logo
DATABASE RESOURCES PRICING ABOUT US

animeid.tv Cross Site Scripting vulnerability

Description

Open Bug Bounty ID: OBB-1158504 Following coordinated and responsible vulnerability disclosure guidelines of the **[ISO 29147](<https://www.iso.org/standard/45170.html>)** standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence. Affected Website:| **[animeid.tv](<https://www.animeid.tv>) ** ---|--- Open Bug Bounty Program:| **Create your bounty program now**. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| **[XSS (Cross Site Scripting)](<https://www.owasp.org/index.php/Cross-site_Scripting_\(XSS\)>)** / CWE-79 CVSSv3 Score:| 6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N] Disclosure Standard:| Coordinated Disclosure based on **[ISO 29147](<https://www.iso.org/standard/45170.html>)** guidelines Discovered and Reported by:| **CityBoy ** Remediation Guide:| **[OWASP XSS Prevention Cheat Sheet](<https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.md>)** Export Vulnerability Data:| Bugzilla Vulnerability Data JIRA Vulnerability Data [ Configuration ] Mantis Vulnerability Data Splunk Vulnerability Data XML Vulnerability Data [ XSD ] Vulnerable URL: ![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAAAjCAIAAADNIk3yAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAM8ElEQVR4nO2cf0wT5x/HT1ZqV678KKVD28WWbMwlxjWEMczcotM4Qwip06FjuLHNKDOMkAYzwx+uI06JonFsaczCEjVmW4wxpCGELYwtDSMMWHd0TUca3UpTa2cAi1ZWoXLfP558n9z37rlrhRaB7+f11z3Pfe75fO79ea6fu+dBV7EsSwEAAABACkh73AEAAAAAKxaoMQAAAECqgBoDAAAApAqoMQAAAECqgBoDAAAApAqoMQAAAECqWLo1xmg0joyMiDWBebBoGiboCHK6shkZGfnwww8lDGZnZ996661//vln0UICFp8lWmP++OOPubm5F154gdgE5sGiaZigI8jpiqempsZgMEgYpKeny+XyxsbGxYoIeAzEqTFjY2MqlYp4ampq6uTJk2LNBWK32ysqKsSaSxAJoZI1ztjYWE5ODq8zcdmRhgnGuZBsJpgsCTMcJPGWk84XX3xhNBozMjJeeumlH3/8MSljJms+8MZcBDUWAnfaTExMuFyuhoYG1Lxz587+/ftzc3N1Ot3HH388OzuL+hsaGnp6eh5PuMDiwEri8/lomk7klITlPCgpKfnhhx/EmkuTaDSa0nF8Pl92drawM0HZkYYJ2i8