Open Bug Bounty ID: OBB-1156806
Following coordinated and responsible vulnerability disclosure guidelines of the **[ISO 29147](<https://www.iso.org/standard/45170.html>)** standard, Open Bug Bounty has:
&nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence;
&nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence.
Affected Website:| **[smapp.rand.org](<https://smapp.rand.org>) **
---|---
Open Bug Bounty Program:| **Create your bounty program now**. It's open and free.
Vulnerable Application:| Custom Code
Vulnerability Type:| **[XSS (Cross Site Scripting)](<https://www.owasp.org/index.php/Cross-site_Scripting_\(XSS\)>)** / CWE-79
CVSSv3 Score:| 6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N]
Disclosure Standard:| Coordinated Disclosure based on **[ISO 29147](<https://www.iso.org/standard/45170.html>)** guidelines
Discovered and Reported by:| **ELProfesor **
Remediation Guide:| **[OWASP XSS Prevention Cheat Sheet](<https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.md>)**
Export Vulnerability Data:| Bugzilla Vulnerability Data
JIRA Vulnerability Data [ Configuration ]
Mantis Vulnerability Data
Splunk Vulnerability Data
XML Vulnerability Data [ XSD ]
Vulnerable URL:

---
HTTP POST data:

---
**Screenshot:** 
**Mirror:** [Click here to view the mirror](<http://1156806.openbounty.org/mirror/>)
### Coordinated Disclosure Timeline
Vulnerability Reported:| 6 May, 2020 12:48 GMT
---|---
Vulnerability Verified:| 6 May, 2020 13:02 GMT
Website Operator Notified:| 6 May, 2020 13:02 GMT
a. Using the ISO 29147 guidelines| 
---|---
b. Using publicly available security contacts| 
c. Using Open Bug Bounty notification framework| 
d. Using security contacts provided by the researcher| 
Public Report Published
[without any technical details]:| 6 May, 2020 13:02 GMT
{"id": "OBB:1156806", "type": "openbugbounty", "bulletinFamily": "bugbounty", "title": "smapp.rand.org Cross Site Scripting vulnerability ", "description": " \n\n\nOpen Bug Bounty ID: OBB-1156806\n\nFollowing coordinated and responsible vulnerability disclosure guidelines of the **[ISO 29147](<https://www.iso.org/standard/45170.html>)** standard, Open Bug Bounty has: \n\n&nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; \n&nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence.\n\nAffected Website:| **[smapp.rand.org](<https://smapp.rand.org>) ** \n---|--- \nOpen Bug Bounty Program:| **Create your bounty program now**. It's open and free. \nVulnerable Application:| Custom Code \nVulnerability Type:| **[XSS (Cross Site Scripting)](<https://www.owasp.org/index.php/Cross-site_Scripting_\\(XSS\\)>)** / CWE-79 \nCVSSv3 Score:| 6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N] \nDisclosure Standard:| Coordinated Disclosure based on **[ISO 29147](<https://www.iso.org/standard/45170.html>)** guidelines \nDiscovered and Reported by:| **ELProfesor ** \nRemediation Guide:| **[OWASP XSS Prevention Cheat Sheet](<https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.md>)** \nExport Vulnerability Data:| Bugzilla Vulnerability Data \nJIRA Vulnerability Data [ Configuration ] \nMantis Vulnerability Data \nSplunk Vulnerability Data \nXML Vulnerability Data [ XSD ] \n \nVulnerable URL:\n\n \n--- \n \nHTTP POST data:\n\n \n--- \n \n**Screenshot:** \n\n**Mirror:** [Click here to view the mirror](<http://1156806.openbounty.org/mirror/>)\n\n### Coordinated Disclosure Timeline\n\nVulnerability Reported:| 6 May, 2020 12:48 GMT \n---|--- \nVulnerability Verified:| 6 May, 2020 13:02 GMT \nWebsite Operator Notified:| 6 May, 2020 13:02 GMT \na. Using the ISO 29147 guidelines|  \n---|--- \nb. Using publicly available security contacts|  \nc. Using Open Bug Bounty notification framework|  \nd. Using security contacts provided by the researcher|  \nPublic Report Published \n[without any technical details]:| 6 May, 2020 13:02 GMT\n", "published": "2020-05-06T12:48:00", "modified": "2020-08-04T12:48:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://www.openbugbounty.org/reports/1156806/", "reporter": "ELProfesor", "references": [], "cvelist": [], "lastseen": "2020-08-20T03:13:52", "viewCount": 1, "enchantments": {"dependencies": {}, "score": {"value": -0.2, "vector": "NONE"}, "backreferences": {}, "exploitation": null, "vulnersScore": -0.2}, "openbugbounty": {"patchStatus": "unpatched", "mirror": "http://1156806.openbounty.org/mirror/"}, "immutableFields": [], "cvss2": {}, "cvss3": {}, "_state": {"dependencies": 1645486263, "score": 1659823045}, "_internal": {"score_hash": "f4889c60456e7281a1561693e28f0628"}}