logo
DATABASE RESOURCES PRICING ABOUT US

fotoacademie.nl Cross Site Scripting vulnerability

Description

Open Bug Bounty ID: OBB-1158396 Following coordinated and responsible vulnerability disclosure guidelines of the **[ISO 29147](<https://www.iso.org/standard/45170.html>)** standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence. Affected Website:| **[fotoacademie.nl](<https://www.fotoacademie.nl>) ** ---|--- Open Bug Bounty Program:| **Create your bounty program now**. It's open and free. Vulnerable Application:| Other Vulnerability Type:| **[XSS (Cross Site Scripting)](<https://www.owasp.org/index.php/Cross-site_Scripting_\(XSS\)>)** / CWE-79 CVSSv3 Score:| 6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N] Disclosure Standard:| Coordinated Disclosure based on **[ISO 29147](<https://www.iso.org/standard/45170.html>)** guidelines Discovered and Reported by:| **Sprachlos ** Remediation Guide:| **[OWASP XSS Prevention Cheat Sheet](<https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.md>)** Export Vulnerability Data:| Bugzilla Vulnerability Data JIRA Vulnerability Data [ Configuration ] Mantis Vulnerability Data Splunk Vulnerability Data XML Vulnerability Data [ XSD ] Vulnerable URL: ![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAAA3CAIAAABVZQ1/AAAACXBIWXMAAA7EAAAOxAGVKw4bAAAP7UlEQVR4nO2df0xb1RfA36CDUsrvtmP8/rGVxRBsEAnbcCG44NIQrMgYYt2Yko0tpNaGIeCiiAvTjU2dSgjBxUWj+4MQQsziDCEGEZUBgYrYdF0DXVdxQldYh7Xr9r5/3Hxfnu9X36BF5s7nr957z73v3HPOe+fde0vZgOM4BgAAAAB+IODfVgAAAAD4zwI5BgAAAPAXkGMAAAAAfwE5BgAAAPAXkGMAAAAAfwE5BgAAAPAX6zfHpKamTk5OshWBdQ746xFkcnLyyJEjlEr/RUJqaurY2NgLL7zwxx9/8O8CYbnGrNMc88svv9y/f//xxx9nLALrHPDXo0lVVVVKSgq5xn+RgEZ+4okngoKC6urq+HeBsFxjvOSY2dnZsLAwxqbFxcWTJ0+yFVdJX19fSUkJW3HNeO2110JCQi5cuMAm4NtZ82R2djYqKson47A5d5WD+NBfPlEScevWrYMHD0ql0vj4+Ndff/3u3bsr08RX9l/Z1TlYcTSu2MjkKy4sLOj1eq1WSxZAkXD58uWIiIiFhQWifufOnW+88QaGYbdv33711VeTk5NDQkIyMjLee++9e/fuIRmOJowUY1qttr+/n4+2PglLHwbkowLOyczMjFgs5tPEIbkCcnNzv/32W7bi2jA/Px8QEDAxMeHxeNhkfDtrnszMzERGRvpkKJfLtXpl6Bbwob98aOGSkpLKykqr1WowGPLz8xsaGlamiQ/t/0B4ddaKbeWTjtyRoFQqNRoNquzp6YmLi3M6nTiOl5WVqVQqg8Fw8+bN/v7+goKCkZERJMbRRB6Zv/K+CsvV3zWPFOsxx9hstsjISLfbzVhcM/jM6GHPMauHbgHf+stXFl5eXk5ISEDPNRzHR0ZGtmzZ8kAjWK3W7Oxs9CE3N3f1Kvmc9ZZjyJFgMBhEIpHZbPZ4PHK5/LPPPsNxfHl5WSAQOBwO+sgcTZSReSr/bz1GAF7nMR9++GFqampMTMxLL720uLiIYdji4mJKSorT6dywYcOFCxfIxbNnz4aFhZ0+fXrTpk1RUVEHDhz466+/0DhXrlx56qmnwsLC4uPjn3/++d9++43xcn19fUVFRRs3bqQUn3vuudOnT6PKycnJ4OBgpAyGYYcPHz527Bi3wNatW7m7k3VYWFggT/DOnTuHDx+WSqWJiYlvv/02WrNTjIBhGKPYlStXtm/fHhISIpVK9+7de+PGDXSJe/fuNTY2btq0KTQ0dO/evWgngU34xo0bzzzzTFhYWEZGxpdffkno+ffff7/yyithYWHJyclvvfUWuiJazp85cyY1NTU0NHTfvn0LCwvHjh2TSqUxMTEHDx68c+cO9s9VP+M4ZMhjRkVFvfjii4T1uN234Z+wWYmPDr/++mtMTMz333/PJs+hZEhIyPXr10NDQ1HRZDLFxcURhg0NDU1PT3///fc5NsHi4+PHxsbQh59//hlVXr58mU2eLsAY/4xhgCZy8uRJqVS6efPmTz/9lLxTx3h/0aORUTe2ACPDEVRklehXpECOhIyMjEOHDjU0NHR2doaHhx84cADDsPv372MYJhAI6H05mjBajPExPrkL24OI7gsORwB84U5BMzMzGIZVVVXZbDaTyVRYWFhTU4OaDAaDWCx2uVxoK4koms1mDMPKysosFovJZMrMzGxubkZdZDJZV1eX3W43m81nz541m82MF1UqlV988QW92NXVVVRUhCpPnDghEAguXryIimlpaQMDA9wCdXV13N0papAn+PLLLxcXF1sslqmpqezs7HPnzjEagVGso6Pj/PnzDodjbm5Oq9WqVCrUt7W1NScnR6/XW61WjUYzODjIIaxSqcgmJdYxTU1NFRUVZrN5enq6oKDg448/JrymVqutVqvRaMzPz5dIJMiJRqOxoKAA7VqQXwAZx6FHwv79+9Eg+fn5R48exZneIinuc/2f+vr6iooKNitxzAWN73A45HJ5Z2cnMTJdnk1Jumfj4uLQxgvZsFlZWYRhJTTo4+A4HhsbW1hYODo6Sm8aGRkpLCyMjY0lahjjnzEMiInMzc198803BoOBvFPHdn9RopFRN8YAoziRI6jIKlGu6DUS7Ha7RCKJjIwcHh4mKktKSoqLi4eGhoglJp8m8siM6xi68cld2B5EdF9wOALgCa8cs7S0hIrDw8NpaWlEE+NeGepisVhQfU9PT05ODo7jdrtdIBAwbmVaLJaUlBT02el0isViu91OL9psNpFIhEbIzc3V6XSVlZXoiuHh4W63m1vAYrFwd6fPHc3I4/GIxWIiEPv6+vLy8uhG4BAjMJlMRNzLZLLx8XEO4xPCHo9HKBSSTUp+FBJ34MTEBNrDQS4g9hmGhoYCAgKWl5dRcXh4GG0TkZVnHIdiDXIkDA0NoUighAHFfQRTU1NJSUnz8/McVmKbCxpfqVRSEgZdnk1JMlarNS0tDb1ecBjWSgNnwul0tra2RkdHl5eXG41GVGk0GsvLy6Ojo1tbWwkN2eKfMQzQRMhm9Hp/4Uy+oOtGhggwSkeOoKJ4lmOvjDESKioqkpKSyDVLS0sNDQ1yuVwgEGzZsqW5uZk4/mRrooxMuS6j8cldOB5EdF9wOALgyYOdx5BPAjhyjFAoJOqnp6dlMhn6XFFRoVAodDpdW1vbd999R8h4PB6bzYY+9/T0FBYWEk2UokKhGBgYmJubS0hIcDgcMpnM4/F0dXWVlpbyEfDanXHuNpstKCiIqDcajUSeIBuBTWx8fHz37t1xcXESiSQ6OhoZ0OFwCAQC+rcJGIVtNhvFpKjebrdjGEa8aEdHRyNTc3iNXCTE2MZhtAbbIIz+ItixY0dvby+Hlbjn0tTUFBAQcP78eaIjozz3xBF5eXnEyonNsA+K3W5XqVQCgQAVBQKBSqWinyXQ458tDOgPMj73F+Pjj6IbY4CRO/IMKvoVvUaCXq+PjIzMzMzs6Oig29Dlcg0PD+fl5R0/fpy7iTIy5bqMxqd0YXwQMfqCwxEAT5i3O/3EV199NTY2NjU1ZbPZdDrdjh07PvroIwzDAgMDN2/ejGS4v7WsVCr7+/vNZnNxcXFERIRCoRgcHOzv71cqlXwEvHb3ByqVqrq6uqOjQygUWq3WPXv2EE2BgYH8hem4XK6AgIDR0VFi2zogYCV/8OSrcTCWr4d+8sknaWlpzz777Mp0WF5e7unpuXjxYm1tbWlpaUREBJu82+3mVu/333/X6/U//vij14lIpVJKzZ9//skoee3atTfffHNwcLClpQXVtLS0tLW1HT16tKWlJT09nZCkx/+JEycwpjDwFXTdvAaYr4KBHgkajUan0+3atausrKy8vJxy9BUcHLx9+/Zz586p1ep33nmHo4n7K8iMxqd0YXsQYf70xaMLdwpa2ToGI63le3t7ibU8mYmJiYSEBEqlx+ORSCTERgqliOP48PBwbm5uSUnJpUuXcBxvb2/XaDSxsbHEMohbwGt3xrmvZq/s5s2bxCskmjVhQJlMNjExQb4imzBlS6e3t5cYRCwWM+60PNA6hm0cPmNSLEDxF47jVqt127ZtxG4DhzHZ5iIQCKanp3EcLy4urq2tJZro8l7XMR6Ph6weh2F57pXV1NSIxWKdTjc/P0+un5+f12q1YrGYOL+kQMQ/PQzoE8H53V+UXnTd2AKM0pFPUNEruSOhu7s7KSkJbdiqVCrCj5SzlsHBQWJ7k7GJPjJdMYrxGcOSbATiQUT3BaxjVs/Kc4zT6RQIBMQ+L1EkziStVuvU1JRCoUBnktPT03v27BkYGJifn7dYLNXV1cXFxcTIaHt0cHAwMzOTqKQUETKZTCaTIXmr1RoeHq5QKPgLcLeSd2nJc6+uri4pKaEfU1OMwCgmk8na29sdDofRaFSpVIQBW1tbc3Nz0QFjbW0tOuxlE0ZH04RJifqampq8vDz0Rnbq1KmWlhZur+Es6YFxHLJB2MZcWloSCAQGg8Hj8TD6q7S0tLu7mzj55zCm17kYDAahUKjX69nk+eyVUTbi2QzLE7VaPTMzw9Y6MzOjVqvRZ7b4ZwwDrzmGfn/htGhk1I0xwMhOxPkFFf2KFouF2MSjRMLy8nJKSgpx5G40GkUikV6vNxgMMpmss7PTZrM5HA7Uq7W1FcdxtiZ6jJlMJkavEcandOF4ENF9ATlm9aw8x+A43tzcLBKJ0FfdieKZM2fEYvG7774rk8kiIyP379+PXl7cbndzc7NcLg8KCpLJZGq1em5ujnKVurq6pqYmYnxKEVFZWVlWVkYUc3JyKDLcAhytbCszHMedTuehQ4ckEklCQgL5WJJiBEaxwcHBnJwcoVAYGxur0+kIA3o8nvr6eolEIhQKVSoVetlkE7ZarUVFRWKxWC6Xt7W1EfUul0ur1SYkJIhEIqVSiV7WVpBjvI7DMWZDQwOyAKO/6OtmNmPymYtGo9m1axebvNccQ69BhhWJRGlpaWTD+hy2+GcMA+4cw3h/ISi3JB22ACOciPNzBP2KLpdLKBSifEOJhJaWFsq3SLRabUFBAY7jly5dKigoCA8PF4lEWVlZ5O8NMjbRY6y7uzsrK4vD8pQuHA8iui8gx6weLzlmBazGB3K5/KeffmIrAuuch91fjOue9cZ6fsZpNBp0tO6/SKCM7HK5UlJSurq6+HcB1pgNOO1Nc5XMzs5mZmbevn3bt8MCgL+ZnZ1VKBS3bt36txXhYj3fX3fv3p2YmHjyySfX8qI//PDDzp071/KKwAOxTn93GQCAh46NGzeucYLBMAwSzDoHcgwAAADgL1a+V7a4uNje3t7Y2OhbhQAAAID/DCvPMet5XxgAAABYD8BeGQAAAOAveP0fTK8/JO71F84BAACARxDv6xin0zkyMjI6Ojo6Ojo+Pn7q1CkMwyIiIoif9Var1VVVVU8//TT67xoAAAAAgOC1V3b27NnExMT09PSWlpavv/4aVQqFQgzDgoODAwMDTSbT7t27i4qK9u3bd/XqVT/qCwAAADw8eM8xQqEwMTERfd62bZvFYqHLhIaGNjY2mkwmt9v92GOP+VhHAAAA4OHEZ2f+165dQ78iR/yKOAAAAPCI4z3HuFyu69evo89GozEpKYkuc+TIEYVCERsbazQa4S9mAAAAAASv/1Gm0+k++OADh8PR3NysUqlQpUQicblcV69e3bp1q9PpnJqaSk5O9qeqAAAAwEOG9xwjFotzcnKys7PdbndJSUl9fT2qDw0NPX78uEKhaG9v//zzz/2sJwAAAPDw4eXv/OGP+QEAAIAVA3/nDwAAAPgLyDEAAACAv4AcAwAAAPgL3/8fTAAAAABAwDoGAAAA8BeQYwAAAAB/ATkGAAAA8BeQYwAAAAB/ATkGAAAA8BeQYwAAAAB/ATkGAAAA8BeQYwAAAAB/ATkGAAAA8BeQYwAAAAB/ATkGAAAA8BeQYwAAAAB/ATkGAAAA8BeQYwAAAAB/ATkGAAAA8Bf/Az7aiAVkVQmpAAAAAElFTkSuQmCC) --- HTTP POST data: ![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAAAjCAIAAADNIk3yAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAEJ0lEQVR4nO3cXyjrfxzH8e9s2p9m+TfFmrhy4V8ppVyJC4naFUJTrsTdcoGWREmSdrELF0su1hqxdiG5WFpbobhQSm5cLMqFXMhiQn4Xy/e3szmzHT5OOc/H1fb5s/d7V68+332/U7y+vkoAAAiQ87cbAAD8WGQMAEAUMgYAIAoZAwAQhYwBAIhCxgAARCFjAACikDEAAFE+zphIJKJQKE5OTpLG19bWCgoK5DV5eXlJu9LMxinek7Q+Xj1OqVRWVlbOzs6+vLzIH3J9fZ2bmxsOh1N7lpnN5omJiaenp/R1AQBfK9NzzNLSUtKIw+H4ZO1YLBaLxc7OzvLz82NvUpfp9fr4VDQa9fv9W1tbc3Nz8qzX69Xr9R6P53e77u/vt7e3g8HgzMxMVnUBAJ+UUcaoVKr19fWrqyt5ZH9///j4+JO11Wq1Wq3WaDTya7VanWalVqutr69fWlryer3ylMfjcTqdfr9fPqak7qqtrV1cXNzY2Mi2LgDgMzLKGI1G09nZ6XQ65RGHw9HX1yesqw+aeX5+jr8+Pz+/vLzs7+9vaGjY3t5Ov4vDCgB8s0yvlY2NjS0vLz88PEiSdHFxsbOzMzIyIrKx911fX9vtdovFEn/rdrvjUTcwMJB6uUx2e3s7PT3d0dHxTV0CACRJyjxjGhsba2pqVlZWJElyOp29vb3FxcUiG/tfNBo1Go1Go7GoqKi8vLyiokL+ZcXj8VitVkmSLBZLMBi8u7tL3WU0GktKSgwGw8LCQvpCFxcXlZWV4r4IAPxrVJkvHRsbs9lsVqvV5XLt7e2J6ymJTqeL//aTk5NTUlKiVCrj44eHh3q9vrq6WpIkrVbb3t7u8/kGBweTdgUCgfHxcZfLpdVq0xcqKyv7zu8FAD9eFs/HdHV1qVSq7u7upqamqqqqxCmdTheLxRJvKY5Gozqd7mtazMkxmUwmk6m0tFQOGEmS3G736empfFjx+Xxutzt11+DgYHFxscvl+rCQUqksLS39kp4BAFK2z2DabLadnR2bzZY0bjQaCwsLDw4O5JFQKFRXV/cFDf7Gy8vL+vp6KBQ6fnN6enp0dJR485vMbrcvLCw8Pj6K6wcAkCq7jLFarbu7u62tralTU1NTQ0ND4XD45uZmc3PTbrfb7fbEBY+/Sjz0/IFAIFBYWNjY2Gh6Yzab29raEm9rlvX09BgMhtXV1Q8/lhwCgC+UXcao1eqWlpZ3p0ZHR4eHh61Wa1lZ2fT0tMvlam5ulmej0ajmV5lcvErD4/F0dnYmDXZ0dCReLks0OTk5Pz+f+gxNokgk8m03MgDAv0Dx+vr6t3sAAPxM/CcmAEAUMgYAIAoZAwAQhYwBAIhCxgAARCFjAACikDEAAFHIGACAKGQMAEAUMgYAIAoZAwAQhYwBAIhCxgAARCFjAACi/Ad+Z4gzyJSJsAAAAABJRU5ErkJggg==) --- **Screenshot:** ![fotoacademie.nl vulnerability](/twimages/screen-1158396.jpg) **Mirror:** [Click here to view the mirror](<http://1158396.openbounty.org/mirror/>) ### Coordinated Disclosure Timeline Vulnerability Reported:| 10 May, 2020 14:17 GMT ---|--- Vulnerability Verified:| 10 May, 2020 14:26 GMT Website Operator Notified:| 10 May, 2020 14:26 GMT a. Using the ISO 29147 guidelines| ![](/images/done.png) ---|--- b. Using publicly available security contacts| ![](/images/done.png) c. Using Open Bug Bounty notification framework| ![](/images/done.png) d. Using security contacts provided by the researcher| ![](/images/done.png) Public Report Published [without any technical details]:| 10 May, 2020 14:26 GMT Additional notification email sent:| 19 May, 2020 00:15 GMT Additional notification email sent:| 26 July, 2020 10:37 GMT