logo
DATABASE RESOURCES PRICING ABOUT US

lovevivah.com Cross Site Scripting vulnerability

Description

Open Bug Bounty ID: OBB-1157352 Following coordinated and responsible vulnerability disclosure guidelines of the **[ISO 29147](<https://www.iso.org/standard/45170.html>)** standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence. Affected Website:| **[lovevivah.com](<https://www.lovevivah.com>) ** ---|--- Open Bug Bounty Program:| **Create your bounty program now**. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| **[XSS (Cross Site Scripting)](<https://www.owasp.org/index.php/Cross-site_Scripting_\(XSS\)>)** / CWE-79 CVSSv3 Score:| 6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N] Disclosure Standard:| Coordinated Disclosure based on **[ISO 29147](<https://www.iso.org/standard/45170.html>)** guidelines Discovered and Reported by:| **ResearcherCyber ** Remediation Guide:| **[OWASP XSS Prevention Cheat Sheet](<https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.md>)** Export Vulnerability Data:| Bugzilla Vulnerability Data JIRA Vulnerability Data [ Configuration ] Mantis Vulnerability Data Splunk Vulnerability Data XML Vulnerability Data [ XSD ] Vulnerable URL: ![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAAA3CAIAAABVZQ1/AAAACXBIWXMAAA7EAAAOxAGVKw4bAAAUDUlEQVR4nO2dfUxT1/vAz7BghQICpfLmBDZflhlFZIjOLYwZZxgjdSIiQ4cvUWSGMYLOMecYcegQiVNDyMIMGrIZY4xhi2ELso0w5hiygqSSjiHWWjspWLViger5/nF+v5u7+3J6oRTQPZ+/eu4995zn5Zw+957bPucZjDECAAAAABfgNtECAAAAAE8tEGMAAAAAVwExBgAAAHAVEGMAAAAAVwExBgAAAHAVEGMAAAAAVzF5Y0xERERbW5tYEZhAwBcAAEhkksaYK1euPH78eOHChYJFYAIBXwAAIB0HMeb69eve3t6Cp+7evXvgwAGxopPU1NQkJyeLFccBiuIT28U4CEaH7gu2eOzPYzs8nGHMDXjnzp1NmzYFBgaGhoZ++OGHw8PDE+IjptPr16/7+fm5urtjx45FRER4eXktWbLk4sWLru4OeHIZ/XOMxWIpLi4WKzrJhMeYcWDWrFlms3mipRgx0n3BVnBsh4czjLnZMzMzh4aGNBpNfX19U1PTvn37xrDxycmxY8eOHDly4sQJvV6/e/futLS0X3/9daKFAiYpsokWQIBbt27pdLr4+HjB4tPE1KlTJ1qEkTFSX0xOBcdQqocPH7a2tnZ2dnp5eSGEysrK0tPTs7Kyxqp96chksjlz5rA/uI6DBw9WV1e/9tprCKE1a9aYzeaDBw9+9913Lu0UeEKR9Bzz5ZdfRkREBAQEbNiw4e7duwihu3fvhoeHW63WZ5555uTJk+xiWVmZt7f3oUOHZsyY4efn9+677z58+JC088cff7zyyive3t6hoaFr1qy5evWqYHc1NTUrV650d3fnFFevXn3o0CFysK2tberUqUQYhND27dt37dpFrzB79mz65RQLPHjwYPv27YGBgTNnzvzss88ePXqEEFq3bt3nn3/O1Fm