logo
DATABASE RESOURCES PRICING ABOUT US

healthkesari.com Cross Site Scripting vulnerability

Description

Open Bug Bounty ID: OBB-1159036 Following coordinated and responsible vulnerability disclosure guidelines of the **[ISO 29147](<https://www.iso.org/standard/45170.html>)** standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence. Affected Website:| **[healthkesari.com](<http://healthkesari.com>) ** ---|--- Open Bug Bounty Program:| **Create your bounty program now**. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| **[XSS (Cross Site Scripting)](<https://www.owasp.org/index.php/Cross-site_Scripting_\(XSS\)>)** / CWE-79 CVSSv3 Score:| 6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N] Disclosure Standard:| Coordinated Disclosure based on **[ISO 29147](<https://www.iso.org/standard/45170.html>)** guidelines Discovered and Reported by:| **Teamhash ** Remediation Guide:| **[OWASP XSS Prevention Cheat Sheet](<https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.md>)** Export Vulnerability Data:| Bugzilla Vulnerability Data JIRA Vulnerability Data [ Configuration ] Mantis Vulnerability Data Splunk Vulnerability Data XML Vulnerability Data [ XSD ] Vulnerable URL: ![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAAA3CAIAAABVZQ1/AAAACXBIWXMAAA7EAAAOxAGVKw4bAAARgElEQVR4nO2df0wUxxfA12OLBx6IcJwINPzQYNMYS42hmAghtWkaSg2laP1xVWqNpQSVEkqQmpZigwilUZoQY9VY/7DatKQhjaWGGnNSqoDkiic9Eex5PQ9EoIAnPezBfv/YdLLf3Z3ZuYOD077PXzdzM++9eTtzczuz+2Yex3EMAAAAAHgB1VwbAAAAADyxwBwDAAAAeAuYYwAAAABvAXMMAAAA4C1gjgEAAAC8BcwxAAAAgLfwiTkmLi7ut99+wyWBGWeuPOyxXpqKuDKUShWLPXZOAwBfYO7nmOvXr09NTT333HOySWDGmSsPe6yXpiKuDKVSxWKPndMAwEdQmGPu3LkTFBQk+9Xo6OjBgwdxSXoaGhrWr18vShL0uoVIDjKSIH+mVFMyy+oYiYfv3LmzaNEioSUox12EbZG2S3ShRQUI2oUVce7CdRuyUlx1z2zwBkjvgwcP9u7dGxMTExAQsHz58kOHDk1OTtLLobHZ4yFMKR/4b+L5fczIyEhFRQUuSY/sHOOxVWQ8NtJ7xMTEDA4OzqZGr3qYRu+9e/e2b9/Ot7q3t3fr1q3kn0u+IrkWrlGUShV9QmODN0CG7dixw2q1XrhwwWq11tXVNTY2dnR00Muh6WY+ODqAJwGOiMVi0Wg0NF8RShKw2+0hISGPHj0SJT2TRm8kfbueMJCHbTbbqlWrOI6z2WxJSUn8B1GOuwhdh6SJ9PLJkydPLlu2jGXZxMTExsZGgnZhRWktXKMolSr6hN4Gb4D0jo+Psyw7MjLiVXXT6flP9qgBpgPVfcyRI0fi4uLCwsLeeuut0dFRhmFGR0djY2MdDse8efO++uorYfLzzz8PCgqqrq5evHjxokWLtm/f/vfff+MkNzQ0vPzyy0899ZRsUqqXYZiJiYl33nknKCgoJibm448/Rn8k29ra1qxZExAQEB4evmHDhrt374p0CY387rvvcPKF3LhxIyws7PLlywTVbW1tKSkpQUFBUVFRb7zxxu+//06wh19SOHjwYHh4+JIlS06cOIFbZJicnNy3b9/ixYsXLFiwYcOGoaEhhmEePnz47rvvhoeHP/3005988glvAC+hpqYmLi5uwYIFb7755tDQ0AcffBAeHh4WFvb2228/fPhQ6vCoqKhr164xDBMVFXX16lX+gyiHYZiffvoJd+0QsmWQNJFePjk1NYW+UqlUOO2iitJauEZRKlX0Cb0NNCg6U1QA6eWVsiwrrSLbTwjdjP8gHZ6iEe2BtTz0vRE3YPv6+l599dWgoKC4uLiamhq0aIkb+ICPozxIHA6H0WhsaWlpbW212+0lJSUMwyxcuNBsNms0GqfTqdfrhcnXX3/d4XC0tra2t7e3t7d3dHRUVVXhhBMWymT1MgxTXl4+Pj7e2dnZ2NhoMBiOHj3K53d0dOzatau/v99kMkVHR+fn54t0SY2UlY8YHR3NysqqrKxMSUkhqM7IyMjJybFarc3NzWvXrlWr1WR7HA6H2Ww2mUynTp1au3YtzjNVVVVNTU1NTU3d3d2RkZFdXV0Mw+zZs8dut3d0dDQ2NjY0NNTV1Ql91dzcbDQa7Xb7M888Mzg42NnZeeXKFYvFUlpainO4Ijk5OevWrRP+cAtpa2tbt25dTk6Oohyh3nv37l26dOns2bNqtfrbb789deoU4fdCuNiFq6W4UOZZdbdsoIHgTFlPIr0LFixIT0/ftGnTL7/8IvzHwGD6CUPsZrLDUzSiPbBWKJ+mN+IGSH5+vr+/f09PT1NT0+nTp5FY3MAHfB3ybY7FYmEYZmxsjE+2tLTEx8ejr3DLUAzDWK1WPr++vn716tX8Z6vVGhsbi6o4HA6NRjM8PCxNEvRqtVqHw8F/NhqNsqs6PT09ERERikaS25Wenp6XlycUK1U9PDzMsqzT6SS7UWgPwzCoyVILETqdrqOjQ5jjcrk0Gs3t27f5ZENDQ3JyMpKJFlKam5tVKtX4+Dhq2rJly/jPIofT4HA4KioqQkNDN27c2N3djfK7u7s3btwYGhpaUVGBfIJri6xemtUVaUVpLVyjKJUq+oTGBkpknSnrSanesbGxkpKShIQElmWXLVtWVlbmcrk4uX7CEbsZYXiK2uWWtSL5NL1RCBogLpdLrVajTl5fXx8SEsJ/phn4gA/i3n6MxWJBl5zw861Wq1F+V1eXTqfjP7tcLrvdjr6qr69/8cUXZZM4vcPDwwzDaP8lNDQUCe/o6HjppZciIyP5fL485X6MtF2lpaUqlerkyZOoDE71pk2bEhMTCwsLP/vss0uXLqHyNPbI5nAcNzIywrIs/yOCsNvt/v7+KNnd3Y2bR1FbREmRw+kZHh7OzMxkWRblsCybmZkp2iHA/fh6rJemIq4MpVLFYjRytAJwOQiRM2U9SdDrdDpbWlqSk5P3798v2084YjcjDE/Zy0dpLc3IEiVlB4iok3d1dSkOfMDHmdX3Y/z8/JYsWYKSHjxR5nQ6VSpVe3u70Wg0Go2dnZ1Go5H/KjMzMzU11WAwGI3G8+fPT8fO8fHx+vr6s2fPlpSUoH0anOqvv/76+PHjK1eufPToUWFh4e7du2fKHj8/v+m0QopnT5T19vbm5+cbDIby8nKUWV5ebjAY8vLyent7vaSXsiLNQtl0VNDIMQrA5fBInYnzJE7v/Pnz16xZU1tb+8033/A