logo
DATABASE RESOURCES PRICING ABOUT US

akademshina.ru Cross Site Scripting vulnerability

Description

Open Bug Bounty ID: OBB-1159008 Following coordinated and responsible vulnerability disclosure guidelines of the **[ISO 29147](<https://www.iso.org/standard/45170.html>)** standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence. Affected Website:| **[akademshina.ru](<http://akademshina.ru>) ** ---|--- Open Bug Bounty Program:| **Create your bounty program now**. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| **[XSS (Cross Site Scripting)](<https://www.owasp.org/index.php/Cross-site_Scripting_\(XSS\)>)** / CWE-79 CVSSv3 Score:| 6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N] Disclosure Standard:| Coordinated Disclosure based on **[ISO 29147](<https://www.iso.org/standard/45170.html>)** guidelines Discovered and Reported by:| **geeknik ** Remediation Guide:| **[OWASP XSS Prevention Cheat Sheet](<https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.md>)** Export Vulnerability Data:| Bugzilla Vulnerability Data JIRA Vulnerability Data [ Configuration ] Mantis Vulnerability Data Splunk Vulnerability Data XML Vulnerability Data [ XSD ] Vulnerable URL: ![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAAA3CAIAAABVZQ1/AAAACXBIWXMAAA7EAAAOxAGVKw4bAAAPeklEQVR4nO2db0xT1xvHr1hZgVvlXwtCDZQYIITgYghjCTqnRg0jpEPELWMTN+IIYYYR5xQSxtiCjInZiDPL4hLlxcYLQwwhhhniko4Qpgzvuo5hg6x0CA0pSF1FqJX7e3Gzm/u795zTW2i5qM/nVc/tOc95znPOfNan5XvWsSxLAQAAAEAQCFHaAQAAAOCZBXIMAAAAECwgxwAAAADBAnIMAAAAECwgxwAAAADBAnIMAAAAECzWRI4xGAy///47rgksG4gkAADKonyO+eOPP5aWlrZt24ZsAssGIgkAgOL4yDHj4+MajQb5lsvlOnPmDK4pn66ursLCQlxTvj8+GR8fj4qKWt5YOcZxjq3E55UgjOT9+/ePHj2q1WoTExM//vjjx48f+2vtww8/DAsLu3z5sl+j+LUHNfg+Zyew7HMLAIAclv85Zm5urqmpCdeUj1855mkkKSnJ6XSu/rzCSJaVlXk8HoZhbty40d/fX19f75epmZmZtra2gYGB0tLSIHgaLOREftnnFgAAOShcK5uamrJarbt27UI2nxleeOGFVZ5RGMlHjx4NDQ199913iYmJaWlp586du3Llil/W3G53eHj4tm3b1q9f79dAlUqVmpoqfLHKrH7kAQAQIivHfP311waDISYm5u2333a5XBRFuVyu5ORkt9u9bt26y5cvC5vnzp3TaDRffvllXFxcVFTUkSNHHj16hLPc1dW1b9++DRs2SJu3bt16+eWXw8LCtFrtoUOH7t27Jxr7559/xsTE/PLLL1wT2f/evXv79+/XaDRpaWk//PADP3ZxcfG9997TaDRJSUmffPLJkydPqP9KK62trQaDISIi4vDhwzMzMx999JFWq42JiTl69OjDhw/5uXbs2KHRaBITEw8ePPjXX3/hAkX9f72Itx8VFfXWW2/xfXyulxt75swZrVa7efPm77//XlQIEhWjhJEMCwv7559/IiIiuLdGR0cTEhIIqxAxMzMj3GuKoh4+fPj+++9rtdotW7Z8+umnXPSQDxMTE3/77Tfuxa+//soZ/Omnn9CnQQDfB+nkkydPTp8+HRcXFxERcejQoZmZGXKIuBfSMyk6xj69AgDAX3znGLfbzTBMf3//zZs3JycnT506RVHUpk2bRkZGaJpeWFgoLS0VNl9//XW3233z5s3BwcHBwcGhoaGWlhaccUKhbGho6NixYw6Hw2Kx6PX6qqoq4UCXy1VUVNTc3Lxjxw5C/6qqqo0bNw4PD1+7dk2YYxobG+fn581mc09Pj8lk+vbbb4WL7evrYxhmcnIyPT3d6XSazeaBgQGbzVZbW8t1KygoKCsrs9vtfX19eXl5arUaFyhpMM1mM9fHbrfzBn2ulxs7MjJisVguXbqUl5dH3DRsyfHOnTsnTpw4e/YsbhVaCTExMcK9pijq+PHjk5OTQ0NDPT09XV1dFy5cwD1EUlZWtmfPHi73SLl169aePXvKysq4JtLJlpaW3t7e3t5eq9WakJAwPDzsM0TIMyk6xuSQAgCwHFgiNpuNoqgHDx5wzf7+/pSUFP4tmqaFPbkmN8Rut3PPOzs7s7Ozudd2uz05OZkf4na7aZqenZ1FNoWMjo7Gx8cLZ8nPz6+srMS5zfX3er1qtVroSWRkJPc6NjbW7XZzrxmGycnJ4T2fm5vjnvf19YWEhMzPz/Nr37p1K8uys7OzKpVqYWHB30CJ+vT19fF9cOsV2RcGRxp/fnW4SE5MTKSkpHR0dOBWwfURIZrL6/XSND02NsY1u7q6cnNzkQ+RS+Pca2pqio6OLikpsVqt/HOr1VpSUhIdHd3U1MTtDs5JnU43NDQkekgIEeFMisIIAEBgUflMQjRN8zWZhISE2dlZn0PUavWWLVu41+np6Xa7nR/e39/Pd7t+/XpOTg5f4RE1b9++ffLkyeHhYY/Hs7S0tLS0xA+sq6vr6em5ePGicFJp/+npaYqihJ5wL+7fv+90OpOTk7nm0tKSSqXiF7tp0ybutV6v37hxY1hYGO889wVyVFRUcXFxbm7u7t27ExISsrOzX3nlFZmBEvbR6/XCPoT18mNl/jRLFEme4uLi6urqw4cPE1aRmJhINj49Pe3xeAwGA9dMT0+32WzIhzgLERERp0+frqioePfddzMyMvgfuWVkZBQUFIyNjfFbgHTS5XLNzs5mZWVJLRNChDuTAAAElVX9zn/9+vWbN2/mm+RflBmNxp07d5pMJoZhrl27xj+fn5/v7Ozs6Og4deqU8PsMXH8pCwsLISEhg4ODDMMwDGM2mxmG8WshP/7448WLF7OysjweT01NzQcffODXcCTy/fcJslA2NTVlNpuFriJXIa2VrcQTHHfv3q2qqjKZTI2NjfzDxsZGk8lUWVl59+5dspMURfn76wMAAJSB/DGHUJCRWSu7evUqX5cQ4vV6Y2Nj+eqKqDk9Pa1SqfjODMNw89psNpVKNTw8zLJsQUFBVVUVob+oVnb16lXeeZqmkcUW3GKlTeFcer1eTqAIfXDrxfnGsuyDBw9CQkKElTduiCiSPF6vV/pQtAp2VWplFRUVNE3X1NQ4nU7RW06ns7q6mqbpiooKgpM6nY5hGNG70hDJOZNQKwOAoLL8HON2u1UqFV9P55vcf8/FxcUTExMWi+XFF19saGjgLfC1dZPJlJmZyT8XNVmW1el0Fy5cmJubs1qtRqORzzG8PyMjI2q12mw2E/objUahJ7zzFRUVubm5FotlcnKypaWlsbGRvFhhc3h4+MCBAzdu3HA6nXa7vby8vKCgYIU5Buc/Hy7kP4U5OTnl5eUOh8Nqtebl5XFDpJGUBh+3CuQo6ezl5eWFhYV2u91isWzfvr2trQ33EElpaanNZsO9y01XWlpKcLKpqSknJ8dsNk9MTHCfh5AhEuUY5JkUHWMAAALL8nMMy7INDQ3h4eGXLl0SNltbW2mabm5u1ul0kZGR77zzDv+1udDaiRMnamtreVOiJsuyJpMpOztbrVbHx8fX1NRIcwzLssePH9+5cyeh/8TExL59+2iaTk1NPXv2LO/8wsJCdXW1Xq8PDw/Pz8/n/gdcZo7xeDwNDQ2pqamhoaE6na60tNThcKw8x0j9F/ZH5pjR0dHdu3fTNJ2RkdHW1sZZk0YSOR1yFdJRyNndbvexY8diY2P1en1DQ4PX68U9XCE4J71e78mTJ2NjY9VqtdFo5D4PkXMM7kyykmMMAEAAWceybGCLb+Pj45mZmf/++y+5W1paWnt7+0svvYRsAssGIilF5pkEACDg+P5dWZC4c+cOoQksG4gkAABrB4W1ZEDVfw2i+C4o7gAAAIFCyRwDqv5rEMV3QXEHAAAIIIHPMUlJSTIL34ooLgdKaX8VFPsVkZ0X7sLi4uKbb75JWGYwghCQYyByDHkmVyG8yl5tAABrASU/xzzzqv4rRBHZeX4XFhcXDxw44PV6CZ2DcW1BQI4BqPoDwBpBsRzznKj6P10Id8HhcOzdu5dTzyQQWPH8AB6DtaDqr/jVBgCgOL5zjFRcXSqiTmHk1gkQVP2RKvE4eXYKJdRPVtGnKOqLL74Q2SFI5U9NTb322msajcZgMLS2tgqLHlI7ZP+l9