kmwkmS8IMeyfecnJpa2srKCjo7e0dHx+/evWqRqPp6+tb+LDJfRzwmKlWY4Fw75qngNlsrqqqCgQCHo+ntLTUarUSzYCVx1JcK7t165bX692yZQuxuWRZvXr1khqHy6JpmKAjaTOZTFZYWMg9SB0tLS3t7e1bt27Nzc3dvXv38ePHW1paUurx/5AHDx50dnbabDadTvf888+3trZeuXLlcQcFLBIJ1ZjPP//caDTm5ubu379/amqKoqipqSmDwRCJRFatWnXx4kVu8+zZsyqV6vTp00899VROTs67777777//onGGhoZeeeUVlUql0+l27979559/Et3Z7fYdO3akp6fzmrt27Tp9+jTqHBkZWb16NQqGoqhDhw4dOXJE2uDZZ5+VvpwXxtDQ0KZNm5588sm8vLw333zz5s2baAHkzJkzRqMxJyfn7bffxiNwl3ewTUZGxt69eycmJo4cOZKXl5ebm/vee+/dv38fXfLgwYMPPvhApVKtW7fuk08+efjwISVYY7l58+brr7+uUqmee+65b775hhchLwt79+797LPP8NlNmzZdvHiRKCmGGANvWBTSyZMn8/Ly1qxZ8/XXXxPFIToSyzg2+/vvvzMyMn7//XeKoiYmJnJycn766SedTvfbb79RFKXT6X799Vd0yffff0/FA9sI/RLFmZqaCgaDmzdvxv3vv//+l19+KRz5/v37hw4dysvLe/rppz/99NOHDx9KTAYJhOPggIl6Sk8ALige4XNHTB8xjASnrpgj3rThxhaNRufm5uRyOWoqFIrp6WnhLSSSYmDZEb/GRCIRhmH6+/sHBweDweDRo0cpisrKyhodHaVpOhqNVldXc5u7du2KRCKDg4PDw8PDw8NOp/PUqVNoqPLy8pqaGr/f39fXt3nzZoVCQfQothlTXl6Ol247Ozvn5ua6u7tRs6enp6ysTNrAbDZLX84Lw+l0Hjx4MBQKud1uvV5fV1eH1HC5XEgNv9/f1NQkplhfXx/DMMFgcP369ePj4y6Xa2BgwOfz4Uuam5unp6ddLld3d7fD4Th//rxwqLq6uszMTI/H09XVJfyJ4WWhsrKyo6MDnbp16xbDMGazmSgphhgDb1h0R6Ojo263+8KFC+gXmSiO0JFYxrGZ0WhsampCq/bHjh0rKyvbunWrME6KompqarZt24Zqj5ChoaFt27bV1NSI+SWKE4lEFAoFt/Smp6evW7dOOH59fX0wGHQ6nd3d3Xa73WazUYlNhkTGkdBTbALkCUDxEJ87YfrEwkhw6hIdCacNJisrq6ioqKmpaXZ29t69e1artbi4WCiOdIqB5Yr0UprP56Mo6u7du6jZ399fUFCATxH3Y9Alfr8f9V+7dq24uJhl2cnJSZlMRtxs8Pv9BoMBHUciEZqmJycnhc1gMKhUKtEIJSUlFoulqqoKeczMzJyZmZE28Pv90pdL6HD9+vX8/HyeGn19fUI1kE04HMY2aWlp09PTWMBnnnkGHWs0mkgkgo4ZhikpKeGpGovFFAoFV0np/Zjp6Wl0myzL2my2iooKoYa8rBFjYAUL6xRF4YyIicMKcieWcZ7ZzMzM+vXrrVarRqMJhUJiXiKRyIkTJ9RqdWVlpdfrxf1er7eyslKtVp84cQLdC9EvURzubTY2Nmo0Go1Gg3OKicViNE3/9ddfqGm320tLSyUmAyuyzUAcR3inWE+JCRAQIPbcCdMnFkaCU1fMESu5H+PxeEwmk1wuVyqVFEXhrTiumViKgWXNo+35c3cdJWqMQqHA/R6PR6vVouN9+/aZTCaLxdLa2vrzzz9jm1gsFgwG0fG1a9dee+01fIrXNJlMvb29oVBIr9eHw2GtVhuLxdrb2994441EDOJezsXpdG7fvn3t2rUajUatVmdnZyeihoQNtzk5OUlRlOa/qNVqpBL38mAwyFMy7p7