logo
DATABASE RESOURCES PRICING ABOUT US

n-genetics.com Cross Site Scripting vulnerability

Description

Open Bug Bounty ID: OBB-1157903 Following coordinated and responsible vulnerability disclosure guidelines of the **[ISO 29147](<https://www.iso.org/standard/45170.html>)** standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence. Affected Website:| **[n-genetics.com](<https://www.n-genetics.com>) ** ---|--- Open Bug Bounty Program:| **Create your bounty program now**. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| **[XSS (Cross Site Scripting)](<https://www.owasp.org/index.php/Cross-site_Scripting_\(XSS\)>)** / CWE-79 CVSSv3 Score:| 6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N] Disclosure Standard:| Coordinated Disclosure based on **[ISO 29147](<https://www.iso.org/standard/45170.html>)** guidelines Discovered and Reported by:| **ratnadip1998 ** Remediation Guide:| **[OWASP XSS Prevention Cheat Sheet](<https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.md>)** Export Vulnerability Data:| Bugzilla Vulnerability Data JIRA Vulnerability Data [ Configuration ] Mantis Vulnerability Data Splunk Vulnerability Data XML Vulnerability Data [ XSD ] Vulnerable URL: ![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAAA3CAIAAABVZQ1/AAAACXBIWXMAAA7EAAAOxAGVKw4bAAARtklEQVR4nO2df0xT1xfA32rFCg+RAhWhi+A2xoxBNhlhGzqnRB0jpjL8MdbNOgkiYYwQdIob63BBomAy55h/zMWZxfmHMYYY45ZOl+qYPxALVsTKFCuWTgtS98QKlff9437z8vLeva8PpFL0fP7qve/ce889596evtu+0+dYlqUAAAAAwA8oRlsBAAAA4KkFYgwAAADgLyDGAAAAAP4CYgwAAADgLyDGAAAAAP4CYgwAAADgLwI3xsTHxzc3N5OKQMAypj0VgMoHoEoAIJ8AjTEXL14cHBycNWsWtggELGPaUwGofACqBABDwkeMuXHjRmhoKPaS2+3eunUrqfiY1NfXL1myhFR81uDbVsIjgYCfPHXjxo3w8PDhtZW/Mp/8MvPpTb5Kd+/eXb16dVRUVGxs7Oeffz4wMBCwi+Fx/CWzfzTx4Q0UsHZ7Khn+fUxvb29VVRWp+JhAjOHDt+20adNcLtfo6iNBAHpK/soMQOX5KhkMhv7+fovFcvz48YaGhoqKitHVbewS4JvoKUM52gpg6Orqstls8+bNwxaBCRMmjLYKeMa0pwJQeb5KDx48aGpqamtrCwkJoShqx44dubm5BQUFo6ziKKFUKhMSEvgvhkrAbqKnD1n3Md9++218fHxERMRHH33kdrspinK73XFxcQzDPPfccz///DO/uGPHjtDQ0O3bt0+ZMiU8PHzVqlUPHjxA/Zw7d27OnDmhoaGxsbHvv//+5cuXscPV19cvXLhw/PjxguLSpUu3b9+OKpubmydMmICUoShq7dq169evlxZ46aWXpJvzdUB307W1tfHx8eHh4R9++CEnLKarq+u9994LDQ2Nj4+vra3lbt4fPny4Zs2a0NDQadOmffXVV48ePZLuGSsvMDX/Nv/Ro0ebNm2aMmVKSEjIsmXLuru7ZdoZ2/D+/ftr166Niop6/vnnv/76a7G2ISEhK1as6O7uXr9+fVRUVERExOrVq+/fvy92HGolXgOofuvWrVFRUVOnTt2zZw9pXIqibt26tWjRotDQ0Jdffnn//v18v/DdxFkbOymB9SSMw191WBmsd5DwG2+8MXHixKioqGXLlt26dYs0U5K/xPtLrNLEiRNv3ryJAgxFUe3t7TExMXyfXrp0KSIi4uTJk6S19P333y9atIiT37x586pVq3zuKayDsLPD+ovE9evXQ0JCLly4QFFUd3d3eHj4iRMnSJYXV8bGxp4/f56iqNjY2DNnznDd/vbbb9LjIgH+KpK/wknbHJDGd4xhGMZisTQ0NJw9e9bhcGzcuJGiqLCwsLa2NpqmPR6PXq/nF5cuXcowzNmzZxsbGxsbG5uamrZt24a6ysrKMhgMdrv91KlT6enpKpUKOyLpoCwrK8tkMqHKI0eODA4OHjt2DBVNJlNmZqa0gE6nk24unnhLSwuauN1uLy8vJ5moqKgoKCiovb3dZDLt27ePq6+srOzr62tpaTl27JjZbN69e7d0z1h5gan5427bts1kMplMJpvNFhMT09raKtPO2IbFxcUOh6OpqenYsWP19fV1dXWcthaL5dSpUxaLxeFwJCYmulyulpaW06dPd3R08M3CdxxpDTAM09bWZrVa9+7dm56eLjFuUVHRpEmTWltbjx496vM9izQpsfVIxuErj5UhebOpqSk/P9/pdFqtVq1WW1RURJopVkPs/hKrxOfKlStlZWU1NTVcjdvtzs7Orq6unjNnDqoRa6vT6cxm83///cd1np2d7XNPkRwknh3JX1EiKIqKj48vLy8vKSmhKKqioiIzM/Odd94hWV7m+wZFUQaDYcGCBSj8CDh37tyCBQsMBoP4kswVTtrmgA9YSTo6OiiKunfvHio2NDRMnz6du0TTNF8SFVETu92O6g8dOpSSksKybE9Pj1Kp9Hg84lHsdntcXBx6zTAMTdM9PT3iosPhCA4ORj2kpqaWlpbm5uaiESdNmtTf3y8tYLfbpZtLTPzUqVPcxAV4vV6VSnXt2jVuvpMnT0avIyMjGYZBry0WS2pqqnTPWHmBqfmvNRpNU1OTQB8JO3OIG3q9XpqmuVnU19enpaVx2vb29nLaKhSKvr4+VGxoaHjxxRfRa76nSGsA1XPOlRgXWZXfA7KqeNVx1sZaQ9CEZBy+8iQZknf4tLe3R0dHY2eK1VBifwk2AkdnZ+f06dMPHDjAn1pmZmZhYaFPbdPS0g4ePMg19Hg8PvcU1kFYP2L9hRQWgOr7+/sTExONRmNkZKTT6SRZXs565mAYpqqqSq1WL1++3GazoUqbzbZ8+XK1Wl1VVYVsIthQcla4xDYHpPEdY0hbWiLGqFQqrr61tVWj0aDXK1euTE5OLi0tramp+fPPPzkZr9frcDjQ60OHDs2fP5+7JCgmJycfP37c6XRqtdre3l6NRuP1en/88cfs7Gw5Aj6by5l4JA+WZR0OR1BQEH++SLKnp4eiKE5SrVYjO5B6JsmzhBjT29urVCq9Xq/YayQ7I7ANBbOw2WzceyXJDoIi31OkNSDoTWJch8Mh6EE6xkhYQ9AEaxzBMhPLSHinqakpIyMjJiYG1WP1JGkoYV6BShxpaWk7d+7kNy8vL1coFD/99BMnQ9K2urraYDCwLLtr167ly5cjYelNgXUQ1o9Yf0mDbqG46bAE70ivZzE9PT06nU6pVKKiUqnU6XRcFGEJG4orYlc4aZsDPnmi3/n/+uuv58+ft1qtDoejtLT0zTff/O677yiKGjdu3NSpU5GM9C/KMjMzTSbTtWvXsrKywsLCkpOTzWYz/6RLWsBnczlYLBY5Yh6PR6FQNDY2KpX/N7JCIXUyOVR5xLhx48SVJDv7bPg4BMKPsuRMCmscgfJiGfQ+jvWOTqfLy8vbvXu3SqXq7OxcvHjxY2qIwNqzq6urpaXl77//5mr6+voOHTp04MCBoqKi7OzssLAwiryWsrOz0bnWkSNHuFOjEdkUEqDDMT537txBL5xOp0KhcDqd3CWsd+SsZ45//vmnoqLCbDZXVlaimsrKypqamsLCwsrKyhdeeGFEJgUMAekQNLz7GIp3TnL48GF0TiLAYrFotVpBpdfrjYyM5G5IBUWWZRsaGlJTU5csWXL06FGWZevq6oqLi6Ojo7nbIGkBn83lTFyss0ql6ujoQEX+TTRN0+LTG4mesfIs+WOXRqOxWCxYrTiwdhY3lDgrk/MpT+Ap0hoQf/6VeVZ2+PBhNNC9e/cUCgX/pJF/Voa1hnhQgXHEy0wswxK8c/v2be7zMhIm3cdgNSSZl6SS1+vlV3Z0dCiVytbWVpZls7KyioqKuEuktTRz5kyTyTR58mT+AZ3EpiCdlYn9iPUXSz4r6+3tjY6OPnDggFqtRlMQgF262EqOgoICmqZLS0tdLhe/3uVylZSU0DRdUFDADus+RmKbA9IMP8YwDKNUKrlDT66I3l9ycnI6OzutVmtycrLRaGRZtrW1dfHixcePH3e5XHa7PS8vLysri+sZnbeazeaZM2dylYIiQqPRaDQaJN/Z2Tlp0qTk5GT5AtJXuWNf+TGGZdmcnBydTtfR0WG1WpOSkjjJgoKCtLQ09Plr27ZtlZWV0j1j5QWm5jevqqpKTU1taWnp7OwsKioym80SduafaGMb5uXlLVmyxG63W63W1157DZ1gyNyBAk+R1gD2nRc7LsuyOp2O3wM3bmpqal5entPptNls6enpXD12UgLrYY0jUJ5kQJJ3NBpNXV1db2+vzWbT6XQSMUasIcm82JWP4PuR37ytrU2lUrW0tKAiSduKioqkpCT+1mN9bQqxg7CzI/mLRGFhITqv++abb+bNm0eyvPT7hgC9Xs+FATEdHR16vZ4dVoxhydsckGb4MYZlWaPRGBwcvHfvXn6xtraWpunq6mqNRjN58uSPP/4YfYHW399vNBoTEhKCgoI0Go1er0df9PFHKSsrKy8v5/oXFBG5ubk5OTlcMSUlRSAjLSBxVf7KE+B0OrOysmiajouLq66u5iQ9Hk9JSYlWqw0ODs7MzEQfBiV6xsoLTM1v7vV6N2zYEBkZqVKpdDod+uyGtbNgUGxDhmHy8/MjIyO1Wq3RaETfHMjcgQJPoVbiNYB9b8KOy7JsZ2fnwoULaZpOSEioqanhxm1vb58/fz5N0zNmzNi5cydXj52UwHpY4wiUJy1UknfMZnNKSopKpYqOji4tLZWIMWINSebFrnys/fnNi4uL586di16TtEUnvdyeRUhvGbGDsLMj+QtLY2MjTdPovsfj8cTFxe3btw9reYn3jWEzvBhD2uaAND5izDCQOJrwSUJCwunTp0nFMUFbWxv3bfCzg8BTj7MGnjwBuMz8pxLDMCqVSvxzNWBIPJvbfHgE1nP+V65ckSiOCSwWy/Tp00dbiyfNWPQURwAq7z+Vfv/99/T0dHh+8DF5Nrf58AjQvMtjiy1btuzZs+fOnTtnzpwpLy8fqQwfzc3N69atI10dGBj44IMP/v333xEZC3gWcLvd6FfLo63ImMRP2/ypB2LMCDBv3ry6ujqtVqvX64uLi1etWjUi3RoMhri4ONLV8ePHBwUFlZWVjchYwLMA9/XYaCsyJvHTNn/qeY5l2dHW4Wnjxo0bM2fO5JJ2yMftdtfV1W3atImiqO7ubo1G09fXxyXve/jwocFgOHLkCNfzhQsXMjMzu7q6RlB5AACAEQTuYwIIfhZ6hmGCg4P5AWbx4sVer5cvr1arGYZ50loCAADIBmLM2MDpdGZkZPDTIAIAAAQ+vmOMOLH2kPKWiyGl9ebwmWReTkp8sZLyE8tjJUnGEed1FyBTPXEWej7Tpk3bvHmztKd8JjYHAAB4wviOMdjE2jLzlg8prTeHRJJ5+SnxsUrKTywvlsTOhZTXnY9M9SRy+MtEIrE5AADA6CD9+Aw2sbbMvOXsUNJ6c0gnmZefEl+spPzE8tgJkubCwc/rzn8CUaZ6rOTjx9hKQRGb2BwAAGAU8fEMZnh4eE5OTlpa2vz582NiYlJSUt5++22Komia5j/G5Xa7e3p6kpKSBM1jY2Ox3Y4fP37Xrl0ZGRk7d+6cMmUK/9Lt27f7+/vj4+NRMTExEb0do0G5f6/TarUogfndu3ddLhf3G9/BwUEu16xASXGN9FiCtti5XLhwYcOGDa2trf39/YODg4ODgwKBIan3mISEhGzatKmgoOCTTz6ZMWPGwMDACHYOAAAwDHw/5y9OrE16JkOct3xIab2Hx/BS4g8D7Fx85nV/YuohxInNAQAARhFZuWRmz549e/ZsiqLQ/xmLY0xYWJharW5ubp41axa/nvRXK263u6ysbP/+/YWFhXq9/pVXXuEuaTSaoKCg69evo9uLtrY2iecQKYqaOnVqcHBwT0/Pq6++KmcufIY0lngud+7ccTgcX375JSq6XK6RVW+orFu37pdffsnPz7fZbBEREf4eDgAAwCc+PlNfvnz53XffPXHiRHd3982bN3ft2pWcnIyVLCkpyc/Pv3jx4q1btz799NOTJ09SFBUrAgmXl5fPnTt3xYoVpaWlhYWF/H7GjRu3cuXKkpKSmzdvXrp0yWg05ubmSiup1+sLCwsvXbrU1dW1ffv2LVu2yJz8kMYSzyUqKkqtVv/www9ut/vq1atGoxFJqtVqj8dz5coV9BMy+epFRkZ6PJ6rV69SFKVQKARPw4jxer3c7RFFUQzDWK3W2tpaCDAAAAQK0l/XyEkUj5DIrC4Am9abLzDUJPNyUuhja2SOJQE2rzvLshs3buT+9UCmegguC73H41GpVIKv7gWtDh48mJSUJEdPAACAUQFyyQQun332mdVq/eOPP7BXHz58mJiY+MUXX6xZs+YJKwYAACATiDGBy8DAgMVief3110kCf/3111tvvfUkVQIAABgSEGMAAAAAfwH5ygAAAAB/ATEGAAAA8BcQYwAAAAB/ATEGAAAA8BcQYwAAAAB/ATEGAAAA8BcQYwAAAAB/ATEGAAAA8BcQYwAAAAB/ATEGAAAA8BcQYwAAAAB/ATEGAAAA8BcQYwAAAAB/ATEGAAAA8BcQYwAAAAB/ATEGAAAA8BcQYwAAAAB/8T82FBwLRJAGyAAAAABJRU5ErkJggg==) --- Research's Comment: ![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAAAjCAIAAADNIk3yAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAHr0lEQVR4nO3bX0hTbRwH8ONY/lnHP7M1TSduEUPEQkSGF0YlXsgYQiRdmGWQZASJeGW7sCVRoSUkIl7soiLICxEREYlRITLChi0RExFrQ8aIZc5Odlqb5714eA+nuR3PbOd9X1++n6vnPD3nOb/nPIfz8/xGKRzHUQAAADJQ/NsBAADA/xZyDAAAyAU5BgAA5IIcAwAAckGOAQAAuSDHAACAXJBjAABALsgxAAAglwRyjMfjyczM3NtlgsHgvXv39nZuUggDiLeQRBe4c7zH41Gr1Xw7RaCoqOjmzZu/fv3aw4VkJQwmXhsAYG/+oe+YjY2Nu3fv/jPX2nMAxcXFgUAgiRelaZplWZZlt7a2JicnX79+3d3dncT5kyLpqwYA4KFW9pu0tLSkT5iWlpaRkXH8+PEHDx6MjIwkd/6kSPqqAQCIveSYqCqKsED09u3bkydPZmZmFhYWnjt37sOHDxRFBYNBvV7PMExKSsqTJ0+EU33//r21tfXw4cNFRUW3b9+ORCL8/L29vXl5eWq1urm5+cePH2T8z58/r1y5kpmZWVxcfOvWrUgkQgY/fPjQYDCo1eoLFy4Eg8GogGMG8OjRI4PBcOjQoYsXL5JTotYVcy1/Ij09nWVZKSM/fvx48ODBd+/eURT15csXtVr96tUrkZDEQz179mxvby9pv3//Pi0tjb9Fra2tra2t0mtiIluT0FbGe4RE5geA/SjJ3zEWi+Xy5cter3dmZqa6ujo9PZ2iqOzs7KWlJVI4ampqEo5va2vz+Xxzc3NTU1Pj4+ODg4Okn2GY2dlZl8vlcrnm5uZ6enpIf3d399bW1vz8/NTU1PT09NDQEBk8Pz/vdDpnZ2e9Xq/Vao2KamcADMO43W5yis/n6+zslLiWPQsGgzabzWw2SxlsMBisVmt7eztFUV1dXWaz+cyZMyIhiYdqsVgcDgdpT0xMbG9vT01NkUOHw0Fmli7e1iS6lYnODwD7EifZp0+faJoWNvj+nJwcjuPW19eVSiXLsiLnCoXDYZqmV1dXyeH4+HhVVRUZTFGU1+sl/aOjo5WVlaSt0WgYhiFtt9ttMpnI4M3NTdI5MzNz9OhR8QCiTnE6neQU4RiRtYgsir8V/FU0f0tNTW1sbCTBx7wbUUKhUElJic1m02g0fr9fJKRdQ/X5fCqVigwwmUwdHR2NjY0kjKysrJWVFeGdidkWLjDm1iS6lfEeIZGtB4D9SJnEdKVWqxsaGqqqqmpqagoKCiorK0+dOiUy/vPnz6FQyGAwkMOSkhLyiqEoKj09vaioiO/3er0URX39+jUQCOj1etK/vb2tVCopiqJpmi+86HS69fX1XUMVnlJQULDzlETXEpNKpXK73RRFORyOzs5Ou92ekZEh8dwDBw4MDAzU1tb29/fn5eWJhLRrqEeOHDEajU6ns7S01OfzdXV1GY3GSCTicDhqa2vJPZQu5tYkupWJzg8A+1QCtbJQKLTr++j58+d2u/3EiROhUKijo+PGjRt/Ft5vWJZVKBQul8vtdrvd7vn5efIGl8muayEfB+SHB4JhGJVKxR8qFIrCwsLCwsLm5maNRmO32xMKwO/3KxQKv9+/a0i7hmo2mx0Ox8TEhMViyc7OLi8vn56edjgcEmt3AAB7JP2TZ2xsrKKiguO4zc1NhUIhLE/xBSIht9ut0+lI+09qZWNjY3zBhKbpubk54STxqi5RRKpAwkJNvBKWcC1CWq12ZmaGPxwcHKyrq4t5leHhYZ1ORwpWUmplGxsb+fn5w8PDubm5i4uL0kOK2e90Ok0mU319/eTkJImzra0tPz/f5/PFuzNSamX81iS6lfEeIZGtB4D9aJcc8+LFC7vdHggEZmdnS0pKhoaGSL/JZGppafH7/cvLy9XV1eQFsbi4WFdX9/Lly0Ag4PV6W1paLBYLGc8wjFKpXF5ejpq/paWlvr7e6/UuLCxUVFT09/dzf79oGhoa1tbWFhYWysvLbTYbGX/t2rWqqqqFhQWfz9fT09Pd3S0xxwgDkJJjRNYiNDAwYDQap6enA4HAyMhIbm4un3J2vqNLS0vJDST/xP4uHA4LB1+/fv38+fMcx925c+f06dMiIUkMVavVarVakuTW1taysrLKy8uj4tzc3FQqlUtLS+FwWNgW3qt4W5PoVsZ8hETGA8B+tEuOefPmTXV1NU3Tx44d6+vr4/tXVlZqampomi4tLe3v7ycviFAoZLPZjEZjamqqVqttamoiP1YTNptNpVI9fvxYOD/DMFevXtVoNDqdzmazkdcZeevdv39fq9Xm5ORcunRpa2uLjGdZtr29XafTqVQqs9m8uroqMccIA5CSY8TXItTX16fX61NTU8vKykZHR4XTRuWYZ8+e6fX6UCjE/1YhxOdvjuNcLhdN0+TPeZZl9Xr906dP44UkMdTGxsaGhgb+sLKy0mq17oyzs7OT3yZhW7iomFuT6FbGfIRExgPAfpTCcZzs9bgEeTyesrKyb9++/duBQLREt0bu8QDwH4f/5w8AAHJBjgEAALkgxwAAgFz+i7/HAADA/wO+YwAAQC7IMQAAIBfkGAAAkAtyDAAAyAU5BgAA5IIcAwAAckGOAQAAuSDHAACAXJBjAABALsgxAAAgl78APZwO/j+UrbcAAAAASUVORK5CYII=) --- **Screenshot:** ![n-genetics.com vulnerability](/twimages/screen-1157903.jpg) **Mirror:** [Click here to view the mirror](<http://1157903.openbounty.org/mirror/>) ### Coordinated Disclosure Timeline Vulnerability Reported:| 8 May, 2020 22:39 GMT ---|--- Vulnerability Verified:| 8 May, 2020 22:51 GMT Website Operator Notified:| 8 May, 2020 22:51 GMT a. Using the ISO 29147 guidelines| ![](/images/done.png) ---|--- b. Using publicly available security contacts| ![](/images/done.png) c. Using Open Bug Bounty notification framework| ![](/images/done.png) d. Using security contacts provided by the researcher| ![](/images/done.png) Public Report Published [without any technical details]:| 8 May, 2020 22:51 GMT