logo
DATABASE RESOURCES PRICING ABOUT US

alfaneon.se Cross Site Scripting vulnerability

Description

Open Bug Bounty ID: OBB-1159011 Following coordinated and responsible vulnerability disclosure guidelines of the **[ISO 29147](<https://www.iso.org/standard/45170.html>)** standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence. Affected Website:| **[alfaneon.se](<http://alfaneon.se>) ** ---|--- Open Bug Bounty Program:| **Create your bounty program now**. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| **[XSS (Cross Site Scripting)](<https://www.owasp.org/index.php/Cross-site_Scripting_\(XSS\)>)** / CWE-79 CVSSv3 Score:| 6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N] Disclosure Standard:| Coordinated Disclosure based on **[ISO 29147](<https://www.iso.org/standard/45170.html>)** guidelines Discovered and Reported by:| **geeknik ** Remediation Guide:| **[OWASP XSS Prevention Cheat Sheet](<https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.md>)** Export Vulnerability Data:| Bugzilla Vulnerability Data JIRA Vulnerability Data [ Configuration ] Mantis Vulnerability Data Splunk Vulnerability Data XML Vulnerability Data [ XSD ] Vulnerable URL: ![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAAA3CAIAAABVZQ1/AAAACXBIWXMAAA7EAAAOxAGVKw4bAAAPU0lEQVR4nO2db0xT1xvHr1hZgcukCAWhhhYXNISgMaRjC8ucGiWMkA6R/WOTbcQRwhZGjMOaMMYWdAzcxpwxy5Ygb/SFMaYhiyNkSxrDNkHsuobVBhh0FRpW/u5OAWvv78XN7+Z67z2nt6WXIn0+r3pOz3nOc/7IY5/bfs8GmqYJAAAAAJCBqHA7AAAAAKxbIMYAAAAAcgExBgAAAJALiDEAAACAXECMAQAAAOQCYgwAAAAgF2sixuh0ut9//x1VXPdE2nwBAIgcwh9j/vjjD5/Pt2vXLtHiuifS5gsAQEThJ8aMj4/Hx8eLvjU/P3/69GlUUTomk6mkpARV9OvPBx98EBMTc/HixSCGXgvg5ysHmD2dnZ196623kpOT09PTP/zwwwcPHgQ3RHCbwjo2Pj6uUqmCGzo4MGvCJehDDgCRC41lbGyMJEkpb2Fa4tHr9T09PagiflCPxxMVFWWxWLxebxBDrwXw85UDzE6VlJS89tprLpfLbrcXFBQ0NDQEYT/oTWEdGxsbS0hICGLolbC4uOi3TdCHHAAiljDnyiYnJx0Ox969e0WLfqEoKjY2dteuXRs3bpTJQ1kJdL6ycv/+/cHBwW+//TY9PX3Hjh1nz569cuVKEHaC3hSFQpGVlcV9sZo88cQTqzwiAEQCkmLMV199pdPptmzZ8sYbb8zPzxMEMT8/r9VqKYrasGHDxYsXucWzZ8/Gx8d//vnnKSkpKpXq6NGj9+/fR1k2mUwHDx7ctGmTsNjf3//MM8/ExMQkJycfOXLk7t27vL7T09NcH0TbMzmQ9vZ2nU6nUqlef/11xn+CIJaWlt555534+PiMjIyPPvro4cOHTP1///337rvvJicnb9u27eOPP2bqMXa49Pf3P/fcc/Hx8enp6YcPH/7zzz8xAwnnK70vZrKnT59OTk7eunXr999/TxDEw4cPT548mZKSEhcXd+TIkenpadSexsTE/P3333FxcUyD4eHhtLQ0giDu3r176NChuLi47du3f/HFF/gsFm9TRBcTtcjp6em3bt1iXvz2229Myx9//BEzHLeB6AKKroBwobi5Mua18ADzzjzeKwAAGPzHGIqiLBZLX1/fzZs3JyYmGhoaCILYvHmz3W4nSXJxcbGiooJbfOmllyiKunnz5sDAwMDAwODgYGtrK8o45mHM4ODgsWPH3G63zWbTaDS1tbW8vlu2bOH6gGpPUZTVamX8dzqdRqORqW9ubr53757Var1+/brZbL5w4QJT//77709MTAwODl6/ft1kMp0/fx5vh0txcXFlZaXT6bxx40ZBQYFSqcQMxJtvQH0xk7Xb7TabrbOzs6CggCCI1tbW3t7e3t5eh8ORlpY2NDSE2lMud+7cOX78eFtbG0EQtbW1Tz75pN1u7+np6ezsZNskCxBuCmoxUfVCKisr9+/fz8QeHv39/fv376+srMQsIGYFeAvFRfQA8848ymEAAB4Bn0obGxsjCGJhYYEp9vX1ZWZmsm+JPo9hujidTqb+6tWreXl5zGun06nVatkuFEWRJDkzMyNa5DI8PJyamooZFNOe6/+NGzdY/5OSkiiKYl5bLBa9Xk/TtNfrJUlydHSUqTeZTPn5+Xg7LDMzMwqFQpjWFx2IN99A+2Imy1tAtVo9ODjIrcHsKYPL5crMzLx8+TKzIEqlkrub7JMSlwDWPrMpqMVE1YtCUVRLS0tiYmJ5ebnD4WAqHQ5HeXl5YmJiS0sLsz6oBcSsAHehuAcJc4DheQwABIrCbxAiSZJNI6Slpc3MzPjtolQqt23bxrzeuXOn0+lku/f19bHNenp69Ho9m3vhFW/fvn3ixImhoaHl5WWfz+fz+fCDotpz/ddoNIz/s7OzHo9Hq9Uy9T6fT6FQEAQxNTW1vLys0+lY55m/OCg7XFQqVVlZWX5+/r59+9LS0vLy8p5//nnUQLz5BtoXM1luLmt+fn5mZiY3N5fnKn5Py8rK6urqXn75ZWZBCILg7ibbLD09XWQbOKAWE7PIQuLi4k6ePFldXf32229nZ2czX3XLzs4uLi4eHR3dvHkz00x0AfErgEn6oQ4wAACB4j/GhJCNGzdu3bqVLeK/tWwwGKqqqi5cuKBUKl0uV2FhId54QO0XFxejoqIGBgbYv9pRUSH4+sOlS5du3bpls9kmJibq6+ufffZZo9GIGog334D6BjTZgJ69T05OWq3WX375xW9LJjnG5Z9//pE+kHRGRkYaGxvNZnNzczNT09zc3NbWVlNT09zcvH37dqZSuIBff/0189Zj+pUQAFgP4D/mCHNTbKpEYq7s2rVrbKqBi9frTUpKYhMmvOLU1JRCoWAbWywWZlzUoNLbs/6TJMlLodDYXBnKDgqLxaLRaDADcecbUF+Jk2VQq9UWi4Vbg5+L1+vlesXLlV27dm2Vc2XV1dUkSdbX13s8Hm69x+Opq6sjSbK6ulrYi11AKStAY3Nl3AMMuTIACJTgYwxFUQqFgk2Rs0Xmn2hZWZnL5bLZbLt3725qamItsBlzs9mck5PD1vOKNE2r1erz58/Pzc05HA6DwcCMu7CwoFAo7HY789sLrnui7TH+V1dX5+fnM//tbW1tbW5uZuqrqqpKSkqcTqfNZtuzZ09HRwfeDjujoaGhwsLCn376yePxOJ3Oqqqq4uJi1EC8+QbUV+JkGVpaWvR6vdVqdblctbW1ZrPZb7zkPdUwGAzc3fQbXLn2RRcTUy+koqJibGwMM1ZFRQVmAaWsAC0WY0QPMO/MAwDgl+BjDE3TTU1NsbGxnZ2d3GJ7eztJkmfOnFGr1QkJCW+++ea9e/eE1o4fP240GllTvCJN02azOS8vT6lUpqam1tfXs+M2NDSwg3INirbHx4a6ujqNRhMbG1tUVMT+t5qiqGPHjiUlJWk0mqamJmEw49rh1i8vLzc1NWVlZUVHR6vV6oqKCrfbjRqIN9+A+kqcLIPX6z1x4kRSUpJSqTQYDB6PB7+nwpDjcrkOHjwYGxubmZnZ1tYWUIwRXUxMfdCgFlDKCtCCGIM6wLTgzAMAgGcDTdOhTb6Nj4/n5OT8+++/+GY7duzo6up6+umnRYvrnsd0vuPj47t3756dnQ23IzIi8QADACCFVX3mz+XOnTuY4ron0uYLAEBkEmYtmQhX9V+bhH0Xwu4AAAChIpwxJsJV/dcmYd+FsDsAAEAICX2MycjIkJjLDkjVP1RIVHFfNTsYwqIkz92FpaWlV199lTvNjIwM7sMYORYhJMdAimOo5ZV+gKW7sfq3FQDAGiGcn2PCEmMeI+bm5lpaWlZ5UHYXlpaWCgsLvV4vpnFGRobH45HJgZUgxbGwLC8ARBphizErVPUH5IC7C263+8CBA4wsJobQSuKH8BisBa3+8N5WAABrAf8xRiiZHpCGPAqMqj9GXV/0ygChAL5fKf7PPvuMZ4eXXeEmNyYnJ1988cX4+HidTtfe3s5Negjt4P0X2ke5ylOS/+abbw4dOsR2P3Xq1NGjR3lLKhxXdKcw0+HuQkZGxqlTp/CbyJ2UqLS+dGV+oQOiBqUI9ROPJqkkCvVLd/Wvv/6Ki