5M95PPLDWA9waIISBD/g65CnIs/sYRnAz/v3336ObcSEul0ur1aKbYlGSoFej0UgXBwYGBoT/so1G43TuY1iW7erq4jguIyMjPz8fFZNVLcRoNEZHR9PbI5vDo9PpjEajMIewVkbzz1HkYUpyc3M1Gk1hYeHg4KDoq8HBwYKCAo1Gk5ubS5DgmV7KirgylEoVi3lsvCw4Z0o9KdUrXJjiOM5gMPCru9J+windx+CGp6gWvbWc+/cxuAHCr5VZLBY+X7hWpjj6AN/E8znG4XCwLIsWalGS78TZ2dk2m81kMiUmJpaVlSEJaOvCYDCsWLEC5YuSBL25ubnJyckmk8lut1dVVZWXl/P5Op2urq5uZGSku7s7MzOTLz82NsayrNls5tcThEbSzJ1ms1mtVnd2duJUd3V1vfLKKxcvXhwcHLRarTt37szIyCDYQ55jhPs6FRUVSUlJnZ2dNpuN/y/JcdzOnTvXr19vtVpNJtOqVatqa2vJvhImRR6mRK/XowEvi8Vi0ev1KCndmvJML2VFXBlKpYrFPDZeFrIzhZ4U6TWbzTqd7tixY3a7fWRkhP+2oqKCw/QTxTlGdniKRjS9tZz7cwyHGSAcx2VnZ2dmZlosFpPJtHLlSsWBD/g4ns8xHMeVlZUFBgaeOnVKmKypqdFoNJWVlTqdLiQkZNu2bWjHTyitqKiotLQUiRIlCXqdTmdBQUF0dHRgYGB6ejr6r2cwGFavXq1WqyMiIgoLC1H5kpISnJGy8kWq9+zZk5qailP96NGjsrKyhIQEf39/nU6n1+v7+/sJ9pAHv/Arl8tVXFys1WrVanVmZib/X9LhcOzatUur1UZHR6NdX8pRLfKwN5C9J/NYL01FXBlKpYrFZsFplHrPnz+flpYWHBwcGBi4cuXKY8eO8fmy/USxm8kOT04younxYI7BDdj+/v6MjAyNRhMbG1tZWak48AEfR2GO8QDKp24SEhKuXLmCSwIzzlx52GO9NBVxZSiVKhZ77JymyOP1siR/AzfXVgDTYh7HcTO7wXPnzp0VK1Y8ePBgZsUCADB9Hq/hee7cucOHD//6669zbQjgOXMfd3kOgajps8bk5OShQ4du3bo1s4XhVIgnjwMHDpw4ceL+/ftXr14tLS3Nzc2da4uAafHfnWMgavps4ufnNzU1VVRUNIOF4VSIJ5K0tLS6urro6Gi9Xr9nz57t27fPtUXAtFCeY9wNKh4TEyO6E3dXAk2McWmYr+rq6qVLl/7111+KJXlo3nv44osvli5dOn/+/Oeff/7HH38kF0bq5kk4cuQITV2f4v333w8ICOCjz82IwOLiYpvNJowDxjDMxMTE5s2bpSpkC4uYzYjdTwzS4elrpKSkXLt2bWJi4tatW3v37p1rc4Bpo7hjwz9KaDabBwYGmpqa0tLSWltb3drzcVcCzbakqExTU1NwcDB6yJinv79/27Zt7e3tGo2mp6dny5Ytwjeik5KSLly4QFBRW1sbGxvb1NQ0MDBw5syZ0NBQ/sFQGsOc/4/0TWwfZ3BwUKVSGY1Gl8ulGCnHY5xOZ1paWnZ2tme70KIrqHhBAQCYfRTmmOkHFfdAgrtzjNVq1Wq1Z86ckRZTDOdOUBEZGXnx4kWUPHz4MHr3ZZrG+z6z0wqLxfLpp596pgt3KsRM2wgAwLRQWCvDBRWXBg9nMGHGCWHJZYN1S2OMk5mYmMjKytLr9Zs3b8bZzyMbzh0ndnR01G63CwPWpqamoqC2wgDmixYt2rp1q+zRAEJw4dZFPiRE7xeVlEX2EsiKJTRhaGhIdFIDuQmUxwpIiYmJ+fDDD8l+w0E4FYLmPAIAAGYHhTmGEFRcGjxcNsw4QYJssG5pjPFwCUIheXl57e3tsg+fTCecu8PhUKvVwkkoODh4bGxMWKCzs5M/GsBqtQrj5xNkijwmzSFE7xeVlHULLtK7rFhcE8LCwoSHICg2gfJYgZmFsBlDPo8AAIBZRfFORzaouDR