Open Bug Bounty ID: OBB-1158685
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:
      a. verified the vulnerability and confirmed its existence;
      b. notified the website operator about its existence.
Affected Website: |
capribyfraser.com |
Open Bug Bounty Program: |
Create your bounty program now. It’s open and free. |
Vulnerable Application: |
Custom Code |
Vulnerability Type: |
XSS (Cross Site Scripting) / CWE-79 |
CVSSv3 Score: |
6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N] |
Disclosure Standard: |
Coordinated Disclosure based on ISO 29147 guidelines |
Discovered and Reported by: |
Teamhash |
Remediation Guide: |
OWASP XSS Prevention Cheat Sheet |
Export Vulnerability Data: |
Bugzilla Vulnerability Data |
JIRA Vulnerability Data [ Configuration ] |
|
Mantis Vulnerability Data |
|
Splunk Vulnerability Data |
|
XML Vulnerability Data [ XSD ] |
|
Vulnerable URL:
![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAAA3CAIAAABVZQ1/AAAACXBIWXMAAA7EAAAOxAGVKw4bAAAPQElEQVR4nO2df0gb5xvAr5qlabypjfFmbVq1KyJDbBARYTLKKkVEJBPJrIQ224qzxTkXXHGuiHMjFacgUqR/WLCbbDBGERFxIysjiFjn5OoycZm6NHWp66KL7dVFl/W+f7zsuO/9yhmTGtPn89c9d+/7vM/z3Js8ed97780+mqYxAAAAAIgAcbttAAAAABCzQI4BAAAAIgXkGAAAACBSQI4BAAAAIgXkGAAAACBSQI4BAAAAIkX05pisrKw7d+6IiUAssfObG5PdIyadAp41ojTH/PTTT0+ePDlx4oSgCMQSO7+5Mdk9YtIp4BkkSI65e/fu888/L3hpfX39ypUrYuIOGR4erqioEBP3Lkw8JQIrxnvvvXfgwIEbN25ExrRdY+c3F2lgx/bgwYPY/0db7EzUElpYQuhXYnpkxkcspJubm2fOnAmLMcCeJvRxjM/ns1qtYuIOidUck5GR4fV6Q6i4urra29s7OTlpMpnCbtXuEq4cEy57ooQ97dTm5mZpaWkgENhtQ4DdJxrnyu7fv+90Ok+ePCko7nX2798fQi2KotRq9YkTJ+Lj48Nu0i6y85vLaFAoFNnZ2RiGbesgOtlDfV4wpCsrKyUlJV1dXbtqGhAd0JK4XC4cx3t6ejIzMzUajclk8vl8NE37fD5Gw8DAAFvs7u7Gcbyzs5MgiOTk5LNnz25sbCBtU1NTxcXFOI6np6dXVlbOzc0JNnrt2jWj0cgXDQZDZ2cnOkmSpFKpRMbQNF1bW9vU1CRd4Pjx49LVOWYEAoHm5maCINRqdVVVldfrRS4UFRWpVCqtVltVVbW8vMxEie8yOm+1WrVabVpaWn9/PzrDXOro6OBUuXr16unTpxkbWlpazp49yx76DAwM8NWKGSYWcL/f/+abb+I4fvTo0dbW1kAgIKgzaDRomqYoqra2VqvV6nS6trY2RlVXV1dmZqZarTYajV6vt6mpSavVajQas9lMUZTYvRYzDGlLTk6uqalh7pqghhAYGxuTX4AfUqPR+MknnzAFioqKBgYGaJr2eDxlZWU4jmdmZnZ1dSUnJ8u3ge2UdIQ5MWE6mFhdxgt+b1leXj59+jSO49nZ2VarVdpgOXCM4bsJPAsEH8dQFEWS5MTExNTUlMfjaW5uxjAsKSlpfn4ex3G/328ymdjia6+9RlHU1NTU9PT09PT0zMxMZ2cnUlVeXm42m91u9/j4eHFxsUqlEmxRbKKsvLzcZrOhkyMjI0+ePBkbG0OizWYrKyuTLmAwGKSrc8zo7Oy02Ww2m83pdKanp8/NzWEYNjMzU1tbu7Ky4nA4dDpdfX09EyVBlymKmp+fdzgcAwMDxcXFnMBO/wdTxWAw2O32R48eMb5XVlampKSwoy2oVtAwsYC3t7dvbGzMzs6OjY3Z7fZr165JmyoWDQzDGhoaPB7PzMzM2NjY8PBwX18f02fGx8dJkvR4PDk5OV6vd3Z2dnJy0uVytbS0iN1rMcNmZ2dRD3S73ezqfA0hYDabT5069eOPP/Iv/fDDD6dOnTKbzcwZfkiNRuPQ0BC6ev/+fZIkDQYDhmH19fVKpXJhYcFms3322WdirfOb4DglFmGJmDAI1sVEekt9fX1iYuLc3Nzo6OgXX3whqDCVh5hfgkiEGohZpFOQy+XCMOzhw4dInJiYOHbsGHOJ/SOF/QsdwzC3243O37x5s6CggKbptbU1hULh9/v5rbjd7szMTHRMURSO42tra3zR4/Go1WqkobCw0GKx1NTUoBYTExO3trakC7jdbunqHKsIgpiZmZEIzsLCQlpamoTL6Dzji5wo0TRdVFT09ddfM4WRwexo89UKGiYRcK1WywwmSJIsLCwMqlMwGoFAAMfxpaUlJA4PDxcVFSFVzC/r8fHxuLg4Ziw7MTFx/PhxdMy51xKGMT1wfHyc6YGCGkKAoiir1arRaIxGo9PpRCedTqfRaNRoNFarlTFJMKQbGxuod9E03dfXV1FRgSKjUqmYyNy8eZM/LBBsguOURIQFY8LuJ4J1+e6j3oIMZndIwXHMMg+JwPLHMYKhBmIbWXNlbJHpeRI5RqVSMefn5uYIgkDH1dXVer3eYrF0dXV9//33TJlAIODxeNDxzZs3X331VeYSR9Tr9bdu3VpZWdHpdD6fjyCIQCDQ399fWVkpp0DQ6gw+n0+hUDBzCwwzMzMlJSXp6elo5gdFQ8xl/mdMTpQ6OjrMZjNN01evXmUmTDg5hqNWzDDBgK+trWEYpv0PjUZDEISgzqDR8Hg8SqWSEZ1OZ1pamkSf4YicmyvHMI42joadsLa2ZjAYFAoFEhUKhcFg4MzL0SIhra6u7u3tpWm6pKRkcHCQ5kVmbm6O/5Ut1gTbqe1GmH1JsC465vcWj8fD6ZCRmCtDcEINxDZP9Zn/l19+2d/fn5eXt7W1ZbFY3nnnHXQ+Pj7+0KFD6Fh6RVlZWZnNZhsZGSkvL09KStLr9Xa7nT3TJV0gaHUO/AfsBoPhlVdesdvtJEmOjo6GKTD/R2VlJdI8MjJSWVkps5agYYIB9/v9cXFx09PTJEmSJDk7O0uSpJwmwr7cgHNzQzAsXIuvFhcX6+vr7XZ7e3s7OtPe3m632y9evLi4uMguKRhSNF32119/TU1NybdHrImnsKIs5G68w7kyTCjUQIwjnYJCG8dgrFmgoaEhZhaIDUmSOp2OczIQCGi1WmZ0zxFpmp6YmCgsLKyoqBgdHaVpuq+vr6GhIS0tjRkGSRcIWp0NQRAkSbLPPHjwgP3jiyRJZhwj6LL0OEYiSrm5uTabLTk5mZkPkR7HiBnGhh1wHMc5E1/S4xjBaNDiMzlyxjH8myvHMLY2QQ0hUFdXh+O4xWJhFjIgvF5vY2MjjuN1dXWCFZmQ+v1+jUbT09PDDIjR1JPL5UKi2NQTvwn+R2BbEZYzVybYWzhzZUNDQ5GYKxMLNRDDhJ5jKIpSKBTMpCojom9PtFjF4XDo9fq2tjaapufm5kpLS2/duuX1et1u9/nz58vLyxnNaI7bbrfn5uYyJzkigiAIgiBQ+eXl5cTERL1eL7+A9FX2VLvVai0sLJydnV1eXka/vFD1vr4+n8/ndDoNBgM7x/BdDppj+FUQra2teXl57PgEnSvjGyYR8Lq6uqKiIofD4fF4Ojs729vbBXUGjQZN0+fPn6+oqHC73Q6HIz8/v7e3V2aOEby5QQ1jaxPUEAImk4lJBnxcLpfJZELHEiGtqalJTEz86quvmIpVVVUGg8Hlcjkcjry8PImpJ3YTfKe2FeGHDx8qFIr5+Xk0scmvi4oJdmODwcDukJGYK5MONRCThJ5jaJpua2tTq9VopSYjorXL/FW5W1tbbW1t2dnZSqWSIAiTybSyssJppampqaWlhdHPERE1NTVVVVWMWFBQwCkjXUDiKsfZQCBw6dIlrVarUqkMBgP65WW32wsKClQqVVpamsViYXKMoMvSOUZshTdN02iOiAksLSPH8A2TCLjf729sbNTpdGq1uqysbGlpScJUiWjQ4itr2XoEc4zgzQ1qGFuboIaIIhHSoaEhHMfZN3FlZaW8vBytXe7o6JD5lc13arsRbm5uZj6VYmuXBbsxe+1y0MXWcgg6OAaeBYLkmBDYScfKzs