Open Bug Bounty ID: OBB-1158017
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:
      a. verified the vulnerability and confirmed its existence;
      b. notified the website operator about its existence.
Affected Website: |
kentstreetcellars.com.au |
Open Bug Bounty Program: |
Create your bounty program now. It’s open and free. |
Vulnerable Application: |
Custom Code |
Vulnerability Type: |
XSS (Cross Site Scripting) / CWE-79 |
CVSSv3 Score: |
6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N] |
Disclosure Standard: |
Coordinated Disclosure based on ISO 29147 guidelines |
Discovered and Reported by: |
g0bl1nsec |
Remediation Guide: |
OWASP XSS Prevention Cheat Sheet |
Export Vulnerability Data: |
Bugzilla Vulnerability Data |
JIRA Vulnerability Data [ Configuration ] |
|
Mantis Vulnerability Data |
|
Splunk Vulnerability Data |
|
XML Vulnerability Data [ XSD ] |
|
Vulnerable URL:
![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAAA3CAIAAABVZQ1/AAAACXBIWXMAAA7EAAAOxAGVKw4bAAAPVUlEQVR4nO2df0wT5x/Hz1qw0CLyqyLgCkiQEMMaxxjbcDFoHDOEVKdubmxiJAwJOtIxRpnZWLOgYaAZW4xZnMG5ZP6xEUL2hyPsVyXMCTa1VqwdmFJKZRsgsBMLlt33j/vucrl77voUWkD5vP665+nz4/P+PHf99J5rP11BURQBAAAAAAFAstgGAAAAAI8tEGMAAACAQAExBgAAAAgUEGMAAACAQAExBgAAAAgUEGMAAACAQLEkYkxSUtL169eFisAyAdadAzgEeAxY/Bhz48aNf//998knn0QWgWUCrDsHcAjweOAlxgwMDISFhSFfmpiYOH78uFARn7a2toKCAk5RZF5fwTFszsb7dzS2aj964JGAcxosDCJOvnfv3sGDB2NiYuLj4997772HDx/6a2RM/OIQHDO8nq7MIAMDAxEREfM0yVf8IgFYTChR7Ha7QqHAeUmkpThZWVnt7e2c4pxH44MzlB+nm89o7I7+NWnpwzkNFgYRJxcUFLz22mtOp9Nqtebk5FRXV/trZEz85RC32y3ewKupTAO73b5mzZr5m+Qr85cALCKLvFd29+5dm822detWZBFYJiy1dX/w4IHRaPziiy/i4+M3btx48uTJb7/91qcRpFJpamrqnA3wo0NWrVo1zxEYLfMUNWfmLwFYRLBizKeffpqUlBQVFfXGG29MTEwQBDExMZGYmEiS5IoVK86fP88unjx5Miws7JNPPlm7dm1ERMSBAwcePHggNHJbW9uOHTuCgoKQRZqbN29GRUVdvnyZLk5PTx86dCgsLEylUn344Yezs7PEfzfUjY2NSUlJERERr7/+OtJOgiC6u7u3bNkSFhYWHx//8ssv37p1i9OGHur48eMxMTHr1q378ssvhSZF1vNnnJ2d1el0a9eulcvle/fuHR0dFRlQiO7u7meffTYkJCQmJmbv3r1DQ0OMao6pfIGcoZD2EARx//79t956KyYmZv369R999NHs7Czbq3K5/JVXXhkdHX333XdjYmKioqIOHjx4//59n0xl2nB2XdjrLmS/kMf40yHdIqSaQJ3eISEhg4ODcrmcbtDX1xcXF0cQxNDQ0IsvviiXyzds2HDq1CmRjaP4+Phr164xxR9++EFsdXkNvDqELwepmr3Nhbwq+acr31RGS3x8/O+//46piN0GUwKBOqX9IkGoL9JpBOpa8CoWEMJ7jCFJ0mQydXV1Xb161eVyVVdXEwQRHh5utVoVCoXb7S4sLGQXd+3aRZLk1atXe3p6enp6jEZjfX290ODIhzHsBhMTE7t37z5x4sSWLVvoGr1ePzU