/vn372traWJbdvn375cuXhRpy7cViYCV/LMTEESaLFcm40Ax9X6LIpZmcnDSbzTKZDPfIZDKz2Yx/GSX8CsUJBAJY4XA4HAgEBgYGhCIHg0G5XI6bXq8XvXBIJ1ooGnEcdEzUM5EJwPVIfO6EkYiFkeDUlXjA406bcDh89uxZXJOIZsIUA8uaRd3z//bbb9vb2zdu3DgzM2OxWD766CPU/8QTT6xZswYdS//VcllZWU9PT2dnZ3l5eVZWlslkcjgc3JUuaYO4l3Mxm82vvvqqw+FgGKarqyu5UkSj0bS0tOHhYYZhGIZxuVwMwyx8WLQidOfOncHBQayb2ELZQmIgiiN0RMy40CwUCqWlpYVCIWmnN27cqKurczgczc3NuLO5udnhcBw+fPjGjRvSfoXioIUd9He0WVlZOp0Ov2gvMo862YhrZUsfpVJ57ty5Y8eOiRkQUwwsb6RL0Py+YyjOp3RHRwf3tQXDMIxer+d1xmIxjUaDv+J5TZZl+/v7S0pKKioqurq6WJa12Wz19fX5+fn4M0jaIO7lmNu3b3PfpBiGSe53DMuyNE07nU6eX4m1so6OjrjfMdFoVK1Wnzt3Dn+Z8TTk2RNjYOO9kBLFESaLB8q40CwcDufn53/33Xdqtdrj8YhdXltbS9O0xWIZHx/nnRofH29oaKBpura2VswvSxKHZdm1a9dyP6lbW1t37tzJG0FsrexRv2PEFqmIerKSEyDuWhl+7oSRSKyVJfgdI/aAx/2O+eqrr4qKirg9XDOJFAPLl/nXmEgkIpPJ8LIpbqIpuGfPnkAg4Ha7TSYT+lt4j8ezc+dO9A8R/H7/gQMHysvL8cho9dzhcGzYsAF38poIrVar1WqRfSAQyMzMNJlMiRtIn+Uu4mu1WpvNFg6HvV6v2WxOeo2pra0tLS11u93BYPDUqVPNzc3Cy81mM1dJfC2Ok5cFlmWrqqoyMzOvXLlC1PDu3bsymWx0dDQWi4nFwBuW+GMhFEeYLGLGhWaHDx+urKxkWfb48eNbtmxhRaiurvb5fGJnUZzV1dVifonisJx/H3P79u3Lly+r1er+/n7h4AcOHKioqPD7/W63u6ioqK2tLZEaE/1fYrGYcBwxPVG/2AQg3j7xuSOmjxjGI9UYoSP2f6eN3+/nLqmxLBuLxQoKCux2O7fz+vXr2EvcFAPLkfnXGJZlrVarUqm8cOECt3nmzBmapltaWrRabXZ29jvvvIO2DWdmZqxWa2FhoVwu12q11dXVeIMXe2lsbGxqasLj85qIqqqqPXv24GZxcTHPRtpA4izvZh0OR3FxsUKhyM/Pt1gsSa8x0Wi0oaFBr9crlcqysjL0Xsm7PBAI7Nixg6bpwsLC1tZW/JBzbXhZ6OjooGkab9UKNTx69Ci2J8bAG5b4IyUUR+iImHGe2fDwME3T6KU4Go0aDIZLly6xC0NipvHEQbS1tRkMBrlcXlRU1NvbSxwzEokcPHhQo9Ho9Xqr1RqLxeImWrhmcP78eeE4yF6oJ+onTgAiKB7hc0dMHzGMxGsM0RECT5toNKpQKLhvP5cuXeJ9xLAse/Xq1Y0bN4rdFLACiFNj5gFxTidIYWHhwMCAWBOYB4umYYKOIKcpYiHPXYoc1dfX8/64gwd6q2hvb09SaMBSZBXLssnd4BkbG9uwYcO9e/eSOywAABIs2nOXuKPZ2VmGYV588UUJm19++eXll19OXnTAkmMp/l8yAACsANLT06ULDEVRUGBWPFBjAAAAgFSR/LUyAAAAAEDAdwwAAACQKqDGAAAAAKkCagwAAACQKqDGAAAAAKkCagwAAACQKqDGAAAAAKkCagwAAACQKqDGAAAAAKkCagwAAACQKqDGAAAAAKniP0WClK3zxXAwAAAAAElFTkSuQmCC) --- Research's Comment: ![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAAA3CAIAAABVZQ1/AAAACXBIWXMAAA7EAAAOxAGVKw4bAAAOg0lEQVR4nO3dfUwb5R8A8FvtoK2lvFi6wcpWGBZGCMGFEIgEG0M2UxtSJyJBHIuSsRCH2MwF2URkKBt7SYZIkKBhy0KMQUIWYuZSlTSELIgMJ5sVSQdYaocMCyu1sML9/nji5X731gN6OPT7+et6d32e7/Pcc/flnoNjC47jGAAAACAA0T8dAAAAgH8tyDEAAACEAjkGAACAUCDHAAAAEArkGAAAAEKBHAMAAEAokGMAAAAIBXIMAAAAofDKMZcuXdqzZ49UKt2zZ89HH30kUChzc3P19fVoeWJiIiQkJICFB7xAnrVMTEyEh4cTy1tIYmJi3nnnnYcPH25MhORIhKuCaAL5aAaw/C00Fy9eXHPXvfXWW1Kp9NKlS4GNUyBEM8ntDeCwYTtkATkxv/7669DQ0Pv37xNrnn766RMnTmAY9uDBgzfffHPXrl1SqTQhIeHMmTPLy8toH45NYNPA/WltbVWr1T09PTMzM729vfHx8bW1tX6/tQbj4+NyuZy+HPDChUOvZXx8PCwsjLzV6/V6vV6Px3Pr1q2MjIyTJ09uTITkSITj9XqJ6gLeHHIHEnw+H7le/mZmZkQi0fDwMCphU0DNFOhMYSsqUNXp9fry8nK03NXVFR0d7Xa7cRzPy8szGo1Wq3V6etpsNut0uoGBAbQbxyawWfjPMWq1+vr168THoaEhmUyGBkdg/UdyDHlrX19fYmLixkS4MTmGXJ1AOebRLG0jbdIcY7VaZTKZzWbz+Xxarba9vR3HcY/HIxaLXS4XfX+OTWAT8TNXNjc3Z7fbdTodseapp57q7e1FywsLC6WlpZGRkTExMe+///7y8jK6lT579uy2bdvCw8OLi4v/+usvDMM+/vjj/fv3E4WcOHGiuLiYUpFGo3G73Vu2bCHmLi5evBgbG/vEE0+8+uqrc3NzaOXi4uLrr78eEhKya9eu9957j37v/P3332dmZkql0sjIyJdeemlqaorYdObMGUpgjK14+eWXP/jgA+JbmZmZKCS/Va+WRCLxer3892dsGurz8+fPx8bGhoeHv/LKK0RfTU1N7d+/PyQkJCEhoaOjg14g+m59fX1kZGRUVNSnn35KmQwhZtg4aqGUhrEcTQLbsOEunANlEoncHIzlqN2/f58SIT2qu3fvPv744zdv3kT7h4eHf/fdd+R6GUc1vRyMNsXEOG/5wgsvnD17Fi3/+OOPwcHBRCeUlpa+/fbbq52n+v33359//vmQkJDY2Njz588TNTJ2CNshC+CJmZCQcPjw4crKytbWVoVCga4AKysrGIaJxWJ6/BybCGwXHIzpgHLvD4TCnYLsdrtEImHb+tprrxkMhsnJyZGRkb179zY2No6Pj2MYlpeXNzk5OTY2lpycXFNTQ5QzPz+PvpicnNzd3U0pzWq1opkQn8+Hyjl06JDD4RgbG3v22WePHDmCdquqqiooKLDZbHfu3NHpdE1NTZRyWlpaPvvsM5fL5XQ6KyoqjEYjjuNsgTG2orOzMy0tDW11OBwSiQT9MOW36lXdx7hcLoPBUFZWxvZdOo6mHTx40OFwjI6OZmVlEWUajUZyk+n3McR3nU7ntWvXrFYrJQwifo5aGJtPPpqU3diGDXfhHF1ErKc3B2c/apQI6VHhOF5XV5ednY3jeFlZWWFhIaVexlHNWA5br5K1tbXt27cPLdfV1YnF4s8//xx9jIuL+/bbb8nN5HNjceDAAaPR6HQ6x8bGUlJSiBp5dgghUCcmjuOzs7NKpTIsLKy/v59YmZubazAY+vr66LMjHJuI5vM/r7n3BwLxk2M4RrDP55PL5TabDX28evVqRkYGOoSTk5NoZVdXF3