nGuimTnv/nmm/379/PD6+rqjhw5IgqpdF7kThGWI9yFpKSkuro68iYKF4UU4fcp4y/qILrcQY6qP3KNy1D1l+/q33//HRERcfv2bYqiZmZmoqKifv75Z+QQ5NUGAPBc4TvH4HTsRSLqSLl1gvgVoVCGU4nHXRmAFOonqOi73e7B/yBfPcBRVVUVGho6Ojra29vb3t7u0458lXvejtRVkey80Wg0mUz8lwpdXV1FRUUiO8h5pTuFW450U/wCeU4IMv4iDX+pA/JV/cm3HshU9ZfvqsFgqK2tra6upiiqvr4+Pz//1VdfpVZL6g0AnjLIf6JJ0LEXSccj5daR4lcsUdUfp3xFkGeXCvUTVPRxdnB/hM+JnvH+8BcE4OwQ/EfaJ7sqHJKbm3vlyhX+uWhTkPNKdwq3HOmmIH0Qwb+LE+FHyvhLNfylDshX9UeexmWo+vvlqsfjSU9Pb2hoiI2N5fURcKcdAJ5nfPwNJkHHXlhjwcmt44TiCar+BJV4pDw7TqifoKLvl8z79PT00tKS0B+yHb9U7jkIrgoxGo3d3d0HDx7s7u7Oz88Xfd+Am1e0U4Tl4G4EkAPunCBl/KUa/lIH/FL1J996IHO7/XJ1w4YN58+f37t3b1tbW1xcHPfQ57UIAPAc4rtWJl/HXiq3jqseBPAXZSsX6n9aKCoq4jT/u7u7pYWylbPCH3ThzolUxh+p4S91YPVV/eW7SlGUw+EICQlxOBz8E6iVAQACvz71IHXsOZBy68jqAVnVX2atTCjPLhXqJytUIu0QpPLVajWvE4yrlfF2cP7j7Mu/PYFl2czMzN7e3sjISN4OD65WJrKAWw7uRgCZtTIRvAg/TsZfquGPc0BkUHrMkD4sQ9Vfvqssy87NzcXHx3d0dERHR3M3TbBQKwMAFD5yjBwdew6k3DoSn6r+SJV4gjy7VKjfZ45B2kFK5bMsW1xcbDQabTabxWLJysoS5hikHZzKPdK+/NsTWJatr6/PysoSivALv7GQzovcKeRycDcCSC0IZ+TfxYnwk2X8eQ1/qQPyVf3l5Bg5qv7yXWVZtrKysqSkhGXZzz//fNeuXbhRAAD4yDFydOw5kHLrSHyq+iNV4gny7FKhfp8fDlpaWqR2kFL5LMs6HI6CggKappOTk5ubm4W5AWkHp3KPtO/X7QlcGZBv+pTcR+4UcjmEGwGQN9GJmn7dFIBE5IB8VX+fOSbgqv6Dg4M0TXOfjRYWFpKTk9vb2/2yAADPD/7VygJCamrqwMAAroljjdxXODIyotPplJrd7Xar1WrRb6hWAr8cmbsgIoCbsjwHfLJGjg0APLcooO3/VKv6MwyTkpKi1OzXr1/Py8sLoPIVvxzFd0FxBwAACAaK3R/zFPHZZ58lJCQUFhaOjY3V1tbW19cr4obL5Tp//vwbb7yxQjuBWs7jx4/7+/v1ev0K/QEA4FlG6Q9SclGw6GEymbZv3x4aGrp169avvvpKER9Ylg0NDS0qKpL+WaK/BGo5ZWVl0dHRnZ2dK/QnqECtDACUJfB3LQMAAAAAh8L3YAIAAADPMJBjAAAAgGABOQYAAAAIFpBjAAAAgGABOQYAAAAIFpBjAAAAgGABOQYAAAAIFpBjAAAAgGABOQYAAAAIFpBjAAAAgGABOQYAAAAIFpBjAAAAgGABOQYAAAAIFpBjAAAAgGABOQYAAAAIFv8Dgrd8gSojddQAAAAASUVORK5CYII=) --- **Screenshot:** ![akademshina.ru vulnerability](/twimages/screen-1159008.jpg) **Mirror:** [Click here to view the mirror](<http://1159008.openbounty.org/mirror/>) ### Coordinated Disclosure Timeline Vulnerability Reported:| 11 May, 2020 13:55 GMT ---|--- Vulnerability Verified:| 11 May, 2020 14:01 GMT Website Operator Notified:| 11 May, 2020 14:01 GMT a. Using the ISO 29147 guidelines| ![](/images/done.png) ---|--- b. Using publicly available security contacts| ![](/images/done.png) c. Using Open Bug Bounty notification framework| ![](/images/done.png) d. Using security contacts provided by the researcher| ![](/images/done.png) Public Report Published [without any technical details]:| 11 May, 2020 14:01 GMT