6dOnJkycHBwe3bNni7e09a9asTz/9lFKTWdwQPEvMtXTp0mnTpgUGBq5du/bmzZsUj3B49OjRRx99NGPGDC8vr7Vr1/b19YlpQcQ4fPgwWfpYt25dX1/frl27AgMDAwICNm3a9ODBA0HXCGrKhlGQM1qkXMsgNmb4LZDuDhw4EBgYGBwc/PXXX9PNTjGUmHh8YaZNm3bjxg0SYBBCXV1dISEhUlTgSysmDJ9r1655eXn9+eefCKG+vj4/P7+ffvopNDT08uXLCKHQ0NDff/+dqfzDDz+I2ZZTQVBOvg0rKiqMRuPy5cuZg5s3bz5+/Di9F+C/C6bS09ODEMrMzDQajV1dXQkJCVlZWeRUZ2enQqGw2Wx2u51d7O7uRgilpKTo9fqurq758+cXFhaSS1QqVWVlZX9/f3d3d1lZWXd3t2CniYmJ1dXV/GJlZeXKlSvJwf3798tkstOnT5NiZGRkfX09vUJ+fj79co7iCoWCKW7evDkpKUmv13d0dERHRx89ehRjfPbs2ZiYGFLBaDTK5XKLxVJQUJCWltbd3a3VauPj448fPy5Wk+lC8CzGuKKi4sSJExaLxWQy5ebmqtVqukfYFBcXx8TEtLe3GwyGnJychoYGMS1IgxkZGQaDQafTLV++XKlUkvbJI0tOTo6gawQ1ZduN/ZkzWgSvFURszPBbIIps3LjRZDLV1tZ2dnbSzU4xlJh49AHc2dkZEhLS3NzM6ULwKr60YsIoeWCM9+/f/+qrr2KMs7Oz09PTxayHMQ4KCkpISGhpaeGfam5uTkhICAoKosjJt+HVq1flcjmlRwBgIynG3Lt3jxSbmpoiIyOZU+yJxBTJJXq9nhw/d+4cGaP9/f0ymcxms/F70ev14eHh5LPValUoFP39/fyi0Wj09PQkLcTGxubl5ZHZ1dPT4+PjMzQ0RK+g1+vpl3MUZ7Sz2+0KhYL5QqmpqYmLi8MYDwwMkGYxxuXl5cnJyRhjpVJptVpJTY1GExsbK1aT6ULwLIeuri7yXUDxCBuVStXa2so+IqYFaZBENYxxY2Ojm5vbwMAA0/7zzz8v6BpBTcViDGe0CF7LhzJm+C0QRRjxsCOzixlKTDyKMBhjg8EQGRlJ7lrYXYhdxZdWTBgDD4zx0NDQvHnzCgsLlUqlyWQSFIlgtVqLi4v9/f1TU1N1Oh05qNPpUlNT/f39i4uLiaZicvJtyNYuPz+fhD3BQQgAWEqM4QSS6dOni51iYgz7Nker1apUKvI5LS0tKioqLy+vtLT0559/ZurY7Xaj0Ug+nzt3LiEhgTnFKUZFRdXX15tMprCwMIvFolKp7HZ7ZWXl22+/LaWCw8sFFTcajR4eHswpnU7H3PqlpaWRp4EVK1ZUV1f39/cjhJj7TX9/f7bu7JqcLvhnMcatra0rVqwICQkhTRHLUzzCYLFYZDIZeWJgENOC3iC7yPaFmKZSYgzFSpy7dSwyZgRb4CgixeyChqI7UXAAY4zj4uJIR3yTCl7Fl1ZQGAp1dXUIIaZTOv39/Wq1WiaTkaJMJlOr1cyNBV07jg0NBgMzwS0Wi8FguHTpEn8QAgBhXN/5f/vtt5cvX+7o6DAajXl5ecuWLTt27BhCaMqUKcHBwaQO/RdliYmJdXV13d3dSUlJvr6+UVFRDQ0NdXV1iYmJUio4vHykpKamHj9+PCMjo7m5+dy5c1ar1c3NraWlRSb7P8O6ubkJ1qS3Qw6q1eqtW7dWVFTI5XKDwbBq1aoRyTZlypTRKSUG2xc2m01MU4dQrtVoNJzKgmNGsIWhoSF+X3SzEziGoognNoBv3brV3t7+22+/CbYvdpUUYRBCgYGBnCO9vb0IIZPJ5ObmZjKZxJpi+Pvvv/ft29fQ0FBUVESOFBUVlZaWZmdnFxUVPffcc3Q5OTZ8/PixzWYbHh52d3f39fX19fW9ffu2p6enQzGA/yj0EDS65xjEWis7f/48s57LRqPRhIWFcQ7a7XalUsms53CKGOOmpqbY2Njk5OQLFy5gjMvLy3NycoKCgpjHIHoFh5cLKi62yoQxttls/v7+R44cYZ6EFAoFf7lDsCa7C/7Z27dvM3edxFzSn2MwxiqVSqPRcGwrtlYm5TmG7wtBTSWulYlZiQ57zPBbEHyOoZsdCxlKonhsYex2O9sygpJwrhKsIyiM4FqZxWIJCgo6ffq0v7+/VqulyJmVlaVQKPLy8sxmM/u42WzOzc1VKBSC7/PY