logo
DATABASE RESOURCES PRICING ABOUT US

sciencemediacentre.org Cross Site Scripting vulnerability

Description

Open Bug Bounty ID: OBB-1158594 Following coordinated and responsible vulnerability disclosure guidelines of the **[ISO 29147](<https://www.iso.org/standard/45170.html>)** standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence. Affected Website:| **[sciencemediacentre.org](<https://www.sciencemediacentre.org>) ** ---|--- Open Bug Bounty Program:| **Create your bounty program now**. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| **[XSS (Cross Site Scripting)](<https://www.owasp.org/index.php/Cross-site_Scripting_\(XSS\)>)** / CWE-79 CVSSv3 Score:| 6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N] Disclosure Standard:| Coordinated Disclosure based on **[ISO 29147](<https://www.iso.org/standard/45170.html>)** guidelines Discovered and Reported by:| **yassinehmimou2 ** Remediation Guide:| **[OWASP XSS Prevention Cheat Sheet](<https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.md>)** Export Vulnerability Data:| Bugzilla Vulnerability Data JIRA Vulnerability Data [ Configuration ] Mantis Vulnerability Data Splunk Vulnerability Data XML Vulnerability Data [ XSD ] Vulnerable URL: ![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAAA3CAIAAABVZQ1/AAAACXBIWXMAAA7EAAAOxAGVKw4bAAAQTklEQVR4nO2df0xT1xfAn1ihliJS2sovx49NNJnBzhDCNpeQaRxBQuqGjjE2KxJExhghuDm2uQ4XNPwwmUuYMZrgQjb/MMSQxbCkI6YjDAWbgoVhYQxKKd0oDLaiBYvv+8f77uXtvXtfS38Ayvn81ft677nnnnNeT999fafrSJIkAAAAAMAPBKy0AgAAAMBTC+QYAAAAwF9AjgEAAAD8BeQYAAAAwF9AjgEAAAD8BeQYAAAAwF+s3hwTHx/f09ODawKAlyxPREHcAmucVZpj7t279/jx4127diGbAOAlyxNRELcA4CLHjI6OhoSEIN+anZ09e/YsruklLS0tWVlZuOaqgsdEq5nR0dGwsDBiGfX3bYR4CR1Rf/3119GjR2UyWXR09EcfffTo0SN/zOIN7jjIpW1pIbTffa4DACDx/DpmZmamuroa1/SSJyjHxMbG2my2ldbCc5ZNf99GiJfQEaVSqRYWFvR6fVtbW0dHx+nTp/0xize44yB/2/ZJD3JgBVmNe2UTExNGozEtLQ3ZXIUEBQWttApe8aTrv1ToiHr48KFOp7t06VJ0dPT27dvPnz9//fp1n8/ivSjvHSQQCBITE5kvll8HYG3iVo756quv4uPjw8PD33nnndnZWYIgZmdn4+Li7Hb7unXrrl69ymyeP38+JCSktrZ2y5YtYWFhR44cefjwISWnq6vrlVdeCQkJiY6OfuONN3799VfkdC0tLfv379+wYQOrefDgwdraWupgT09PUFAQpQxBEMePHz958iR/h23btvEPZ6mB1HZxcfHjjz/esmVLcHDwoUOHpqamWNsI8/Pzx44dCwkJiY2N/fzzzxcXF4l/txrq6+vj4+PDwsLefvttemquQHeEBAcHv/nmm1NTUydPnpTJZOHh4UePHp2bm+PRgSCI8fHx1157LSQkZPv27d999x11kKl/V1fXiy++uHHjRplMdujQofHxcW+UZK6UFTBUt7Nnz8pkssjIyCtXrvCozWRubu748eMymWzr1q1ffPHF4uIiUhRBEBMTEwcOHAgJCYmPj6+vr2duENERtXHjxrGxseDgYOr40NBQVFQUzvUu+fHHH5lNZhi7GUu0AZnLYW5zIc8slm25mhAEER0dfffuXerF7du3kQrzLIoZJO7HIY8LKJBmQToUaSskuBgGVgrXOcZut+v1+o6Ojjt37lgsllOnThEEERoaOjAwIBaLHQ5HXl4es3nw4EG73X7nzp3u7u7u7m6dTldTU0OJyszMVKlUJpOpvb19z549QqEQOSNuoywzM1Oj0VAHf/jhh8ePH7e2tlJNjUaTkZHB30GpVPIPZ6mB1Lampkaj0Wg0GqPRGBUV1d/fzxpVVVX14MGD3t7e1tZWrVZ78eJF2oy9vb2UGU0mU2VlJXUcKZBHiF6vb29v1+v1Fotlx44dNputt7e3s7NzZGSElokbXlJSsmnTpv7+/ps3b9I5holOpyssLLRarQaDISYmpqSkxDMluStlBQzVbWBgwGAwNDY27tmzh0cgk9LSUovFotPpWltbW1paGhoakKKoxQYGBg4NDWk0mm+//ZYpBLmFdf/+/YqKirq6OpzrZRzosV1dXXv37lWpVLhZlhRLyOXQb3HPLK5tVSrV3r17qaTCA3835KJoNdyJQx4X8JgFaQGkrZAewcUwsGKQvIyMjBAE8ffff1PNjo6OhIQE+i2xWMzsSTWpISaTiTre3NycnJxMkuT09LRAIHA4HNxZTCZTXFwc9dput4vF4unpaW7TYrGIRCJKQkpKSnl5eW5uLjXjpk2bFhYW+DuYTCb+4UyVcNrK5XKdTscyEdMOUqnUbrdTr/V6fUpKCteM7e3ttBm5AvmFzMzM0EICAgIePHhAu+a5557jGe50OoVCIdMvmzdv5upPMzQ0FBER4ZmSyJUyJ6K60V7mEcjE6XSKxeLh4WGq2dLSkpqaihRFLZbuSS+W5AQYhdlsTkhIuHbtGol3vZkDSZJGo/Hw4cMSiaS6uppWnjWL+7GEtIzLM4vkONFut1dXV0skksOHDxuNRhIDrht3UVzfuYxDHhdQ4MyCdCjSVkiPMGHGMLBSuM4xrERCBwpPjhEKhfTx/v5+uVxOvc7JyVEoFOXl5XV1dbdu3aL7OJ1Oi8VCvW5ubn711Vfpt1hNhULR1tZmtVpjYmJmZmbkcrnT6bx8+fLrr7/uTgeXw5lwtZ2ZmREIBE6nE2ei6elpgiCk/yKRSKi148yIFLhUIawmbrjFYmH5hZtjdDrdvn37oqKiqIG+VZL1OcVKbDiBTCwWS2BgIN00Go0RERHIHMnqSS+W5EQURWpq6oULF+gmLlC5CAQCpVJJf+DSsGZxM5ZIlGXcObOQRpienlYqlQKBgEd/ZDfuonh8h4tDHhfQIO3MXQvOVkiQMQysIIJlulwiCIIgvv/++7t37xoMBovFUl5e/tJLL3399dcEQaxfvz4yMpLqw/+LsoyMDI1GMzw8nJmZGRoaqlAotFotc6eLv4PL4fzafvnll5S2uAU6HI6AgIDu7m6B4P+GDQhwvRvJEuiZEJ8MVyqVBQUFFy9eFAqFZrM5PT3dT0r6Vu0lwd0om5iY6O3t/eWXX+gjyEBlbo5RTE5OVlVV1dXVFRcXV1VVPfvss7hZPIglL/ntt99Onz6t1WqrqqqW2g23KJ+D+0BAwrUV0iM8MQysDPwpyLPrGIJxRX/jxg36ip6JXq+PiYlhHXQ6nVKplL6+ZjVJkuzo6EhJScnKyrp58yZJkg0NDaWlpREREfRlEH8Hl8Nx0NrK5XK9Xs9jIrFYjNwAwZmRK9ADIawmcjhrr+zGjRus65g///yT+WVWr9f7Vkn+6xicQNYSkHtlXFHUYkdGRqgmvVHDjSjqIOsIE9r1uJ0Zm81WVlYmFouLiopogdxZuAKRVuW/jsGdWaxRRUVFYrG4vLzcZrPh1sXfjbUoD65jcC7AQZsF6VCkrbge4YlhYKXwPMfY7XaBQEBv49JN6kzIzs42m80Gg0GhUKjVapIk+/v709PT29rabDabyWQqKCjIzMykJVPbslqtdufOnfRBVpNCLpfL5XKqv9ls3rRpk0KhcL8D/7v07jBO2+rq6pSUlN7eXrPZXFJSotVquad3amoq9dWspqamqqqK34xcgR4IYTWRw0mSVCqVTL9w98rkcnlDQ8PMzIzRaFQqlb5VkhkwyM8RnNrMLfuCgoKsrCyTyWQwGHbv3n3hwgXc/aTs7GylUjkyMmIwGJKSkig1kBHFmoI/UHGMjIzk5eVRr1mzuB9LSMuwcgz3zCI5J2NeXh794c6Dy270ojzIMSTGBS7NgnQo0lZIcDEMrBSe5xiSJNVqtUgkamxsZDbr6+vFYvG5c+fkcvnmzZvfffdd6n7gwsKCWq1OTEwMDAyUy+V5eXlWq5U1S0VFRWVlJS2f1aTIzc3Nzs6mm8nJyaw+/B143mUuFqet0+n88MMPpVKpUChUKpU2m41lIofDUVZWFhMTIxKJMjIyqC+zPGbkCvRACKuJHE6SpNls3r9/v1gsTkxMrKur4+YYrVabnJwsFAojIiLKy8t9riQdMMjPEXcE2u32wsJCqVQaExOjVqudTicux1it1szMTLFYHBcXd+7cOUoNZESxlOQJVDdhzeJ+LHHXS/43xyDPLJZtl6Sqm3iWY5AuoMGZBXdhyrUVElwMAyuFixzjAbhz3h0SExM7OztxTQDwjIGBAer2+PJElJ9m8ebMWnFoFwBrjWW95++S+/fv8zQBwDP0en1CQgKxXBEFccuFdgGw1liNtWSeDnp6ek6cOMHT4dGjR2+99dYff/yxbCqtKc6cOXPlypXJycnbt29XVlYWFRWttEZrDnABQECO8R8qlSouLo6nw4YNGwIDAysqKpZLo7VFWlpaQ0NDTExMXl5eaWnpkSNHVlqjNQe4ACAIV79dBtyHqn1LvbbZbAEBAcxfKzkcjpycHNZ+uk6nW+pzyLdu3VIoFCKRKDU1tbe311cKAwAA+AO4jvEZzPrqdrtdJBLRpWrn5+fT09OdTidriEQisdvtS5olJydHrVZTD5fl5+f7SmEAAAB/ADlmObBarfv27aPqLXqJ0+lMTk4OCwtLTk5eWFjwXiAAAID/cJ1jcNXUkZXqCVSFdly5clb5bu5EBKbQNxdc2XPccP5F8VQsd7++OpPY2NhPPvlkSY7B1V0vLi7OyMh47733KisrubWTkSXQkdXO+RUGAADwCa5zDK6aOrJSPYGp0M4t1s09gpwI2RNZ0xv3hwLISum4RblTsdzN+upegqu7ThVTaWxsbG1tff7551nvIkugI6udcxXmqV0PAADgIfy3a3iqqSPrt5OoCu3IcuWsI8iJkD1JVJ0iXNlzXOF33KJcVix3s7468nE5nke4yf/+wQGJqbt++fLlpKQkq9WalpaWnp5OkuTQ0BDz0TZkCXQmzGrnLH1cVkoHAABYKi5yjDvV1JnVI5AV2vk/W3kmQvZEgit77k7hd5eLYjbdrK/uQY5h/sEBDavuOp1CLBaLVCqtrq7u7Oyk663hSqDjqp0/0c+NAwDwRODj5/yRFdp9fmuau43T3d3t2ymWH+YfHFCw6q5PTk5OT0+/8MILBEFERkY2NjYqlcru7m7WXyVyS6C7We0cWSndy0UBALDGcZFj5HJ5YGDg77//Hh8fTxDEwMAA/3OFkZGRIpGI/iikGB0ddanHkibS6/WsI06n0+FwjI2Nbd26lSAIo9H4zDPP+GpRLNyfyBtOnDjR1NRUWFhoNBrDw8MJgpBIJAKBYHBwcNu2bQRBHDhwID8//9KlSwaDgRoSGhoqkUh6enp27dpFy5mcnLRYLJ999hnVtNlsuBm5VgUAAPASF/f8169fn5OTU1ZWNjY21tfXp1arc3Nz+Yfk5eUVFxf39fVNTEzU1taeOXPGHT2WNFE0B+p4eXn5+Pg4NTwzM9OHi2KBnEgqlTocjsHBQYIgAgICuE/DcHE6nfQF39zcHPP3XXa73WAw1NfXUwmGUjs/P1+lUvX19U1NTV29erW5uTkiIuLatWv0qLKyssLCwnv37o2Pj7///vs///yzTCaTSCTffPPN7Ozs4OCgWq2mOzMVJvBWBQAA8ByXu2kuq6mzbl1wK7S7cz8GORGuJxdc2XPc8KUuink/xp366g6HQygUsv5KnavM9evXk5KSeGzCwuFwnDp1Ki4uTigU7t69u6mpaXh4WCQS0X+ngSyBzlPt3K8F4QEAANaRJLnSac4HjI6O7ty5859//lk9E33wwQcGg+Gnn37CdZifn9+xY8enn3567NixJUkGAAB4Ulhdtf2fJurq6vjvcAQFBTU1Nb388sv0EZVK5Xe1AAAAlhG4jlktE83PzwsEAu6vwgAAAJ5c4DpmtUAX0AQAAHhqeEquYwAAAIBVCNRdBgAAAPwF5BgAAADAX0COAQAAAPwF5BgAAADAX0COAQAAAPwF5BgAAADAX0COAQAAAPwF5BgAAADAX0COAQAAAPwF5BgAAADAX0COAQAAAPwF5BgAAADAX0COAQAAAPwF5BgAAADAX0COAQAAAPzF/wDDC3j2xspu+gAAAABJRU5ErkJggg==) --- **Screenshot:** ![sciencemediacentre.org vulnerability](/twimages/screen-1158594.jpg) **Mirror:** [Click here to view the mirror](<http://1158594.openbounty.org/mirror/>) ### Coordinated Disclosure Timeline Vulnerability Reported:| 11 May, 2020 00:24 GMT ---|--- Vulnerability Verified:| 11 May, 2020 00:30 GMT Website Operator Notified:| 11 May, 2020 00:30 GMT a. Using the ISO 29147 guidelines| ![](/images/done.png) ---|--- b. Using publicly available security contacts| ![](/images/done.png) c. Using Open Bug Bounty notification framework| ![](/images/done.png) d. Using security contacts provided by the researcher| ![](/images/done.png) Public Report Published [without any technical details]:| 11 May, 2020 00:30 GMT