1ZTabL126ZDAYzpw5w9hpNptpOx0OR01NDd9OgiDy8/OLioocDkdnZ2dOTo5MJuO3IUnSarVaLJbm5uacnByRSfn1/NHq6+s7Ojo6OjpsNltcXFxvb6/IgEIYjcaSkpLh4WGLxZKQkFBeXs6o5pjKF8gZCmkPQRBHjx51uVxGo/HSpUttbW2nT59mVr+zs9NkMrlcrrS0tJGREbPZfOXKFbvdTjsZ01QR2OsuZL+Qx5DT8d0ipBp5erO5fft2ZWVlQ0MDQRDl5eWrV6+2Wq3t7e3Nzc1MmxgenEGKioq2bdvGjjoM3d3d27ZtKyoq8skhSDl81WyQVyX/dBUxFVMRXxS+BHEV85Eg9KaEnA55LQBzRHwrzW63EwQxOTlJF7u6upKTk5mXkM9j6C4Oh4Oub2lpyczMpI8dDkdiYiLThSRJhUIxNjbGLzKj7dy5s6ysjG1SdHQ0SZL0sclkysrK4tvZ2dmJtHNsbEwqlfK3dzkPQgiCYKwSmVTEGLZnlEql0WjkzOi1o8gWc19fX2xsLNJUIYFskPZ4PB6FQnHnzh262NbWlp2dTY8/Pj5OV3Z2dkokkqmpKbrY1dWVkpIiMhHHVM7Zwuzss9ddxH6hJeBPh1xBpGqR05vG6XQmJydfvHiRdpFMJmOf2IwEJw/ORCRJ1tXVRUZG7tu3z2az0ZU2m23fvn2RkZF1dXWMNEyH8OUgVeNclZylQZrKR6gZXxS+BKQKv0gQ6ot0GvJaEPID4BXfnvmz3xpEYoxMJmPqe3t7lUolfezxeFwuF/NSS0tLbm4uskiPVlNTI5FIzp07x7QZGxsjCCL6PyIjI+nB8e189dVX1Wq1VqttaGj45Zdf+G34b+5Ck+IYMz4+LpVKPR4PzoAiZhiNxu3bt8fFxdHtaXXIOIQUyIC0h6Iol8sVHBzMFG02G/1mLeRVftEnU9l9OacB0n4hjyGn47tFSLW4QIqisrOzm5qaGBdxTmxfH4CPjY1pNBqpVEoXpVKpRqNhQjiDV4cg5SBPBpyrEtmRYyqmIiFRmBKQxvhFglBfZEfktSDuB0AEacBvlFisXLly3bp1TFF8o2xqaqqlpeXixYvl5eW7d+8ODw8nCMLtdkskkp6eHqn0/5ZLJL59beGbb765du2axWJxuVxarfa555777LPPxLsITYpvzMqVK3EGFEGj0RQXF585c0Ymkzmdzry8vPkI5NjjX/BNpeGsO9J+EY/hT+er6rt375rN5t9++81rS/7m2N9//82p6e/v/+CDDwwGg16vp2v0en1DQ0NZWZler9+wYQPT0qtDPv744znIwYdvKn4zpKglKwFYCMRD0NzuYwjWbWlraytzS8vG4/FER0czN6Scot1ul0qlvb29FEXl5+eXl5czHRUKBfIWG9NONiaTKSEhgfJ2HyM0KaYxSqXSZDL52pF9/Ndff7E/KppMJpH7GKRANkh7hPbKfL2PETJ1cnJSIpGwNzPpes66i9iP9BhyOqRbkKrFBXo8HrZhnL2y1tZW/L2y0tJShUKh1WpHRkbY9SMjIxUVFQqForS0lJkFxyF8OV7vY4SuSk5HIVMxFSFFYUpAqvCLBKG+SKfBXpl/mXuMIUlSKpUyW7FMkV7OPXv2OJ1Oi8WiVqtra2uZEZhtWYPBsGnTJqaeU2TPa7VaZTKZ2Wymi6WlpdnZ2fRnovr6er1ej29nb29vXl7eTz/9NDIy4nA4iouL8/PzOW2Qpx1yUqF6jmfq6uqysrLMZrPT6SwvLzcYDEIdJycnpVKp1Wr1eDzsY4qilErl6dOnx8fHbTabRqMRijFCAtmeR9pDUVRxcXFBQYHD4bBYLJs3b25qavIpxjDjI02lKCorK6u4uHh4eNhms+Xk5ND1nHUXsV9oCfjTIVcQqdrrXhnnKYJGo2Gf2Ph7ZYWFhXa7XehVu91eWFhIH2M6hC8HJ8Ygr0rO6SpuKqYitih8CRRGjJmbBKG+Qp/S+NeCV4cAQsw9xlAUVVtbGxoa2tzczC42NjYqFIoTJ04olco1a9a8+eabzFNi9miVlZU1NTXMUJwiZ96jR4++8MIL9LHb7a6oqEhISAgNDd25cyf9cQPTzpmZmdra2tTU1ODgYKVSWVhYODw8zGmDPO2Qk4rUsz3j8Xiqqqqio6NlMplGo6E/Wwl1rK6uZjqyjw0GQ2Zmpkwmi42N1Wq1QjFGSCC7JdIeiqJIkiwpKYmOjk5ISKitrfV4PPgxht0SaSpFUX19fbm5uQqFIj09vampia7nrLvIAgl5jD+d0IdTvmpfb9ScTueOHTtCQ0OTk5MbGhoC8YNETIfw5XiNMUJXJcW7kP0LvgTKW4yZswShvkIxhn8t+M8fyw4vMWYOeN3AoUlNTb1y5YpQEVgmPLrrLvSVh3kSIIdgXpVLmflIeAzkP7os6DN/Nrdv3xYpAssEWHcO4BDgMWNBc8lcv3798OHDIg0ePny4f//+P//8E3NASH4OAACwlFnQGFNUVJSYmCjSICgoKDg4uLKyEmc0SH4OAACwxPF/jFGpVP/88w9TZNJuj46Oms3miooKduPp6en9+/ezM1lVVFR0dHTgTLRgyc8JSB4O8FCpVPfu3VtsK3DhXJWPIvOR8BjIf3QJ+H3M+Ph4XV0dQRAkSYaGhrJTqE5PT+fl5Xk8Hnb7yMhIkiRxRvZLjFGpVCMjI16bMSoAAAAAfBYzt//w8PD27dvpbIO+sqSSnwMAAABIsP4H02t2d5y029999x1ncJVK9f777+Pbyk7ZjZMNHif/Of+vJ70mD8fJag4AAAAQ+Ln9vWZ395p2e9euXXO2kp//HCcbfIDyn2MmPwcAAACwcvt7ze5ux0i7LfQzKKG8ZzTI/OeY2eBx8p9zUoR5VUFhJz8HAAAAvN/HKBQKOucxQRAJCQmrV68OCQmhi3FxccwDc5lMtn79evo4LS3N4XD4JQSmp6fPzMzcuXNHp9Mx/0vY3t6elZVF/wthRETEnj17srOz33nnncbGxl9//ZVuMzExMTY2lpGRwZcj8veFOCrkcrlOp+vr65uZmUlPT5+/RgAAgMeVxXzmj4NerzcYDGVlZf39/UwlP/n52bNnMzIyZmZmtFrtkSNHmJcClDy8v7+fzuIHmcMBAABE8FuMcbvdg4OD9LHNZnviiSf8MqxOp7PZbEqlUq1W0zkCZmdnv//+e863lp966qkDBw7odLpz5861trYSBBEeHh4ZGelrFgAcFYcPH1ar1bGxsTabTafTzVEYAADAMsCf9zFarXZoaOjmzZu1tbX5+fl0ZXR0tNvt/uOPPyQSCeenMEg8Hg/zP1Q0UVFRp06dslgs9O9murq6YmNjk5KS6Fdv3br10ksv/fzzz6Ojo4ODg59//rlaraZfqqioKCkpuXHjxtDQ0JEjRy5fvjx/FQRBkCRpsVgaGxujoqKw/AIAALBc8VuMUSgUmZmZmzdvzsnJycjIqKqqouvlcvmxY8fUanV7eztBEPTbtAgmkwl596BSqS5cuEDwNspSUlKys7NLS0vj4uIyMzPdbvfZs2fpl6qqqrZu3Zqbm5uSkuJ0OnGenXhVcf78+QsXLqhUKu8eAQAAWPasoChq/qMMDAxs2rTJa7aGt99+22Kx/Pjjj0INpqen09LSjh07dujQIaE2Gzdu/Oqrr5555pm5mysApgoAAAAAkwXN7d/Q0GAymUQarFq16uuvv37++edF2kDycwAAgEeFBf1eWVBQ0NNPPy3eRjzAAAAAAI8QS/27ywAAAMCji3+exwAAAAAAH7iPAQAAAAIFxBgAAAAgUECMAQAAAAIFxBgAAAAgUECMAQAAAAIFxBgAAAAgUECMAQAAAAIFxBgAAAAgUECMAQAAAAIFxBgAAAAgUECMAQAAAAIFxBgAAAAgUECMAQAAAAIFxBgAAAAgUECMAQAAAALF/wBxF9IGIF5oXAAAAABJRU5ErkJggg==)
Screenshot: ![kentstreetcellars.com.au vulnerability](/twimages/screen-1158017.jpg)
Mirror: Click here to view the mirror
Coordinated Disclosure Timeline
Vulnerability Reported: |
9 May, 2020 11:58 GMT |
Vulnerability Verified: |
9 May, 2020 12:07 GMT |
Website Operator Notified: |
9 May, 2020 12:07 GMT |
a. Using the ISO 29147 guidelines |
![](/images/done.png) |
— |
— |
b. Using publicly available security contacts |
![](/images/done.png) |
c. Using Open Bug Bounty notification framework |
![](/images/done.png) |
d. Using security contacts provided by the researcher |
![](/images/done.png) |
Public Report Published |
|
[without any technical details]: |
9 May, 2020 12:07 GMT |