4u7ffs2QRDT09Mqlernn38W7SJ6WwEARBT+Y4yoZLpEDXlR+XcGTKIMo64vemWAqAA+RoqfoqiB/4O/eoChtrY2Ojp6eHi4t7e3q6vLrx3pwvWsHaGrPCV5g8FgNpvZ5wQmk6m0tJRnR3Rc4U6hpiPclIAQPSfSlfmFDogalE+oX7qrOp3OaDTW1dURBNHY2FhUVPTCCy8Q2NMOAJEL/ieaopLpEjXkabSkFUbVH6+uL6q4LhTAx0jxo+ygfv3OCHax/rDi9ig7gSqe4V3ldsnPz79y5Qpbz9sU0XGFO4WajnBTRH3gwb6LktaXqMwvdABlUIpQP9cx6UL9Abm6vLy8c+fOpqampKQkVlAAddoBIJLx8xtMlGS6RA15lPw7RtUfI/wuqriOEsDHSPEHpNw+NTXl8/m4/uDtBCRcz+D31gAGg8HQ3d19+PDh7u7uoqIi3vMG1Li8ncJMh7cpAYE6JxKV+YUOiBqUVag/IFc3bdp07ty5AwcOdHR0pKSkMJV+LzsAgAjEf67s0qVL3333XW5u7vLycn19/XvvvYdqKVRQR2UPQviNMlal32KxWCwWq9VqsViCM7XGKS0t/eGHHwiC6O7uFibKVs4Kv9CFOicjIyOMEiVXmd9sNtfU1IyMjGAcQBmUT6hfuqsEQbjd7qioKLfbzdZArgwARAjoUw8jmS5RQ55GZA/wqv4Sc2VcxXWhAD7+SgJROwsLC1FRUdycFTdXxkr/onJlrB2U/yj70m9PoGk6Jyent7c3ISGBtcOCypXxLKCmg7prQGKujAcrrS9dmV/iZQdShPppdK4MI9Qf0CUCc3Nzqamply9fTkxMHBoaYiohVwYAQvzEGFHJdIka8iibflX9Uer6BEJxXSiA7zfGiNrR6/VVVVVut9vhcBQUFLBdysrKDAbD2NiYzWbLzc3lxhhROyjhelH70m9PoGm6sbExNzeXVa2nH9XhF44rulOi0xHuAusPzwJ3RPZdlLS+RGV+oQMog1KE+mlBjJEi1C/dVZqma2pqysvLaZr+9NNP9+7di+oFAICfGCMqmS5RQx5l06+qP0ZdX1RxXSiA7/fDQWtrq9DO8PDwvn37SJLMzs7u6Ohgu7jd7uLiYpIktVrtmTNnuLFB1A5KuF7UfkC3JzBpQLYofGrNG1d0p0SnI9wF0SFQRYy0vkQkXnYgRaiffjTGhFyof2BggCRJ5rPR4uKiVqvt6uoKyAIARA6B5cpCQlZW1q+//ooqolgjVxDa7Xa1Wh2u0SmKUiqVvO9QrQR2OhJ3gUcINyU4B/yyRo4NAEQsYdD2f6xV/S0WS2ZmZrhG7+npKSgoCKHyFTudsO9C2B0AAEAOwnZ/zGPEJ598kpaWVlJSMjo6ajQaGxsbw+LG/Pz8uXPnXnnllRXaCdV0Hjx40NfXp9FoVugPAADrmXB/kJJKGJMeZrN5z5490dHRTz311JdffhkWH2iajo6OLi0tFf4sMVBCNZ3KysrExMSrV6+u0B9ZgVwZAISX0N+1DAAAAAAMYb4HEwAAAFjHQIwBAAAA5AJiDAAAACAXEGMAAAAAuYAYAwAAAMgFxBgAAABALiDGAAAAAHIBMQYAAACQC4gxAAAAgFxAjAEAAADkAmIMAAAAIBcQYwAAAAC5gBgDAAAAyAXEGAAAAEAuIMYAAAAAcvE/pg+mQht9j9oAAAAASUVORK5CYII=) --- **Screenshot:** ![alfaneon.se vulnerability](/twimages/screen-1159011.jpg) **Mirror:** [Click here to view the mirror](<http://1159011.openbounty.org/mirror/>) ### Coordinated Disclosure Timeline Vulnerability Reported:| 11 May, 2020 13:56 GMT ---|--- Vulnerability Verified:| 11 May, 2020 14:07 GMT Website Operator Notified:| 11 May, 2020 14:07 GMT a. Using the ISO 29147 guidelines| ![](/images/done.png) ---|--- b. Using publicly available security contacts| ![](/images/done.png) c. Using Open Bug Bounty notification framework| ![](/images/done.png) d. Using security contacts provided by the researcher| ![](/images/done.png) Public Report Published [without any technical details]:| 11 May, 2020 14:07 GMT