6enJwUE6OWsH+WKIpSqVQ7XC4V5ez85u6V7kHT9Pz8PLOmQ5o95BQAyEGxKw+BxPjll18kxGeHb7/9tri4OMo31NohO7+5e6h7kCR57NgxOSX3kFMAIIfg68ru3Llz4cKFp2BKNCDt7D///HPmzJk//vhDUAwX6+vraNVyeNUCT5mPP/74+vXrf/755+3bt1taWurq6nbbIgDYBYLnGLPZnJmZGXlLogJpZ5977jmlUtnU1CQohgvmCU141QJPmZMnT/b19el0OpPJ1NDQcO7cud22CAB2A+mpNK/XGxcXJ/iuePSDtoKWX57vrN/vr66uZj9rmZmZYV5k44sI9oN99qIAmvd4FgAAILYJMo5B2/2GtlXwrrPdvxvgOCu4P7lGo6EoSkwEAAAA2ETj3v5RQsj7k+/dLeUBAADCS6RyDPp3vE8//fSFF144ePDguXPn/v77b+b8lStXUlNTDx06dP36dQzDHj9+/Pbbb6emph45cuSjjz76999/mZLd3d1ZWVkJCQmvv/766urq+++/n5qampKS8sYbbzx+/FiiofX19czMTIqi9u3bF9p/R2ZkZHz44YchVDx8+DDaWfbw4cO3b98WPINh2DfffBOCcgAAgD1EeHKM4C5G8re7F9uBXOYW8YINcf59ICxuhhfY5xwAgNhH+nGNzLcL+bsYyd/uXmxXJZlbxEtskr/dVyMFy4ttyxZaE2xgn3MAAGKe8IxjDvPAMEylUh05cgQVyMnJcbvd6BjHcfbbhQ8ePNja2srKymJKorSBSiYlJaFjnU6XmJh44MABJKanpzP/DinWUJSTkJDwwQcfLCwsbG1tvfTSS7ttDgAAQPgJz3v+/C2+p6enw6I5tllcXGxtbYV9zgEAiFXCk2P4//MRCAT8fv+9e/fQCMPpdB49elSwLkEQSqXyt99+Q0OZ+fn57b7yKbOhaOPChQuDg4O1tbVOpzMlJWW3zQEAAAg/QebK4uLiOC+ICCI4V4ZhmMVi+f3333/++ee2trby8nLBuvHx8dXV1Y2Njffu3UMla2pqtuuGYENardbv9//6668ylchxNhAIKBQKMXFbUBTlcDi6u7shwQAAEKsEyTEEQWAYJv9rmg2O4wUFBfn5+cXFxXl5eZcuXRIr2dPTk5aWlp+fX1paWlFRcfHixbA0lJCQcPnyZb1ef+PGDbTEWVqPHGdJkmSPkzjitvj8888zMjJCqwsAALAn2EfTtHSJd9991+FwfPfdd9vSe/fu3dzc3EePHu3AtnA2JLOYtLObm5s5OTmXL19+6623+CIAAADAIfg8T1dXl8z/e49y5DzmkXZ2//79g4ODL7/8sqAIAAAAcAg+jmHgLx5DLC0t8aehom0cs7q66vP5XnzxRWybjgAAAAAhs43n1WI/8PfE93JKSgrzaH1POwIAALCH2MY4BgAAAAC2Bey7DAAAAEQKyDEAAABApIAcAwAAAEQKyDEAAABApIAcAwAAAEQKyDEAAABApIAcAwAAAEQKyDEAAABApIAcAwAAAEQKyDEAAABApIAcAwAAAEQKyDEAAABApIAcAwAAAEQKyDEAAABApIAcAwAAAESK/wHfxemCtiWFtAAAAABJRU5ErkJggg==)
Screenshot: ![capribyfraser.com vulnerability](/twimages/screen-1158685.jpg)
Mirror: Click here to view the mirror
Coordinated Disclosure Timeline
Vulnerability Reported: |
11 May, 2020 03:49 GMT |
Vulnerability Verified: |
11 May, 2020 04:03 GMT |
Website Operator Notified: |
11 May, 2020 04:03 GMT |
a. Using the ISO 29147 guidelines |
![](/images/done.png) |
— |
— |
b. Using publicly available security contacts |
![](/images/done.png) |
c. Using Open Bug Bounty notification framework |
![](/images/done.png) |
d. Using security contacts provided by the researcher |
![](/images/done.png) |
Public Report Published |
|
[without any technical details]: |
11 May, 2020 04:03 GMT |