Open Bug Bounty ID: OBB-1157197
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:
      a. verified the vulnerability and confirmed its existence;
      b. notified the website operator about its existence.
Affected Website: |
nambuk.kr |
Open Bug Bounty Program: |
Create your bounty program now. It’s open and free. |
Vulnerable Application: |
Custom Code |
Vulnerability Type: |
XSS (Cross Site Scripting) / CWE-79 |
CVSSv3 Score: |
6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N] |
Disclosure Standard: |
Coordinated Disclosure based on ISO 29147 guidelines |
Discovered and Reported by: |
NUMAN |
Remediation Guide: |
OWASP XSS Prevention Cheat Sheet |
Export Vulnerability Data: |
Bugzilla Vulnerability Data |
JIRA Vulnerability Data [ Configuration ] |
|
Mantis Vulnerability Data |
|
Splunk Vulnerability Data |
|
XML Vulnerability Data [ XSD ] |
|
Vulnerable URL:
![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAABLCAIAAAAphcDFAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAcMElEQVR4nO2dcVBUxxnAX/DEE06U4zgQiAK1yDjGEkqNWkwpcQzSK6FoCDGIhFhrKEXDpBaJtTSxxFDiEKKUZlKHOoyhGYdhGEqto8ZSyjBAT0JORCSK53le8UAwJ57nyesfO915fW93793pIer3+4u3b/fb/b7v3ft4+95++xTP8xwAAAAAeAGfhz0AAAAA4LEFYgwAAADgLSDGAAAAAN4CYgwAAADgLSDGAAAAAN4CYgwAAADgLaZFjImKivryyy9ph48lU6mjl/p6EtzEPTFqAoCXePgx5quvvpqcnPzOd75DPHwsmUodvdTXk+Am7olREwC8h4sYc/ny5Tlz5hBPjY+Pv//++7RD+TQ1NaWlpdEOHywMdTyu765MTqDj9evXX3vttaCgoPDw8LfeeuvOnTuowsjIyKZNm4KDg8PDw3ft2nX37l3c9s6dO6+++qqwR5oQYV+0QXoweJEKD0qgu1y+fDkwMFB+5Qer5v3IdIuPP/44KirK39//ueeeO3nypLe7A4AHjufPMWNjY2VlZbRD+UxljJkmYB1zcnKUSqXBYGhtbe3t7d29ezeqkJOTMzk52dPTc+rUqdOnT7/77ruo/M6dOykpKU6nUyiNJkTUl5dUeLx5uGp+/PHHlZWVhw4dMhqNO3fuzMrK+te//vWwBgMAHsIzGRoaUqlUck4xajIwm83z5s1zOBzEwweOu4OUU99dmVhHm82mVCptNhsq7+zsXLRoEc/zNpvNx8dnbGwMlbe1tcXExOC+9u7dK+yRJkTUF22QD8Rr9y/QA4aGhubNmye/8oNVk+d5k8kUHx/vrky3CAsLO3XqFD6sqanR6XRe7REAHjiynmM++uijqKiooKCgTZs2jY+Pcxw3Pj4eGRlps9meeuqpP//5z8LD/fv3z5kz5/e//31ISEhgYODmzZtv375Nk9zU1LR27dqZM2eKDtFExIcffhgVFRUYGPjaa6+hfjmO6+rqWrly5ezZs4ODg19++eWrV69y/5u4QPX9/f1feeWVkZGRX/7yl8HBwUFBQa+//vqtW7dwpx988IFobKJ5D+I8zNmzZ4OCgv75z38yDCWsg2S+//77wcHB8+fP/9Of/iTS0d/f//bt2/7+/qjc4XD4+vpyHGe1Wv38/ObOnYvKIyIihoeH0d8LFy585513hD3ShBDNK1WcUd7V1bV69eo5c+aEh4evX7/+3LlzRLFP/T8Mgbdu3frZz34WHBz89NNP//a3v713755Lh4qsd/Xq1RdffHHOnDmLFy8+cuSI1P6oFe3ak17G7PpYzUuXLvn7+585c4bjuJGRkcDAwC+++CI8PPzf//43rvz3v/9dOh4huALRsK+88srvfvc7XHnlypU1NTVmszkxMREX5uXlHThwgN0LAEw3XMcYm83W09PT3t7e2dlpNpuLi4s5jps7d25/f79KpbLb7dnZ2cLDn/zkJzabrbOzs7u7u7u7W6/Xl5eX04QzJspsNltvby/q12g0lpSUoHK9Xr9161aLxWIwGCIiIgoKCoTjbGtr6+npMZvNsbGxVqu1t7e3o6NjaGgIN7fZbN3/gz02IePj4xkZGfv27Vu9erX8Ojabrb+/32Aw1NbW4psFbfpl7969OTk5cgbDQCREZE+i4rRynU6Xm5trNBrb2toSExOVSiVRrP1/oMkchsDCwkKz2azX648dO9bU1FRdXY3KGQ4VWa+goCAgIKCvr6+lpYUYY1Ar4rVHvIwZ9YVqRkVFlZSU7Nixg+O4PXv2pKam/vCHPxT1m5ub+8ILLwijDqarq+uFF17Izc1lGDYzM7OxsRFVuHbtWk9PT1JSklKpxP8fcBw3c+bMhQsXErUGgOkL+zFnaGiI47ibN2+iw/b29ujoaHyKOFeGmhiNRlTe0NCQkJCA/jYajZGRkbiJzWZTqVSjo6PSQ1G/bW1tuF8hg4ODoaGhuL5wfsnHx2diYgIPG80g0cYm1QXNw+Dy1NTU/Px8momIdVBfWDuiypjS0tI1a9Y4nU7GYKQ9MoTwJHsSFSeWj46OKhQKu90u7YWogsFgWLBggdVqpQl0Op0qlerixYuovKmpacWKFVLhIocKe3E6nUqlUihZOlfGVlN6GTOuVZGaDocjNja2tLRUo9FYLBaiWcrKytRqdWZm5sDAACocGBjIzMxUq9VlZWVoPpNm2ImJiYCAADSS6urqtLQ0oZfffvttjUaj0WiIvwIAmM649z5GeL9jxBilUonL+/r6tFot+tvpdJrNZnyqoaEhOTmZeMjoV6/Xr1mzJiwsTKPRqNVqUTCQ1uf/P2YQx8aOMSUlJT4+PocOHWKYSFqHGAlEKiMaGxujo6OtVqtL3RmSRUJ4iT1pitOclZWVFRcXV1RUVFFRcfr0abYKq1atamxsZAg0m82+vr64fGBgAMUSXp5DkQSRZGKMcde/NPWlap44cYLjuKqqKp7O6Ohoenq6QqFAhwqFIj09Hf/rg6AZNisrCwlfs2ZNXV2dyWTCYxsbGzOZTB0dHfJfQQHANGFK18fMmDFj/vz5+NCzL8rS09Off/751tbWnp6elpYWrwxUwMTERENDQ319fXFxMX4n5EEdhFTHs2fPbtu2raGhISgoyONBEoXc5zdRn3322aeffrps2TKHw1FUVPSLX/yCJvbgwYPR0dEvvfSSZx1NsUNlIlXTYrH4+PhYLBZak6+//rqgoKC1tRV/B/juu++2trbm5+d//fXXuBrNsGi67MaNG52dnWlpaWjmGX22Pnfu3PDwcF9fXz8/vwevKgB4FXYI8uw5hhPMPzQ2NuL5ByFOp1Oj0eDJE9Ehrd/h4WH8TyLP8z09Pe4+xxDHdvPmTR8fH+HUHK6vUCj6+vp4ntfpdAUFBUQTEetI/xMX6cjz/Ojo6KJFi44cOSKsxviujCiZKERqT6LiMp3V09MTERFBVMFkMsXGxuI5JZpA2lyZTIfykrmyxsZGl3NlQjVpzzG00YrUHBsbCw0Nra+vV6vVyNcitm3bplKpioqKhI+SPM9brdYdO3aoVKpt27YxDMvzvN1uV6vVlZWVGRkZqCQsLEz4oFNRUZGSkiIVAgDTGc9jjM1mUygUeOoZH6Lf7YYNG0wmk8FgiIuLKy0txRLwTHRra+vSpUtxueiQ0a9Wq62urh4bGxsYGEhPT/cgxhDHtnz58i1btlgsloGBgcTERKnY/v5+pVLZ29srUoRWR3qXFOnodDrXrFlTWFhoF4BOpaSkZGdnm81mNJjdu3fTnEITIrUnUXFaeV9fX0pKyqlTp6xWq9Fo3LJlC/pqViSW5/mMjIyjR4/irhkW3rJlS1pamtFoNBgM8fHxeNJJjkMR6enpQsnYxUJf0NRkxBhpfama+fn5mZmZPM/v3bs3KSmJl5CdnT00NCQtxz1mZ2czDIvYuHFjQEDA559/jg6rqqqio6NPnTo1PDxcV1enVqvb29tpXQDA9MTzGMPzfGlpqZ+fX21trfDwww8/VKlU+/bt02q18+bNy8nJwe/eRa8xS0pKsCjRIaPf1tbWhIQEpVIZGhpaVFTkboxRqVTl5eXSsQ0ODiYnJ6tUqiVLllRVVRHFFhYWPv/886JyOXVoOoqeKfGYh4eHN27cqFarw8LCiouLRUs0RL0ThRDtKVWcVu5wOEpLS2NiYnx9fbVabXZ2NnrRLRLLSzbqZljYZrNt3bpVo9FERESUlpbibxPkOBRhMpnWrl2rUqliYmIqKiqkNdHf0muP/b5NWl+kZnd3t0qlQo87drs9MjLy8OHDvEfQDItobGxUqVTYYjzPV1VVRUZG+vr6xsfHC9fKAMCjgosY4wEy17vFxMR0dHTQDh9LplJHL/U1zd3k7lpLWv1priYAPEIo7utlzn1w/vx5xuFjyVTq6KW+ngQ3cU+MmgAwBTz8vMuPJV9++eWbb75JO3v37t1XX331P//5j0xpkF4eAIBHFIgxXiE3NzcyMpJ2dubMmb6+vm+//bYcUZBeHgCAR5dHI8a4lcj9oSDc2mBkZKS3txelHuE47saNG5s2bUK593/1q1+hFQ87duxAa/pcghdq3Lhx4/XXX0cJ/7Gcy5cv41xhM2bMiIqKeu+993AqMGn+eaElGW2/+eab7du3L1y4cPbs2YsXL/7ggw+EMp+S8NFHHzFasaXhEQolz5w585lnnvnLX/7i0j7CfRBqampGR0c5jrt06dJLL70UGBgYEhLy05/+VJidTNh24cKF33zzDc1HIoSmk+6nIDVLVFQUqkwUfv78+XXr1s2dOzckJOSNN97AIxQJWbduHUN3ohAh69at++Mf/ygske4NQRNCGyFtRwOimkRHcMzdK4gGl1Mft6I5wiVsF9PKGV6jqU+E4c1//OMfzz77rL+//8qVK7/66ivhgGnumD73zEcjxkx/hFsb2Gw2Pz+/WbNmocO8vLzJycne3t4TJ060traiamq12mazyZGMY0xubq7D4UAJ/9vb2/fs2YMqoMV6drvdZrM1NjY2NzfL32SB1jYvL89oNB4/ftxoNFZXVx87dkyv10tbYVCSMVortjTieMxm8+7duwsKCv7617+yVSDug6DT6WJjY/v7+zs6OqxWa35+PlsI0UfsTqX7KQjNsnfv3mXLljGEp6amRkRE9Pf36/V6u92+bds2om2bmpoYw6AJQZw/f16v1wvz1xH3hqAJYQuXaUOaI2i7VzAMLr8+zRFuwdh3g+16odfcug4ZBs/KyiotLTWZTCkpKXl5ebh84cKFVqvVA+2mlAf+FYFnedRdypzmWTRoXzPb7XaFQiFcULlkyRJetpVwevmJiYmIiAhpDn+pHNwF8SxjFS1uOzExIRwzQ1MhtFbypUkl19TUpKamEhsiiOtVpes60TpH2shpPpIOFZmOuJ+CxWIRLpBcsmRJQ0MDTbjdbq+srMRrfnt7e9kjJEITgsnPz5eurBLtDUET4u4IiWrSHOFylTEeLTa4nPoImiPkwHYxrZxmE5r6RNje1Gg0JpOJ5/nm5uZly5a5pctDx/VzjDQlOyPxvltyUDkxtTsnI5E7hpahnZgfnjgMmVsD0DoS7XQgHJvdbp+cnMT59pVK5cTEhFQFWmZ4nF5+9uzZV65cwTn8BwcHw8LCiE2USqXoH1X5oLaTk5McxykU7n1zSGvlmTTE8uXLDQYDowJxH4Tg4OCYmJiDBw9yHHf79u2amhphhnzpvgMMHxEvQuJ+CiEhIX/7299QSVdX1/DwsE6nowmfNWvW9u3b0SzH3bt36+rqkpOTsbm2b98eEhISEhLy1ltvMX4mDCEcx42Pj9fX1+Mk1gjp3hA0IWzhMm1IcwRj9wqiwWn1ibcOmiPu3bu3a9eukJAQf3//l19+eWRkxF0XM8qJXmNch9LBsA2en5+fmpr685//vKSkRHgzFM2Vyb9nTikuo1BeXp5OpxMuz0br/nJycvBCdFG+YWJUl8pB5TU1NYcOHRobG7NYLDt27EhPT0flaFG30WgcHBxcunQpjskaCXi1Nq4sXMSek5NjsViOHTvW399PGwaqmZ2dbTKZkEYajSY3NxcpmJSUVFhYiKtJO+J5Hm9t4HQ6RRZISEjYsWOHw+G4efOmTqfbsGGD1EqhoaHJycnd3d0io6WmptbV1YkK+/v7w8LCOjs7pXKGh4dTUlJ27txJ8wXjOUbYNi0tTafTtbW14X/ZXPqX0UqmNPZopX6XNsH1L168GBAQoFQqFQpFbGws6pfhPqKPePpFKCQlJWXfvn3Ckvz8fHTBsIXzPN/Q0KBQKJKSklCqAjTCkpKS4eFh1GNFRQWqSfuZSIUgKioqcnJypKMl2pkmhDZC+TakOYK2YppocFp9hk2kjigrK0tISOjt7TWZTIWFha2trYweRUhdLCxneI2oPmMwNEeUl5erVCo/Pz9hTmGpZeTfM6W6eA8XMYaYZmqImXifeAW7m9qdkcjdJGGImdFdlB+eOIyh+9sagGfeK/v6+uLi4nBCw+PHj0vrEDPDE7Pom0ym6Ojo+vp63BfHcei6UavVSqVy27ZtotwqwmsLJzZmt71582ZxcXFMTIxCoVi0aJFwWb5UJk7RRmvFliYzxkj9Lm2C6xcWFsbHx3d2dh4/fjwiIuLTTz9lu4/oIzm7CYj2U+B53m63z5s3T6/Xsy8AxMTEBMpbU1NTg9oK1342NjYuX76cl4B/JkQhiOjo6J6eHuKECfEXShQiLXfXhjRHEL1GMzg7iwfRJrzEEVqtVugUhGcuFpUzvEZUnzYYhNQRKIOqxWJJSkpC04CDg4PShOJu3TOJXXsJFzGGmJLdZeIW6RXsbmp3OYnchT3KyejOGIb8VDS0VPDseyXP82NjY/v37yfGJIwoMzwxi/6KFSuE6eWHhob8/PzQdWM2m0W/BOFZhDA/PLstwm63t7e3r1ixAs/sS2VKt8ORtmJIkxljiBAd53A4/Pz8cGa5I0eO4P85aO5DiHzk8iKU7qfA83x9fT1xxlwkXEhLSwtx2+b+/n72z4QmBF858mMMeyS43C0bMhxB/LnRDE6rz7aJ0BFjY2MKhUJ6hXvmYkY5L/