GxzsjI6OzsJMqkT6BTzhwMw4izt7+/Py4uDi0rlUpiwA0PD6enp3PEPzY2tn37dqJAemCMrfB4PAqFAu3c3Nycm5vLs2q/OQbDMOXfgoKCCgsLiQJXOwtBaRrRV319faivfD6fRCIhN5ktx8zOzrI1gZJj6LWwNZ+tORzDhrtwnNaBSqXyjTfewGk5htwcnP2okSNkjArH8aWlpcTExJqaGqVS6XQ66SFRRrXH42Esh0+OcTgcMpkMnRfp6ekmkwlltfHxcYVCsbS0tKocg44+EQn56PPpEEq3B/DELCgo2LlzJ3nN/Px8ZWWlVqsVi8Xx8fE1NTVEkuPYRI6H53nNsT8QDtd9KIZhYrHY5/Mxbpqenl5aWoqNjUUfExMT0fGTSCQxMTHEysnJSbRsNBp7enpefPHFnp4evV4fHBzMXbVcLidmBqKjo2dnZzEM+/PPP2dmZjQaDVq/srJCv5W+efPm8ePH79y5s7S0tLKygu642QJjbIVUKtXr9d3d3UePHu3q6jp06BDPqv2SyWTDw8MYhpnN5srKyra2NqlUyv/rbE0j95VarUZ9NT09jWEYucmMZcrlcp6/b8ZYy2qxDRuehRMdSHykB0luDs+jxhbV1q1bm5qacnJyGhsbt23bRv8iZVS7XC7GcviIiorSarX9/f1JSUkOh6O6ulqr1S4vL5vN5pycnK1bt/Ish2jRysoKORK0sP5hvOYTE8Own3766dq1a2q1+pNPPiktLUUr0fRmfX394uLi0NCQyWTy+XynTp3i3kTgf15z7A+E42d4oRuOhw8fkof4Dz/8wHbB4nDgwIGsrCwMw3p6etBVew28Xq9IJBocHCRGsEhEfaRkNBpLSkpaWlokEondbn/uuefWUFF+fn5TU1NRUdHAwEBXVxfPqtHPocvLy4899hha43a7yddBkUi0Y8cODMOKi4vPnTvX1tZ29OhR/lEFpGmbGtGBPPE5atycTqdIJHI6nYxbAzKqCXq93mw222w2g8EQGhqamppqsVjMZrNer19nyYT1d8h6ii0vLzeZTNnZ2Xl5efn5+ZQfboKDgzMzMxsbG4uKiiiJhGMTeMT5GV6hoaFqtdpisRBrbt++nZ2djWGYSqUKCgq6e/cuWm+1WtFPMV6v97fffkMrR0dHd+7ciZaffPJJlUr1zTff3LhxY83nTFRUlEwmm52d3fG3qKgo8g5//PGHw+F49913d+/evWPHDolEQmxiDIytFXq9fnh4+PLlyzk5OeinNr9VYxgWGRkZERFx48YNYo3FYklJSWFsy8mTJxsaGhYXF3m2naNpjFQqFYZh5CbzqSUiIsLj8Tx48AB9tNvtPMPjia3DBcLnqHFENTc3d+zYsY6OjpaWlp9//pn+RcqoZiuHZ68aDAaz2Xz16tXc3FwMw4xGY3d3d29v7xrOF5VKJRKJJiYmiEhW1SGrxafYL7/80mazHTt27JlnnsnKyqqurkbrFxYWyLuhBz9+N5FX8j+v2fYHAvI7m0b++xiLxZKUlFRXV4c2lZSU5ObmMj7zt9vtIyMjqamp5Edq1dXVKSkpBoOBsSK32y0Wi0dHR3HO+esjR45kZGSMjIw4HI6Ghgb6H+uoVKrm5maXyzU6Omo0GsmPExgDo7cCrS8sLFQoFF988QVRst+qcRxvamrSarUWi2VmZqazszMiIqKvr49oBWW+OykpqaWlhbyV8Y8//DaNra/QM3+iyYzPY+hT8Onp6SUlJU6nEz1+91sLY2nko0nBOGz8Fs4WLf7/z2PoO7AdNcrOjMOgrKwsPz8fx/G6ujqdTkevGqeNarbhxNirdCqVSqVSoacydrtdoVCkpqZSAp6fnxeLxVar1efzkZcpRaE/LhkfHx8ZGSE/82frELZDFpAT0+PxaDSaK1euoI+jo6MymezWrVtWq1WlUrW2tjocDpfLZbFYkpOTP/zwQxzHOTaRA1jVec19gQJC8J9jcBxvb29PTEyUSCRarZY4Z3Acd7vdhw8fViqVarUaPY5DQ/D06dMqlSosLOzgwYMej4fYH82ko9+LZ1RTUyOTydrb2zmGstfrraioUKvVMplMr9cTj/UIFoslLS1NIpFs377dZDKRL5ENDQ30wOitQOu7u7vRU1yiZL9VIxcuXNBoNEFBQcnJyV1dXeRWUK6AV65c0Wg0S0tL+N+jn4LIQH6bxthXdrt93759crlcq9WeO3eOZ45Bvy8kl8uTkpIaGxvXlmNw0tGk7MY2bLgLZ4sW95dj2I4aZWd6VIODg3K5HD0f9nq9Go3m8uXL9Nopo5ptODH2Kl1hYWFeXh7xMS0traqqih5wZWUl0bfkZTKn02kwGORyuUajOX36NJ8ziO2Qrf/ErK2tpfwWQEVFBUrbX331lU6nUygUMpksJSWltbWV2IdjE7lPGC84jAeC+wIFhLAFx/EA3hVNTEwkJycTcwIUCwsLSqXS4XAI/VITADbMphjVv/zyS3Z29r179/7pQAKM+4Kz/v3B+m3oOzGvX7+elZX1KJ+KAKzWphjVw8PDcXFx/3QU4L9o1b99u2Zzc3NNTU0FBQUbViMAQnuUR/WpU6eio6Nzc3NtNltVVRXxjB2AjbRx9zHEBOiG1QiA0B7lUa3T6Zqbm9VqdVFRUXl5OeXtTQBsjAA/jwEAAAAI8D/KAAAACAVyDAAAAKH4yTHcb3qHV2QDAADgsPb7GLfbPTAwMDg4ODg4ODQ01NDQEMCwAAAA/Ausa67swoULMTExu3fvrq2t7enpCVRMAAAA/h3WnmPgFdkAAAC4wTN/AAAAQvGTYzjeSQ6vyAYAAMDNT44JCQlJS0szmUz37t379ddfKysryVtNJtPU1NTt27dramoMBoOQcQIAANh8/M+VdXR02Gy2+Ph4o9GYn59PrJfL5WlpaXv37s3KykpJSTl+/LiQcQIAANh81vguGXhFNgAAAL/gmT8AAAChQI4BAAAgFMgxAAAAhALv9gcAACAUuI8BAAAgFMgxAAAAhAI5BgAAgFAgxwAAABAK5BgAAABCgRwDAABAKJBjAAAACAVyDAAAAKFAjgEAACAUyDEAAACEAjkGAACAUCDHAAAAEArkGAAAAEKBHAMAAEAokGMAAAAI5X8SbJ0YRe1wIQAAAABJRU5ErkJggg==) --- **Screenshot:** ![animeid.tv vulnerability](/twimages/screen-1158504.jpg) **Mirror:** [Click here to view the mirror](<http://1158504.openbounty.org/mirror/>) ### Coordinated Disclosure Timeline Vulnerability Reported:| 10 May, 2020 18:55 GMT ---|--- Vulnerability Verified:| 10 May, 2020 19:05 GMT Website Operator Notified:| 10 May, 2020 19:05 GMT a. Using the ISO 29147 guidelines| ![](/images/done.png) ---|--- b. Using publicly available security contacts| ![](/images/done.png) c. Using Open Bug Bounty notification framework| ![](/images/done.png) d. Using security contacts provided by the researcher| ![](/images/done.png) Public Report Published [without any technical details]:| 10 May, 2020 19:05 GMT