logo
DATABASE RESOURCES PRICING ABOUT US

gudok-samara.ru Cross Site Scripting vulnerability

Description

Open Bug Bounty ID: OBB-1159023 Following coordinated and responsible vulnerability disclosure guidelines of the **[ISO 29147](<https://www.iso.org/standard/45170.html>)** standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence. Affected Website:| **[gudok-samara.ru](<http://gudok-samara.ru>) ** ---|--- Open Bug Bounty Program:| **Create your bounty program now**. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| **[XSS (Cross Site Scripting)](<https://www.owasp.org/index.php/Cross-site_Scripting_\(XSS\)>)** / CWE-79 CVSSv3 Score:| 6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N] Disclosure Standard:| Coordinated Disclosure based on **[ISO 29147](<https://www.iso.org/standard/45170.html>)** guidelines Discovered and Reported by:| **Teamhash ** Remediation Guide:| **[OWASP XSS Prevention Cheat Sheet](<https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.md>)** Export Vulnerability Data:| Bugzilla Vulnerability Data JIRA Vulnerability Data [ Configuration ] Mantis Vulnerability Data Splunk Vulnerability Data XML Vulnerability Data [ XSD ] Vulnerable URL: ![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAAAjCAIAAADNIk3yAAAACXBIWXMAAA7EAAAOxAGVKw4bAAALy0lEQVR4nO2bX0xT1x/Ar1jwArfKv1aEGls1zJAFjUGCE7cFEma0IVXRZVm34UYcMw1BgkZYolgTIAyWjSXEB5foYtwejDE8GDTEh0oIKrLadV3XIKlNRYYtUnLBitj7ezj5ndz03nt6qVSqfj9P95ye7znff6df77e4jOM4CgAAAABiQMJSKwAAAAC8tUCNAQAAAGIF1BgAAAAgVkCNAQAAAGIF1BgAAAAgVkCNAQAAAGJFXNQYnU53//59qSEQC8DJQJxz//797777jqKoFy9efPbZZ//9999SawREw9LXmL/++isUCm3evFl0CMQCcDIQ/1RVVWm1WoqiEhMTk5KSGhoallojIBoi1JiHDx8qlUrRjwKBQGtrq9RQPj09PRUVFVLD6Hj48GF6ejp5gZRd7wLIydgJ2F3CmVdBziYR04YfqbcmalFfFinixDNHjx5NTk6+cOHCq+vj9/ttNltdXR0a1tXV9fX1LYaOwOsm+veYqamplpYWqaF8YlFjADLx4+SIabNu3Tqfz/fa9Hk9RH1Z4hm/39/V1TU4OGg0Gl89aizLpqSkrFixAg0zMjJYll0MNYHXzRL3yh4/fuxyuT7++GPRIRALsJMVCkVeXh5FUYSHeAB/0QDxDKoKmzdvXr58OQVRA/6PrBrz888/63S6zMzML774IhAIUBQVCAS0Wi3LssuWLbtw4QJ/+OOPPyqVyh9