3FCcmImIoGSv10MzqTtUJzQnpgIXZziPtD855JX7oyES3KxGQnD/SpZPHaxAIx9BySapKldTHV1dVZWFv6vtfg0on0BAJjw+I8xdXV1hYWFgiB8/fXXGzduxPWZmZniVFqbNm1KS0srLy+vr6+/cOFCcNJ4vV6DwYDTxqlUKoPBgIMBghFj5Dc+s9mclZWl0+k0Gk1cXBy6KStMoILyfmv+R1xcnFarFQShqalp5cqV6GS32x0eHo6vtdvtxFs5blNST7ucKLbb7Var1fjk9vZ29u/K/I6dNkCiJv2q+syZM8nJyThvDfE0iX0BAJjw+H/nn5ubi9adzp49ixes7t+/b7Va//jjD3waLSO6fHGMuA0Dx3F///13VVWVyWSqqalBNTU1NfX19Tt27KipqXn55ZcVPpmJeZFM2rTs6yPwi7JAxSYq2W8jw7jvwI0bN4qLi1taWuLj42nnyO0LAMDER0kgWrJkidFojImJwYs/g4ODjEyF4rz9CtfKiouLeZ4vLy8XfxEWBMHj8ZSVlfE8X1xcjGqUP8fQMmkrTwQpT4Qu330goPznStbKaGIzcqfLlaxw7Er2HZBXSk7wer0LFiw4efIk4xKafQEAmNgoijFVVVWpqaniVPyCKJO84C9vvxIKCgrw/g1yHA5HQUEBPla+VkbMpK08xsgToUtS3AsB5j+XZLmnXU5LAK48dzqtEYkASvYdQIjzmTudTrxqNzg4mJWVVVpa2i8CfdTZ2YklZNsXAICJiqIYgzaDE/+XXnJfZmREH3YCijHETNrKY4w8Ebokxb0QeP5zcZZ72uW0BODKc6czGhELoGTfAQzOZ97f369Wq/HmHJInY9zR6dOnU1NTGRICADDhUZTbv6+vT6PRuN1uyR7pk5Bxsd3ACPDJJ5/YbLZff/2VdsLTp08XLVq0d+/erVu3jqRgAACMKRTFmB9//LGxsfGXX34ZAYGAccGzZ88sFstrr73GOOf3339/6623RkwkAADGIP5jTG9vb25u7qZNmz7++OORkQkAAACYGPj/rSreTHcEpAEAAAAmEsO/1zIAAAAAIGCPMgAAACBUQIwBAAAAQgXEGAAAACBUQIwBAAAAQgXEGAAAACBUQIwBAAAAQgXEGAAAACBUQIwBAAAAQgXEGAAAACBUQIwBAAAAQgXEGAAAACBUQIwBAAAAQgXEGAAAACBUQIwBAAAAQgXEGAAAACBU/B8A0KfP9TgLmQAAAABJRU5ErkJggg==)
Screenshot:
Mirror: Click here to view the mirror
Coordinated Disclosure Timeline
Vulnerability Reported: |
6 May, 2020 05:32 GMT |
Vulnerability Verified: |
6 May, 2020 05:47 GMT |
Website Operator Notified: |
6 May, 2020 05:47 GMT |
a. Using the ISO 29147 guidelines |
|
— |
— |
b. Using publicly available security contacts |
|
c. Using Open Bug Bounty notification framework |
|
d. Using security contacts provided by the researcher |
|
Public Report Published |
|
[without any technical details]: |
6 May, 2020 05:47 GMT |
Additional notification email sent: |
15 May, 2020 04:11 GMT |