2vFtGBISwn7QKS0tXbVqFUUG4L/M6GOM1WqVyWTMCi9TJDEmJSXFYDB0dHRERUWRd/5arXbVqlX19fVms1mv12/dujUpKYlpmSwENzQ0zJ8/nznIKRJUKpVKpSL1DQaDj49PVFSU9Ar0s8x69L1792QyWWdnJ1m72Lp1a3JyMudtOSE9Pd3Hx+fMmTOkmJWVFRcXR24GS0pKioqKxGpybMs5S0QtLy+3WCw6nU6tVjuMMezF9OLi4tjYWPL2eOfOneTtsaAWEmMM3xeCmrLtxm6ZM1ooVmJDGTP8FsS+2elmFzSUoHhSBjCBbQSxqwSlFRRGkOzs7NTUVIzx/v374+PjxaphjDMyMnp6esTO9vT0ZGRkONSOY8OjR4+Sn8ncvn27urra39+/qamJIgPwX2b0MQZjXFhY6OnpWVVVxS4ePnxYoVAcPHhQpVJNnz5948aN5AXy0NBQYWHhnDlzPDw8VCpVRkYG866S6SU/P7+goIBpn1MkpKenp6SkMMWYmBhOHXoFylmOsnv27GG0s1qt27ZtUyqVYWFhhYWF7EXz8+fPKxQK5iW5zWbLzc0NCwvz9PRMTExk395yanK645zFGDc0NMTExMjl8qCgoLy8PHqM4Ry32+27d+9WKpVyuVytVpN7WEEtJMYYvi/ENGXsxmmZPVooVmJDGTP8FsRiDN3sgoYSFI8+gDlPk4wRxK4SlFZQGD4tLS0KhYIsFdhstvDw8FOnTgnWlA5FOyw0OI8ePRoeHu7h4REdHc35TSYAsHkGYzy2i2/Xr1+fP3/+/fv3R3Ht3LlzT506tWTJEsEiMIGALwAAGAWTK8YAAAAATxOTNO/yk05bW9uOHTvEzg4PD69fv/6ff/4ZT5EAAADGH4gxLiEzMzM8PFzsrLu7u4eHR35+/jhKBAAAMAE8GTFmfNKVOwM7d31fX197e3tubi4p3rlzZ8OGDQEBAUzud4RQbm4u+Q8dnV9++WXRokVeXl5Lly69cuWKKyT/4IMPpk2bRrLMkSPOp6YnbZLUZE4yOgtI2UrAye0GXOcaMfuzs/dPyP4OYzsNBecFYXBwcP369RO7hwUwZoz5rwgofw5wps1J/kdiyn9B1Gp1enq6wWDQarVxcXHkl9wSrRQUFHT+/Pn+/v7CwkLBvxk5idlsdnNz02g0drud+fWtkx5kt+m8hKOzgBQVnFTTda6hCEZ85IopJoWxnYaC8wJjbLPZ4uPjU1JSJkRHYMx5Mp5jnlwGBwe///778vLy0NDQF154obS09MyZM9Ivt9vtMTExfn5+MTExgv9jdxKr1erp6blw4cIpU6aMVcZ7dpvOt+ZqC4yaCRFscu6VMAoo88JkMq1YsaK0tHRiJQTGCscxhp8Qnp0N3s/P75133hFML++wHXJcLIP9zZs333jjDW9v77lz537zzTeUlok8/N0EBNOnO5PfXqwjfu56BpvN9vjxYw8PD1KUy+UDAwN8FcQSsGdnZycmJr733nsFBQUcIzivdV9fH2dHBkEZpOfh57R58uRJirU5EopBsQASSUfPcYfgAHNmuwGJrpGyXYLYpEAIffHFF4Ke5UsyUsml7/uAxKfhSDtF/15qo8yLWbNmffzxxw5bA54UHMeYnJwco9HY2tpaW1tbU1NTXl6OELJare3t7U1NTc3NzXq9vqCgYHTtIIRaW1u3bdtmMpk6OjrCwsJ27txJju/cudPHx0er1V64cIE9uAN5EHmam5tbWlpaWlpaW1tLSkpIZavV2tnZ2dHRUVVVRXa8EBPDarVqNJrGxkaNRmM0GufNm2c2m9vb2y9dutTT08MoKNiRr68vk7s+IyODrbWvr290dHRBQcHw8PD9+/fJugrfOJmZma+//jrZ/4MNyf5SVVVVW1v74osvcs46qXVAQAAj9urVq8UcV1RUNDAw0N7eXltb29DQUFFRIVaT02ZGRgbF2hwJBd3q0AJJSUmZmZl6vb6xsXH58uVyuZzvDsEBxneZmJqjE0zicKLYp+X/YXvWeQchhEpKSurq6urq6nQ6XUhIiFarpUgiNg1Hai4OEucF8DRAX0oTTHLFSS/f2NjIzuwt9gdmsZRfbJgM9na7XS6XszcIYBaC+embxHYT4KdPdzK/vVhHmPo+RqvVRkVFeXh4kLyBP/74I7+OYAL2ysrKBQsWmEym+Ph4kg+qq6uLyQHsvNZsMZzPw8/AXE63NietvWBWLroFKMn2xd5YMANMupqjEEzicKLbR9CzfGdRJBdD+r4PlGk4InMxZmG/zhGcF+zK8D7m6cBBjBFMCO8w+wh/cFDS4wtmsCe7ITH1tVot5WWj2G4CfEmczG9P2baA8h1NsFgsZWVlgjGJgZOAnfkuMBqNSqWyuLj40qVLTHY157XGEmIMJdG9GMzlEq1NgW4BLJ6Ont2F4ABzUk2HrpEynCj2oXvWGclHtO+D2DQcaadMNTc3N/bGDZg3L9hWghjzdDCuuf0FGWkGe/7Td0tLi8ukGzM8PT2PHDlC2ZKWk4C9t7e3v79/0aJFCKHg4OCqqiq1Wt3S0sLe43YccCaH/4jgu1Wr1Tq0gJS0+VIGGEXN0Qk2bozOQU7+HGNE5urt7SVbNhgMhpUrV3K2b3A4L4AnHQcxRqVSeXh4XLt2LSIiAiHU2dlJ+WvhKNrp7e01Go2ffPIJqWY2m5n6CKEbN27MnDkTIaTT6Zim+FuMkN/dsis/++yzLlJHYkd8qqqqlErlW2+9JXh2x44d1dXV27Zt0+l0AQEBCCF/f3+ZTPbXX3/Nnj0bIfTmm29u3rz5q6++6ujoGKkwzmgdHBzs6enJfKWOiBH1y3erFAsghBYvXrx48WKEUGJiYlJSEifGiA0w6WqOWjCHUOwjfZiN1EG+vr7+/v5tbW0LFy50KInYNByRuRBCoaGhCCG73e7m5kY+M9DnBfA04PBJh58QXspame3f2O12sfT4ghnsMcZqtZq9QQB9rQwJ7SYg+LjtTH57sY7wv3PX6/V6zobndrs9MjKypqaGOdLV1cXuQjABe3Z29rJlyzo6OsxmM5mKQUFBe/fuHSutscjyC2dfA4l5+NnmYpqSYm0KdAtQ0tGz3SE2wEa33YAUwSQOJ4p96J510kHS933A4tNwpJ3y7YCF5gW7MqyVPR04jjH8hPAOpxA/klVUVIilxxfMYI8xJk/WCoVizpw5paWl9BgjuJuA4DB1Jr+9WEcEJne9zWaTy+XMlxfG+NSpU9HR0Wwxzp49u2DBArrlbTbbnj17wsPD5XJ5dHR0dXV1d3e3p6cn+VJwXmssEmPwv/c1kJiHn20u9rYxDq09agvQ09Ez7hAbYHhU2w1IEUx6jKHYp6SkhOJZZxwkfd8HLD4NR9qpIPx5wbYSxJing7HPuzz+jFumZ+kdvf/++x0dHRcvXhQ8Ozg4OG/evL17927ZsmUchAEAAJgoJv6d/1NJaWmp4MI0YerUqdXV1S+//PJ4igQAADD+QIxxCe7u7i+99BKlwpMeYMT+W9fd3Q2pDCcD4CBgkgAxBhgNYk9p8P01SQAHAZOEp+F9DAAAADA5gbzLAAAAgKuAGAMAAAC4CogxAAAAgKuAGAMAAAC4CogxAAAAgKuAGAMAAAC4CogxAAAAgKuAGAMAAAC4CogxAAAAgKuAGAMAAAC4CogxAAAAgKuAGAMAAAC4CogxAAAAgKuAGAMAAAC4CogxAAAAgKv4H41Bi5IT8WaIAAAAAElFTkSuQmCC) --- **Screenshot:** ![lovevivah.com vulnerability](/twimages/screen-1157352.jpg) **Mirror:** [Click here to view the mirror](<http://1157352.openbounty.org/mirror/>) ### Coordinated Disclosure Timeline Vulnerability Reported:| 7 May, 2020 16:28 GMT ---|--- Vulnerability Verified:| 7 May, 2020 16:38 GMT Website Operator Notified:| 7 May, 2020 16:38 GMT a. Using the ISO 29147 guidelines| ![](/images/done.png) ---|--- b. Using publicly available security contacts| ![](/images/done.png) c. Using Open Bug Bounty notification framework| ![](/images/done.png) d. Using security contacts provided by the researcher| ![](/images/done.png) Public Report Published [without any technical details]:| 7 May, 2020 16:38 GMT