++GH16tXp6elfffXVs2fPpHbu6ekpLy9PTEwUDh8/frxnzx6lUqnT6To7O8OaOQh+N+bRo0effPKJUql87733Ll26hNfMzMx8++23KpVq7dq1p0+ffvnyZZgOf//9d2Zm5q1bt6SUvHv37s6dO5VKZW5u7v79+//55x88v3379uTkZJVKdeDAgUePHiH1Ojs7dTpdamrqp59+6vf7jx07plKpMjMzDx06NDMzIyWLrWttbVWpVGvWrPn111+lVvIRShG8xHdybm7uvXv3KIrKzc29ffs2egiboSjq+vXrUp7B4DVSUXj+/Pk333yjVCrXrVt36tQpFIWwLCK4dEFxwQhDj3YTTU5RDfkBTU9P//zzz1H+RzyIICu0WlRcNP8J82GImiPFy5cvGxsbV69enZqaeuDAAb/fv1Cj/H4/3yh+01U0OeXcEQJychKIEyLXGJZlrVbrwMDAnTt3xsbGTpw4QVHUqlWrnE4nwzDBYNBoNPKHe/fuZVn2zp07Q0NDQ0NDw8PD7e3tUpsTGmUmkykpKWlkZKSvr++3336LqKfJZFq5cqXD4bh27Rr/2622tnZsbGx4eLi3t7enp6e7u5svFQgE9u3b19bWtnPnTqmd9Xp9VVWVx+Pp7+8vKSmhaRrNDw8PHz58eHx83G63azQak8mE3dXf32+1WsfGxjZt2uTz+Ww22+DgoNvtbmpqIsgicafTabfbz58/X1JSQljJRyhFYKGNsqqqqrKyMlR7hNy9e7esrKyqqgoNpaJgNptnZ2dtNltvb6/FYjl79iwlyCKZxmKk4oIRDb1UcopqiNbbbDaU/x6PB0cw4kFSskKrRcWl8l/mvRA1RyUALW5vb+/r6+vr63O5XDk5OQ6HY6FGZWZmhhmFESanzDtCgJyTQHzBEXG73RRFTU9Po+HAwMD69evxRwzD8FeiIRLxeDxo/sqVK4WFhejZ4/FotVoswrIswzCTk5PC4fz8PE3To6OjeJO0tDTRQ9E8Ws8/FM8zDIP36enpKS4u5u+ze/fuI0eOEDwwOTmpUCiCwSDZUSMjI9nZ2cj2qakpNNnf35+QkDA7O4u9t3HjRilZ7DrsEMJKPkIpKS9xAp/LgWXZlpaWjIyMgwcPulwuPO9yuQ4ePJiRkdHS0sKyLCcdBY7jsrKy0BqO46xWa1FRkaiqQmP5C/jPEeMiGnpCcopqGJb//f39OP/JB5Fl+YaIikvlv8x7IWWOVwBaoFarh4eHF9GosG+DsOSUc0ekvl4QUjkJxCGKiEWIYRjcrMjJyZmcnIwoQtP02rVr0fOmTZs8Hg8WHxgYwMtu3LhRVFSEX/b5w4mJiVAopNPp8CbkEycmJiiK4h+K5+fm5vj7oBRHfP/99729vefOneNvhf9xR1HUkydP0tPTKysri4uLS0tLc3JyCgsLP/roI/Tpn3/+efz4cYfDMTc3FwqFQqEQRVEMw6xatQot0Gg0K1euTE5OxubjH0JFZZF4WPdDaiUfoZQUYT6XQ2pqamNjY01Nzddff52fn//ixQs0n5+fr9frR0dHsb1SUXj69KnP50N/h0pRVCgUUijEE0+OsQhCXLAyoqEXTU6Chvz812g0wvwn5FhEWSlxqfyXeS+kzMnNzRUuDgQCk5OTBQUFi2gUH2FyyrwjBKRyEohDIteYRWT58uVr1qzBw6X9i7LZ2dkrV6788ccfJpNp3759OOmtVmvYyt9///3evXt2u31sbKy+vv6DDz745ZdfKIoyGAzV1dVnz56ladrr9e7atUv+6fJlX+UUIdE5+cGDBydPnrRYLGazGU+azeaOjo4jR46YzeYNGzYQxIPBYEJCwtDQEP7iTkgQb9IuyFipuESBfA3fCKTM4f/7CfHkyRP0gH6of4MQzUkgHiG/5hC6LjJ7ZVevXsXtCD7z8/NZWVn4ZVw4pGna7XajIe4JTE9PJyQk8F/VRXtlV69ejdgrUygUDoeD4zi9Xm8ymSK/8nEcx3FWq1Wj0XAcNzExoVAo+PNpaWkEd/GHorJClxJW8hFKEbzEd7JMampqGIapr6/3+XxhH/l8vrq6OoZhampqOOkocBzHMExYN0aofESXEhprOC4YOb0yfnKKakgOKOEgsqzMXpkw/6XmhZ4RNYfQK7NarYtoFP/bIEwxmXeE3Csj5CQQb0RfY1iWVSgUuBmKh+gaV1ZWer1eu92+ZcuW5uZmvANuoFsslvfffx/Phw05jqusrDQYDG632263FxQU4HOLioqqq6vHx8ddLldJSQmeNxgM/EPxfHV1dUVFhcfjsdvtW7du7erqCrPL6XTSNG2z2UQ94HA4du3adfPmTZ/P5/F4qqur9Xo9+kitVnd3d09NTblcLoPBIL/GiMoKvU1YyfekqJSol4ROloPRaMRfaqK43W6j0YiepaJQU1NTXFyM3jna29vNZjOaD8siskunp6cVCoXT6ZyfnyfEBSMMPSE5RTWUU2NEDyLLhlktKi6V/6LzfM+QHS5KS0tLUVGRzWbzer0mk8lisURh1OLWGI/HQ9M0nh8ZGeEvi5iTQPwQfY3hOK65uTklJeX8+fP8YWdnJ8MwbW1tarU6LS3tyy+/xD/o8XdraGhoamrCW4UNOY4bHx/X6/UMw2i12ra2NnzuyMhIaWkpwzD5+fldXV143uv1lpeXMwyTl5fX0dHBv8+HDx/OysrSaDTNzc3oEobZVVtb++GHH4p6YG5urrm5OS8vLykpSa1WG43G8fFx9JHFYiksLKRpOjs7u76+fkE1Rigr1ErmSlEpUS8JnbzoSEUhGAzW1dVpNJqUlJTdu3fz36X4WRTRpSdOnECLCXHBCEOPdhNNTlENZdYYOTlGuDui4lL5LzWPPRPR4ULm5+ePHz+elZVF07TBYEAvBws1anFrTDAYpGkal+HLly8XFBQQTADilgg1JgoIDQ0+eXl5g4ODUsMwnE6nWq1eHP3eYchOfheQmZzxhlT+v933ora2trS0lOO4YDCo1WrPnTu31BoB0fBaf/Pn8++//xKGYVit1vXr18dYo7cfspOBuEUq/9/ue9HR0YH+AGfFihUXL17csWPHUmsERMOS1ZiInDlzJicnp6KiYnR0tKmp6eTJk0utEQC8PqTy/925F4mJidu2bUPPUGDeYBb9zWix2hEWi2Xr1q1JSUkbN2786aefXn1DAHiDemVS+Q/3AnizWMZx3FKXOQAAAODt5A3+j2YAAABAnAM1BgAAAIgVUGMAAACAWAE1BgAAAIgVUGMAAACAWAE1BgAAAIgVUGMAAACAWAE1BgAAAIgVUGMAAACAWAE1BgAAAIgV/wNUVlqujG33LQAAAABJRU5ErkJggg==) --- **Mirror:** [Click here to view the mirror](<http://1159023.openbounty.org/mirror/>) ### Coordinated Disclosure Timeline Vulnerability Reported:| 11 May, 2020 14:04 GMT ---|--- Vulnerability Verified:| 11 May, 2020 14:15 GMT Website Operator Notified:| 11 May, 2020 14:15 GMT a. Using the ISO 29147 guidelines| ![](/images/done.png) ---|--- b. Using publicly available security contacts| ![](/images/done.png) c. Using Open Bug Bounty notification framework| ![](/images/done.png) d. Using security contacts provided by the researcher| ![](/images/done.png) Public Report Published [without any technical details]:| 11 May, 2020 14:15 GMT Vulnerability Fixed:| 5 June, 2020 14:34 GMT ---|---