logo
DATABASE RESOURCES PRICING ABOUT US

chirpo.ru Cross Site Scripting vulnerability

Description

Open Bug Bounty ID: OBB-1158754 Following coordinated and responsible vulnerability disclosure guidelines of the **[ISO 29147](<https://www.iso.org/standard/45170.html>)** standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence. Affected Website:| **[chirpo.ru](<http://chirpo.ru>) ** ---|--- Open Bug Bounty Program:| **Create your bounty program now**. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| **[XSS (Cross Site Scripting)](<https://www.owasp.org/index.php/Cross-site_Scripting_\(XSS\)>)** / CWE-79 CVSSv3 Score:| 6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N] Disclosure Standard:| Coordinated Disclosure based on **[ISO 29147](<https://www.iso.org/standard/45170.html>)** guidelines Discovered and Reported by:| **Teamhash ** Remediation Guide:| **[OWASP XSS Prevention Cheat Sheet](<https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.md>)** Export Vulnerability Data:| Bugzilla Vulnerability Data JIRA Vulnerability Data [ Configuration ] Mantis Vulnerability Data Splunk Vulnerability Data XML Vulnerability Data [ XSD ] Vulnerable URL: ![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAAAjCAIAAADNIk3yAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAKl0lEQVR4nO2db0hT3x/H71fnHHJTm/tezMTWHyQiTMpESEJUQkRkhYyUkXsggmIiIqFCIRZLZEH4QHogISIFESIS4gOJGCKybMw1xrqozTXmomXLLjJtdX8PDlz23f2zu+nm5u/zenQ/5557zvvzOefus3vumf5D0zQGAAAAADEg5bAFAAAAAEcWyDEAAABArIAcAwAAAMQKyDEAAABArIAcAwAAAMQKyDEAAABArEiIHHP69OmVlRU+M+lIdv3YkXAhUlZWVtra2g5bRZwI6+zv378bGxu/fv3KaQKAeA4/x3z8+PHv37+XLl3iNJOOZNePHQkXokCr1SqVysNWESfCOpuWliaVSnt6ejhNABBPmByzsbFx7NgxzlM/f/58/PgxnymemZmZ+vp6PlOkGIFTcQbpZ/RsbGwcP34cC1LIlCQsAkMgwAEOgfgQ8UV1d3e3sbFRvJ7v379bLJaurq4o1CYCEd19bGc5w9XV1TU/P89nIpJ6ngPxIfrnGJ/Pp9Pp+EzxiM8xApw6dcrr9UbR+4ETnf6EItld2N3drampCQQC4i+hKCojIyM9PT12qmJKRHdfiLN84ZLL5RRF8ZkAIJJDXivb3NwkSbKiooLTjIhE+IBg9EskksLCQgzDBA4Sk/0MQfzhjKrH46murtbr9YcqLWnYT7iSd54D8YMWxOFw4Dj+9OlTpVIpl8s1Go3P56Np2ufzMS2Mj48Hm0+ePMFxfHh4mCCI7OzsO3fu7Ozs8LX/7NkztVrNaQYCgd7eXoIgMjIyGhoavF4vnxhGJ3Og0+kUCkVubu7Y2Bgq4dRDUVRra6tCocjPzx8YGAgEApzus1sLrpCdnc3nTljm5ubE1zEajeXl5TiO5+Xl3bp1y2azqdXqR48eMTXLysrGx8dpmna73bW1tTiOK5VKvV4frDCsjGAXOOODIqDX65VKZXZ2dlNTExqFkMjwxdZoNJaVlclkMoVC0dDQ4HK5ULnL5bpx4waO44WFhTqdLqzmsIToEQ51SOUoOmJPMPbkobnCEhzPjIwMtVrt9Xp7enoUCoVcLtdqtRRFCXcUcjNGGhm+QvZUjzpEYuY5cFQJ/xxDUZTZbF5cXDQajW63u7e3F8OwrKwsu92O47jf79doNMHmzZs3KYoyGo3Ly8vLy8smk2l4eJivcYGFsuHh4fn5+fn5eZIk8/LybDYbnxi2YLvdbrVax8fHy8vLUQmnns7OTrfbbTKZ5ubmZmZmRkdHxbQmQKSrTFqttqqq6sOHD5xn379/X1VVpdVqkVlXV6fVap1O58LCQnl5uUwmU6vV09PT6Ozm5qbZbFapVBiGdXR0SKXS1dXV+fn5iYkJAQEhXYS4wBcfiqIsFgsaBafT2d/fz26Z71qTydTa2urxeKxWa35+fkdHByrv6OjIzMy02Wyzs7MvXrxgN/gvCwG/2AiHWiR8GvgmGHvycIYFzeqFhQWz2ex2u8+fP+/1ei0Wy9LSksPhCA4vZ0chN+N+HIwRBxJ8IFkRTkEOhwPDsO3tbWQuLi6eOXOGOcX5NQdd4nQ6UfnU1FRJSQk6djqdSqWSuYSiKBzHt7a2OE2CIEwmU6RiUB2mEQE9gUAAx/H19XVUPjMzU1ZWxul+SGt8zzEh+sVAUZROp5PL5Wq1miRJppwkSbVaLZfLdTod+hq7tbUlkUj8fn/w5Ts7O5mZmci10dHR+vp65JdMJmP8mpqa4nwmYHcR4gJffEJGYWFhAY1CcGTExJam6dXV1dzcXEZz8BixNbtYCMeW/VzFGWrOynxwauCbYOzJwxkWVI15Il9YWEhJSWEetRcXF8+dO8eI5LuzInrIiP9zjHDwgaONqLWyYJO5+QVyjEwmY8ptNhtBEOg4EAi43W7m1NTUVGVlJafp8/kkEknI4pUYMZy3Cqcet9stlUqZcpIk0eedQI/CGkLcEc/W1pZKpZJIJEyJRCJRqVTM5w7i9u3bxcXF3d3der3+3bt3TOHIyAhN09XV1ZOTk2y/bDYbZ47h7CLYBb748EUguFwgtiaTqbq6Oi8vD60FoWvdbnfIGB34WhmCHWqByuI74pxg7DY5wyK8+hoyyfnurATPMQi+4ANHm7i+809NTT1x4gRjht1RlpqaGj9x+ya67Vhra2sdHR0Gg2FwcJApHBwcNBgM7e3ta2trTOHLly/HxsaKior29va6u7vv3r2LYRhaLvvx44fRaIyod84u4rCjTKVSXb9+3WAwmM3m2dlZ8Rfuc60M4wl1ROxfw/8t+w8+kKTEJMf4/f4vX76gY5IkCwoK2HX+/Pnz5s0b5hMtxMzKypLL5Qf1U3NOPQRBSKXSz58/o3K73S7mJ3hyuXxnZ+fXr1/IdLlcnPpF0tbWVlxcnJubS5JkX18fU97X10eSJEEQxcXFwb/HvnLlSnNzc19f3/Pnz9GbmNraWrPZPDExUV1djX6XQBBESkrKxsYG4xdn1+wuQlyILj7C13779s3tdt+/f//s2bMnT56UyWRMfQzDgseI3aaZhUgxCL5QRwSfBjETHttfSCPqKNE4kOADyYrwY47w6weJRMKsrjImWjVGW4asVmtxcfHAwADTAvNGwWAwXLx4kSkPMWma1ul0paWlFovF5XKhb0BRr5Xx6Wlpaamvr3c6nVar9fLly2jRKVgk5/pAaWlpS0uLx+MhSbK8vBxpYOsXg0ajcTgcAhUcDodGo6Fp2maz1dTUvH371uv1Op3OlpaWuro6VKepqSkzM/PVq1fMVQ0NDSqVyuFwWK3WoqIi4XUnpgu2C5zx4RuF7e1tiURit9vRCidfbAmCGB0d9fl8JEmqVCpGm0qlCh6jA18rEw610+kMXoaKtCPOCcY5edhhiWitjG8mh9yMwnA6y1a7uroarCTEjIiw8xw4wkSfY2iaHhgYyMjIYLZLIhPtXR4aGmLvFQ5uraenp7+/n2kqxKRpOhAI3Lt3T6FQyGQylUrF7F3mFCOcY/j0COzN5XQfsbq6WllZieP4hQsXRkZGkAa2/oNlb29vYGCgsLBQKpUSBKHRaDweDzo1PT2N43jwBnGPx1NXV4f2Lg8NDYn8aGC7EDY+9H9Hobe3l5kPfHuXDQZDSUmJTCbLzc3t7u5mrg3euyxmv3VYInp/4Pf7ZTJZdK+j+SYYpwC+vcvBrQnkGL6ZTP/37ovCWbba169fFxUV8ZkAIJIwOSYKRN7bhYWFS0tLfGb89eyT2OnfJ3a7nXkzLEzCuhAfOjs7o9uyEZ8JJrIjkWLCOuv3+5VKJfpND9sEAPFIDmuN7tOnTwJm0pGw+s1m85kzZ8TUTFgX4oNer4/0HU9iIuYdT1hn09PTJycnr127xmkCgHgOLccAsePhw4d5eXn19fXr6+v9/f0PHjw4bEVJQFpa2tWrVzEM49sttr6+niB/d1UAHMeZn+UKO4KcFSAko0CCAaIDcswRpKKioqurq729vaCgoLOzs7m5+bAVJRN8X/ATP8FgGJaTk5OTk4OOk9oR4MjwD03Th60BAAAAOJoc/v8oAwAAAI4qkGMAAACAWAE5BgAAAIgVkGMAAACAWAE5BgAAAIgVkGMAAACAWAE5BgAAAIgVkGMAAACAWAE5BgAAAIgVkGMAAACAWPE/GH6cCVRl+R0AAAAASUVORK5CYII=) --- **Screenshot:** ![chirpo.ru vulnerability](/twimages/screen-1158754.jpg) **Mirror:** [Click here to view the mirror](<http://1158754.openbounty.org/mirror/>) ### Coordinated Disclosure Timeline Vulnerability Reported:| 11 May, 2020 06:24 GMT ---|--- Vulnerability Verified:| 11 May, 2020 06:36 GMT Website Operator Notified:| 11 May, 2020 06:36 GMT a. Using the ISO 29147 guidelines| ![](/images/done.png) ---|--- b. Using publicly available security contacts| ![](/images/done.png) c. Using Open Bug Bounty notification framework| ![](/images/done.png) d. Using security contacts provided by the researcher| ![](/images/done.png) Public Report Published [without any technical details]:| 11 May, 2020 06:36 GMT