logo
DATABASE RESOURCES PRICING ABOUT US

portal.peacefulnukes.com Cross Site Scripting vulnerability

Description

Open Bug Bounty ID: OBB-1157901 Following coordinated and responsible vulnerability disclosure guidelines of the **[ISO 29147](<https://www.iso.org/standard/45170.html>)** standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence. Affected Website:| **[portal.peacefulnukes.com](<https://portal.peacefulnukes.com>) ** ---|--- Open Bug Bounty Program:| **Create your bounty program now**. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| **[XSS (Cross Site Scripting)](<https://www.owasp.org/index.php/Cross-site_Scripting_\(XSS\)>)** / CWE-79 CVSSv3 Score:| 6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N] Disclosure Standard:| Coordinated Disclosure based on **[ISO 29147](<https://www.iso.org/standard/45170.html>)** guidelines Discovered and Reported by:| **Implosion ** Remediation Guide:| **[OWASP XSS Prevention Cheat Sheet](<https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.md>)** Export Vulnerability Data:| Bugzilla Vulnerability Data JIRA Vulnerability Data [ Configuration ] Mantis Vulnerability Data Splunk Vulnerability Data XML Vulnerability Data [ XSD ] Vulnerable URL: ![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAAA3CAIAAABVZQ1/AAAACXBIWXMAAA7EAAAOxAGVKw4bAAAShUlEQVR4nO2dXUwU1xfAh2XFBYavZVllF/982CKhBim1SK3aRpPGGGKo9SNNqSISioTqllALllhKE7RUjaIxpLENmlZ9sMaSxlpLedjSLVWk63ZLcYMUVrpaXFDoiuu6Mv+Hm06mM3PvzAIrCuf3tHfm3nPPuefOnJ07M2cCGIahAAAAAMAPKCZbAQAAAGDKAjEGAAAA8BcQYwAAAAB/ATEGAAAA8BcQYwAAAAB/ATEGAAAA8BePb4xJTEy8cuUKrghMW2AmAMATxGMaY3777bfR0dEFCxaIFoFpC8wEAHiykIgxvb29YWFhoruGhoZ2796NK46TxsbG1atX44rjQVJPgsmTxTvvvBMcHHzs2DFchfHo/BjaS2ACZ4IcJmtwxtbv7du3N2/eHBMTo9fr33vvvQcPHvhDNxy+6szW7+3tjYqK8ptepK7JjPmc9mQdU/5m7Ncxd+7cqampwRXHif9izMTq+QgYGBioq6trbW3Nzc2dbF0mn0ccY54s8vLyPB6P2Wxubm42mUy7du2abI0eU+Lj451Op2S1J+5c8XjyOK6V3bhxw2azvfzyy6LF6YbL5QoJCVmwYEFgYOBk6zLJTPOZQObevXvt7e2ffvqpXq+fN2/e/v37T58+PdlKkVAqlcnJydwfj5KZM2c+4h6nLbJizMGDBxMTE6Ojo998882hoSGKooaGhhISElwuV0BAwLFjx7jF/fv3h4WFffLJJ7NmzYqKitq0adO9e/eQnEuXLi1dujQsLEyv17/22mt//PGHaHeNjY2vvPLKjBkzeEV0BSoq+e7du2+99VZMTMycOXM+/PDDhw8fUv9ese7evTsmJiY2Nvazzz7jqY1UeuGFF4KDg2NiYtatW/fXX3/hBoHQ+/3797ds2RIWFhYfH//BBx+g3gnCHz58WFFRMWvWrNDQ0HXr1g0MDOCEDAwM8AaWq4/oCgPSc9++fYmJiVFRUW+88QZyGe/6XbT577//Hh0d/eOPP0raRfajqIGibuJqGxoaumHDhoGBgXfffTcmJiY6Onrz5s13794VnRjyGwqt8KlTiqI+/vhjOU4XzjfJsSJMKkrsuCM0CQ4Ovn79emhoKKrW1dWl0+lwCvg0Y0XtwrlYVGdR9Hr95cuX0Y9ffvkFbfzuu+8ITbgVcAMrVEyoP/dYwI2n8FwhqpucEwhutKcJ0jHG5XKZzWaTyXTx4kWHw1FeXk5RVERERGdnJ03Tbrc7NzeXW3z11VddLtfFixfb2tra2tra29tra2uRqOzs7Ly8PLvd3tLSsmTJEpVKJdojYaEMJ3nbtm0Oh6O9vf38+fONjY1Hjhxh63d2dlqt1oaGhiVLlvDUpiiqvb29sLDw5s2bVqs1Li6upKSEPBSivVdXV4+MjFgslvPnzxuNxvr6erQdJ7y2trapqampqclms+l0uo6ODpyQ6Oho7sBKOovV02KxIJfZ7fadO3fKaTU0NLRmzZo9e/YsXbqUbJekH0UNpDBuQhOspaXFbDY7HI6UlBSn02mxWFpbW3t6erjK8yaGzIaiVsjv1OVytf2LpNN5803OWOEmlehxR27CcvXq1bKysr179+IU8HXGCu0SdTFO5xgBIvOPoiiKysvLW7FiBYo9PC5durRixYq8vDxUxA0sTjGe/pIuEJ4rRHWTcwLBjfZ0gSHS09NDUdTw8DAqmkympKQkdhdN09yaqIia2O12tP3MmTMLFy5kGGZwcFCpVLrdbmEvdrs9ISEB/Xa5XDRNDw4OCos4yV6vl6bp7u5utL2xsTErK4utz4oSVZtLV1fX7NmzcRVwvTMMo9FoXC4X+m02mzMzM3HC0W+tVtve3s6rgBPCHVjegEdGRgqN4rmspaUFuQzXnN2+atWq4uJiSZUIfmQRNVDUTUjbO3fusNoqFIqRkRFUNJlMTz31FPrNmxjyGwqtkN/WJ6cL55vkWOHkk487nEqIvr6+pKSkU6dOERTwacaKHkdCFxN07hOAGxCXy1VTU6NWq9evX2+z2dBGm822fv16tVpdU1OD1CYMLE4xrv7C40V0PHmHjKhuuBHjNpQz2lMYpWQQommava7U6XSDg4OSTVQq1Zw5c9DvlJQUu91OUVRUVNTatWuzsrKWL1+u0+kWLlz40ksvsWJNJhP6feHChczMTHYZh1cUldzf3+/xeBITE9ntaN4g5cmPrPz66687duzo6OjweDyjo6Ojo6O+2nX79m2n05mQkIC2j46OKpVKgvChoaHBwcG0tDSuZIKQMcB1WVxcnByXvf/+++fPnz969KikSgQ/IkQNpPBuomk6IiKC1TY8PDw4OBgVdTode2+WNxNkNsRZIbNTyken8+ab5Fjh5FPE4w7XBLF27VqDwbBhwwacAr7OWKFdOBfjdNbr9ZQ8QkNDKyoqioqK8vPzU1NT0aNxqamp2dnZ3d3drMtwA0tQjHAeII8nWTfJE8jEHtpPIo/U2pMnT16+fNlqtTocjtLS0sWLFx86dIiiqMDAwNjYWFTHf0+UiZKTk1NQUFBfX69Sqfr6+lauXOmrBLfbrVAo2tra2KmjUCgkhfNu4BOEPAJGRkbOnDlz6tSpkpKSNWvWoCOZoBLOj1wm/AmFsc0EUSs8Hs84lZEvVs5YTSA3btywWCw///wzQYGdO3eOYcYKke9i4eLYrVu3cJWvXbu2a9cuo9FYXV2NtlRXV+/du7e4uLi6unru3Lk4u9iB9d/TMULdJEdscg/txwLyZY7M9RkGv1Z29uxZ3rU8wmw2x8XF8TZ6vV6NRsMup/CKOMmEtTLhqhd3Y39/v1Kp5KoUGRkpc62MaxdN08KlIVHh6LdWqzWbzbz6okK4Cg8PDysUCu4iGG6tTNRluOY9PT1KpbKjo4NhmOzs7JKSEkmVuIj6UdRA3FoZboJxi7yZQDBTWBRaIb+tT04nLMMihGOFk08+7gjHl9fr5Y4STgGfZqyoXUIXE3SWv1ZWVFRE03RpaanT6eRudzqdBoOBpumioiKCXXIUYwTHC248eQ2FuskcMTnH0RRm7DHG5XIplUp2XZItIp+tXbu2r6/ParWmp6dXVVUxDNPR0bFy5crm5man02m32wsKCrKzs1nJaGnVaDTOnz+f3cgr4iQzDFNQULB69Wq73W61WjMyMurq6oTKi6qt1WqPHDly584dm82Wk5MTGRk5PDysVCo7Ozu9Xi9XN0LvRUVFWVlZ6C9VbW1tdXU1TjjaXlNTk5mZabFY+vr6SkpKjEYjQQjXiszMzIKCgps3b9pstiVLlrACuToTXCbanFu/s7NTpVJZLBaCXTg/chfHRQ0UdZPM0z1vJgidS4gTQit8jTEynS6cb4Q5T55UkjFGVCWuZLICPs1Y0eNI6GLyqMokNze3p6cHt7enpyc3N5dglxzFGLEYIzqevHOFqG6iI8Y7h+BGe5ow9hjDMExVVVVISEhDQwO3uG/fPpqm9+zZo9VqIyMjN27ciO6mejyeqqqq5OTkoKAgrVabm5t78+ZNXi9lZWU7d+5k5fOKqJpQMsMwLpersLBQo9HExcVVVVUh1+L+V3LVNhqNCxcuVKlUs2fPLi0tRdaVl5ezFXi33EV7d7vdBoMhLi4uJCRk1apV7B9JUeEMw3i93h07dmg0GpVKlZOTg/4W4YRwrejq6lq+fDlN06mpqXV1dVxfsDoTXCbanFd/27Zty5YtI9gl6keeEFEDRd0k83TPmwlCtQlxQmiFTzGGpuna2lo5ThfON9ycl5xUkusHovNQaAtOAZ9mrOhxJHTxhMQYmRBOJpKKMYIYQxhP3ilOCO4Y555DcKM9TZCIMWNAcsWAQHJycmtrK644HsnjZ3J7n+bwZsKUYQyTCubhxALj6W8eryccrl69SigC0xaYCQDwhDLeJxyuXLmydevWCVEFmBAePHjw+uuv//333zLrQ6p8AAD8x3hjTF5eHvvoN/A4MGPGjKCgoLKyMjmVIVU+AAB+ZSwxhk15PTAwYLFYDAYD2o4y/8THx//zzz8URR06dGju3LkzZ8589tlnv/32W66E3t7egH8JDAxMTEz86KOP2CRjAQIOHjyIGo6MjLDZtFhR7NtVvLZz5sypqKhgM5wLE27zcnYdOnQIJbBatGjRDz/8wNOWTV7EE0uwlNxjb29vYGAgwRzhOAQEBISFhXFzXn355Zfz5s37888/uR0ZDIampiZKBhPy+pGcTOYT++mHKQN7sPi1CUAAxtPvjOEeDu+pGOF2hmHq6uoSEhKampr6+/tPnDihVqvZB1jZmm632+12j4yMoPwK6JE+7i4W9jkxiqKSkpLYxAyM2CM3rFir1bp48eLKykqhesK2dXV1SUlJ6GnI06dPazSalpYWOWIJlpJ7lDQH9djZ2RkZGckOhcFg2LhxI1s/LS1N9FkymbcxMzMzL1y4IKcmGXJqGZ9UAgBgKjGRMaavry8jIwP91ul0zc3N7K4DBw5w34YRnnFaWlpSU1NFd3FbhYSEZGRkcN/DEsYYbhOTyZSSkoLby23LU7i+vp5VmCyWYKlkjCGbI7rF4XDQNI2e0z937lxSUpLX6+WOvGi/ojgcjsjISI/HI1lz/ECMAYDpiazvYOLS43/11Vfcymyy7qGhIYfDwc1vumzZMjb5rigqlcrr9UpedSkUiuPHjzc0NHz//feSlSmKCgoKkpM4RKhwfn7+4cOHJcWOwVIuvppDUVRsbGxeXh5KDbtnz57y8vLAwEB25MnwkpNzU+WLZkqXkyad+u8HDceTJh0AgKmHrNz+uPT4uGzzLpdLpVKxH4ChKCo8PHx4eBjXxa1btyorK3NycuRo/Mwzz1RVVeXn55O/TkFR1O3bt3ft2lVQUCApU6jwjBkz4uPjJcX6aqkQ+eawlJeXnzhx4uuvv+7p6WFTnZPh5UVHcG/GiGZKf8Rp0gEAmIKQL3N6iOnxcQsgwu3d3d28V6kpitJoNBqNRq1Wq1SqoqIibnYNDQc2gxYr1uv1ZmVlodsSwjscrFiFQrFy5UqCVmxb7q6ysjIkgZdNXVQs2VLJtTKyOcImLEVFRSqV6siRI8LB5/UrzIuO4KbKx2VKl5MmnfnvfKAmKE06AABTA1m5/cnp8YUolUrewpcwo3VISIjZbKYoSqFQaLVabqpUdhdb5MkPDAw8fvx4enr6mjVr0tPTRcVSFNXd3W0wGA4ePLh9+3b5CldWVhoMBl4KVZxYOZZKQjAHR3FxcUNDQ35+vmRNYV50BDdVvmim9EefJh0AgKmHX7JMo1UR7oljeHg4PDz8Px0rFHq9Xq/Xx8bG8nJxs7sQome0p59+uqamprCwkPupD17bpUuX1tXVsd/EDAkJcbvd3A+dulwuFMC4CkdEROj1+qCgIG5sw4klW0roUaY5OMLDw5VKpZxvkldXVxuNxuLi4mvXrnG3855aPnny5NGjR9PS0jweT2lp6dtvv422+zVNOkpZyKZJBwBg6uGXGBMREaHT6VpaWtgt6LGxie1l+/btqamp5K8jc68zYmJi1Gp1a2sru9doNKL/6Uhh9jtpFEU1NzcL/8ILxZItJfQ4NnPGQEVFhc1m02q16enpbEaGhw8ffvPNN7w3Y5577rlNmzZVVFR8/vnnZ8+ejYiIUKvVvqYAcLvd169fR79tNtv//vc/0Wpbt25NT0+fPXu2zWarqKjw3SwAAJ4QyEtpondc2JTXdrtdpVKJNmTfGnE6nadOnRJ9P4bQI+79GOHND5qmRd+PcbvdHR0dy5Yt434/+PDhw8nJyUajEb0Eo1ar2Zdg2Pdj+vv7v/jiC7VabTKZ5IglW0roUdIctprwfgz5UeCuri7RJigvOiNIlY/LlC4nTTojuB8z5jTpAABMPcYSY5h/U14fPXpUpVLh7tmis3ZQUFB6evq5c+fkiGX+PU/xOHDgAK5VfX09754/i1arLSwsZL/Khdi/f39CQkJQUND8+fPPnDnDUxjtysjI4L7yIimWYCmhR0lz2Gq+xpjTp0+npaXh9jKCVPm4TOly0qQz/40x40mTDgDA1COAYZjxXAZt377darVyM68Ak8v9+/dTUlIqKyu3bNmCqzNv3rzjx48vWrRoYrvu7e2dP38+ZOYAAIBlvDHmwYMHZrP5+eefnyiFgPHz008/vfjii4++X4gxAADwGG+MAQAWiDEAAPDwy3NlAAAAAEDBdQwAAADgP+A6BgAAAPAXEGMAAAAAfwExBgAAAPAXEGMAAAAAfwExBgAAAPAXEGMAAAAAfwExBgAAAPAXEGMAAAAAfwExBgAAAPAXEGMAAAAAfwExBgAAAPAXEGMAAAAAfwExBgAAAPAXEGMAAAAAfwExBgAAAPAX/wcNqQ8hRH8TkQAAAABJRU5ErkJggg==) --- **Screenshot:** ![portal.peacefulnukes.com vulnerability](/twimages/screen-1157901.jpg) **Mirror:** [Click here to view the mirror](<http://1157901.openbounty.org/mirror/>) ### Coordinated Disclosure Timeline Vulnerability Reported:| 8 May, 2020 22:37 GMT ---|--- Vulnerability Verified:| 8 May, 2020 22:52 GMT Website Operator Notified:| 8 May, 2020 22:52 GMT a. Using the ISO 29147 guidelines| ![](/images/done.png) ---|--- b. Using publicly available security contacts| ![](/images/done.png) c. Using Open Bug Bounty notification framework| ![](/images/done.png) d. Using security contacts provided by the researcher| ![](/images/done.png) Public Report Published [without any technical details]:| 8 May, 2020 22:52 GMT