AaTX3aYIQIHYEDktls1mg0ZWVlHR0dcXFxIsu4dc+cSh7+d2XupnYPljAFg7x//Pz8Kisr8cdgUqSZ4aXp5a9du9bb24uzwSN8fHzCw8PDw8Pnz58/Y8YMkVh8FhEaGiq/Lcdxs2bNWrlyZVVV1eeff06TKf1EktiKUU5jdHQ0ICAA/S3f76Ojow6H45lnnkGHcXFxJpNJTncufSSEtilDbW2t8MsfovC7d+92dXXhU9HR0WazmdgLepvFkX4mDCFVVVX403k2NCHyR8hQ02NHyIR965A6gniFM6C52OV+HMhrbPVFg6EZ/Pr166Ojo88++yzHcfPnz6+trd2zZ095ebnwFaNLHu4900WM0Wq1vr6+ly5dQof9/f2MpYUeyLl+/brZbP71r3/9rW99Kzw8HG/oq9VqOY67cuUKOhwYGMCieiRwHGe324WVFyxY4CV1ZHYkpba2VqPR/PjHPyaeffPNN+Pi4kJDQwcGBnbt2sVx3L1795qbm0UxRqvVst+BPyjQNw4Y9J7J41aeSeM4rrOzc+nSpehvot81Gs3ExAT+5MRkMmm12pCQEIVCgbdsEXqZ7T6RjxgX4Y0bN9LT0/fv3y9aG3v16tXTp09v3LhRqotQ+OTk5KpVq27cuCEaycmTJ9HdBNHX18f4mdCEcBx3+vTp3Nzc4ODg+Pj4mzdvMm4rNCEM4fJtSHME0WsMgxPr024dREfMnTtXrVZLk2V44GJpOc1rNPWJg6EZXK1WKxSKCxcuoPIf/ehHeXl5DQ0N0k/J3b1nTh0un3SkKdnlzJWJ1k84nU63Urvz9ETuUobkZXSnqSOtyZgrI3bE//9OB0ajUfjQyvO80+mMjo5uamrCJYODg8IupJnhpenlEaJXsuyvXd39dhnR39+v1Wo/+eQTs9k8NjaGRlJWViZsJfUvrZUcaVLJVqu1vr5eo9E0NzfTtEMQ90EoKChITk6+ePGiXq+PiYlBqcEZ7uNJPuIpFyFjU4Z9+/ZJ3zwThet0uqysLJPJ1NPTs2TJkurqap7nx8bGNBrNnj17rFarXq9funQp+2dCFMIL5t87OjoCAgJEU/Aiv9OEEMvdtSHRETSv0QxOq0+7dRAdUVZWtnz5cvSaHU0YeOBiYjnDazT1iYOhOSI/P3/VqlUGg8FqtaIQHhoaiixAfOcv5545lbiOMdKU7C7vyNJIVlNT41Zqd56SyJ3IkLyM7jR1pDUZMYa2bQEv2OnAbrcrlUr86p7n+cOHD4umuY8ePcr+zl2aRV86MJqOjLNyYgzP8y0tLUlJSQEBAX5+fsuWLfvkk0+EEqT+raysZLRiSyPuU6BQKJYsWYI/bWBA3AfBbrcXFBRotdoFCxbgj3yG6PsO8CQf8fTdBETqY5PGxsaiPadFSIUPDw9nZWXNmzcvIiJi7969uLy7uzsxMVGlUkVHR5eXl+Ny4s+EJkRoXpfvY2hCiOXu2pDoCJ6+ewXtV0+sT7t1EB3hdDp37typ0WiUSmV6ejp+leKWi2nlNK/R1CcOhuYIu91eXFwcGRmpVCrj4+Pr6uouXrzo5+fX2toqcqX8e+ZU8hQv2QLkkePy5ctLly5FSUGmSUfbt283GAwnT54knr1z505sbOzu3bvfeOMNmoTFixcfPnz4ueee83y4AAAAD5uHltv/8aaiooIx6Tlr1qy6urrvf//7DAmQXh4AgMeAh/9d2WPJzJkzv/e97zEqsAMMAADA4wHEGAAAAMBbuBdjcL5oRk5pdnMPWrEZGRnZvXu3UqkUJv12N0e6THAqeAAAAEAOHj7HTJ+c0rSk327lSAcAAAC8gefv/PH+KA+RW7duHTt2bHR0FOVkraioyMvLe++999DZ6TBCAACAJxnXzzHEfNHCWa+urq7Vq1fPmTMnPDx8/fr1586do+XAlyLNzn3w4MEXX3wRV3jnnXc2b95MGxsjSTgtRzoAAAAwZbiOMQUFBQEBAX19fS0tLcQ9CXQ6XW5urtFobGtrS0xMREkdbDZbZ2dnd3d3d3e3Xq8vLy8nCtfr9Vu3brVYLAaDISIioqCgID09vbW1Fb/2aGpqysjI8ECxiYkJlUplMBja29tPnDhRWVnpgRAAAADgvmAv0XSZbXt0dFShUEgTnHCUZPuMRek4O/eKFSuOHj3KC5KL0JrQ1ufLzJEOAAAAeBUX72PQ1NPTTz+NDmNjY0UVAgMDN2zYsGLFiuTk5LCwsISEhB/84AccxymVSmEro9FIlH/mzJmdO3f29fU5HI7JyUmUrzQ9Pb25uXn9+vXNzc2pqakevFaZNWuWcIU8YwAAAACA93gA62M+++wztIuOw+EoKioSZZ5nQ8zOnZGRgf5ubm72bKJMCs6RDgAAAEwZrnP7c5R80UK++93vbt68edeuXYcOHWpsbOTk5cCnZef+9re/rdVqT5482dHRkZqayhgeLUk4Lds2AAAAMJW4iDEzZsxISUkpKiq6evXq2bNnS0tLRRXOnTu3bt26L774YmRk5MqVKwcOHIiLi0OnhK10Oh3HcWq12m63nz9/Hn3lFRwcrFar//CHP4yPj1+4cEEoPCMjo6ioKDExkb1m09/ff+3atQUFBdeuXbtw4UJxcXFmZibHcQkJCSaT6Te/+c3IyMiZM2f27NmTnZ3trmkAAACA+8XlGxta7mv0st3hcJSWlsbExPj6+mq12uzsbIvFwsiBX1xcjBLgo0Nadm6UUBJXY0BLEk7Ltg0AAABMGV7J7X//yfZv3bql0WjMZrN0H18AAADgUWGa5sQ8fvx4YmIiBBgAAIBHmum4f8z4+PiBAweysrJwCW038osXLz7wJJsAAADAg2I6xhitVqvT6XJycnAJbb8vCDAAAADTmcdhr2UAAABgejJN38cAAAAAjwEQYwAAAABvATEGAAAA8BYQYwAAAABvATEGAAAA8BYQYwAAAABvATEGAAAA8BYQYwAAAABvATEGAAAA8BYQYwAAAABvATEGAAAA8BYQYwAAAABvATEGAAAA8BYQYwAAAABvATEGAAAA8BYQYwAAAABvATEGAAAA8BYQYwAAAABvATEGAAAA8BYQYwAAAABv8V/+X7x7vHpsbgAAAABJRU5ErkJggg==)
Screenshot: ![nambuk.kr vulnerability](/twimages/screen-1157197.jpg)
Mirror: Click here to view the mirror
Coordinated Disclosure Timeline
Vulnerability Reported: |
7 May, 2020 08:36 GMT |
Vulnerability Verified: |
7 May, 2020 08:44 GMT |
Website Operator Notified: |
7 May, 2020 08:44 GMT |
a. Using the ISO 29147 guidelines |
![](/images/done.png) |
— |
— |
b. Using publicly available security contacts |
![](/images/done.png) |
c. Using Open Bug Bounty notification framework |
![](/images/done.png) |
d. Using security contacts provided by the researcher |
![](/images/done.png) |
Public Report Published |
|
[without any technical details]: |
7 May, 2020 08:44 GMT |