4OIcJM46TwOGDdYsWT2wSUJmjR48mJCRs2bIlKysLZ79iOHfRiQO4Wrdv3xbGAmAERwM0NzcLjwZgBAFitVotH/FMNty6KIccvV/kbVm3yF4CWbGEJnCY17ZxTXA3kLsID9bKCKdCcPjzCAAAmH3ceM9fGFRc+ruACzOOk0AI1k25H8OyrE6nM5vN/f39Go1GGFefjChquujEAR6bzSYMgc5xXE9PD4rTTg53FhgYKPzpRyfiKEbDpIzejwN3CWTFKsb8kJ1jyE0gBA4h4MEcQzgVAiE9jwAAgNlHZpsEBwoqrtfrd+7cKVuGHGZcKCEvL48P1o22anAn14oWxxiGuX//PsMwU1NTx48fX758OcMwxcXFhYWFlMsjomUW0YkDPPxK0T///IOWy8bGxoKDg2nkq1SqqKgompLTQeqWnp4expuR3n0HxaeWe3t7P/roI9F5BAAAzD7K78eINlH4J3GlxRYuXBgaGir7lrWshCVLlgQGBg4PD0f9i/SHnscogc8PDAx87bXX+M9FRUUDAwOEzXDE5OTkDz/8oPgixcKFCyMjI5ubm1FOc3Pzs88+qyh/Ouh0On9//z/++INPms3m2NhYXGGpW3CXwC2xvo/oCkov6HvvvZeYmBgREdHd3b1v3745MhMAAIZRnGNu3rwZHx//5Zdf9vX1jY6OXr58OS8vD3cTU1BQsGvXruvXr9+9e3f37t2XL18mS+DvZm7cuNHX11ddXX3gwAFejlardTqdKJRIlASp6oCAgPLy8v379yu+X9bS0hIREREXF4dyHj58KPsAW0lJyY4dO37++eehoaFz586VlZUVFxeThSMm/h/KU9/9/Pw2bdpUUFDw559/3rhxo6ysbMuWLbjCsm6RvQRuifV9RFdQekEdDofJZKqpqQkLC5sjGwEA+BfF1TTZoOKya+iyYcZxEjhisG7FGOOyBiQmJpaUlJCbI42aTtgPqK2tjY+P9/f3T0xMPH/+PK6KaD9G6uTDhw9Tnk5GE72fAO4SSMU+vvsx5FMhAADwKWY+7rKPs3z58tOnT7/wwgso5/GKRAuIrqD0ggIA4Du4sef/ZHDz5k1pZk5OzqwbAniI6ArKXlAAAHyE/9x9jJSJiQmWZf8Lj2MBAADMMjDHAAAAAN7iv3t+DAAAAOBtYI4BAAAAvAXMMQAAAIC3gDkGAAAA8BYwxwAAAADeAuYYAAAAwFvAHAMAAAB4C5hjAAAAAG8BcwwAAADgLWCOAQAAALwFzDEAAACAt4A5BgAAAPAWMMcAAAAA3gLmGAAAAMBbwBwDAAAAeAuYYwAAAABv8T9ulae8YrIONwAAAABJRU5ErkJggg==) --- **Mirror:** [Click here to view the mirror](<http://1159036.openbounty.org/mirror/>) ### Coordinated Disclosure Timeline Vulnerability Reported:| 11 May, 2020 14:17 GMT ---|--- Vulnerability Verified:| 13 May, 2020 08:37 GMT Website Operator Notified:| 13 May, 2020 08:37 GMT a. Using the ISO 29147 guidelines| ![](/images/done.png) ---|--- b. Using publicly available security contacts| ![](/images/done.png) c. Using Open Bug Bounty notification framework| ![](/images/done.png) d. Using security contacts provided by the researcher| ![](/images/done.png) Public Report Published [without any technical details]:| 13 May, 2020 08:37 GMT