Open Bug Bounty ID: OBB-1159065
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:
      a. verified the vulnerability and confirmed its existence;
      b. notified the website operator about its existence.
Affected Website: |
infinesseglobal.com |
Open Bug Bounty Program: |
Create your bounty program now. It’s open and free. |
Vulnerable Application: |
Custom Code |
Vulnerability Type: |
XSS (Cross Site Scripting) / CWE-79 |
CVSSv3 Score: |
6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N] |
Disclosure Standard: |
Coordinated Disclosure based on ISO 29147 guidelines |
Discovered and Reported by: |
Teamhash |
Remediation Guide: |
OWASP XSS Prevention Cheat Sheet |
Export Vulnerability Data: |
Bugzilla Vulnerability Data |
JIRA Vulnerability Data [ Configuration ] |
|
Mantis Vulnerability Data |
|
Splunk Vulnerability Data |
|
XML Vulnerability Data [ XSD ] |
|
Vulnerable URL:
![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAAA3CAIAAABVZQ1/AAAACXBIWXMAAA7EAAAOxAGVKw4bAAARhUlEQVR4nO2dbUxT1xvAr9CxAuW9VN42XkJwWYwjxjhNnCFzWRbHDDp1TDtljjhGkDHiDDKzMTSIOBbGB2KcLuoH95LFLGQhzDBjakcQGbnDymoHrnRYEYEAVlZY4f4/3L83d/eec+5p4Zbqnt+nntNznuc5z7mnT++57XOWcBzHAAAAAIAKBC22AQAAAMBjC8QYAAAAQC0gxgAAAABqATEGAAAAUAuIMQAAAIBaQIwBAAAA1CJwY0x6evpvv/2GKwKBwGJNis96aTri2lAqVWz2yDkNAOZDgMaY69evz83NPffcc8giEAgs1qT4rJemI64NpVLFZo+c0wBgnijEmIGBgYiICORbExMTR48exRXnSXNz86ZNmyRFgjESPvjgg9DQ0LNnz9J38Rs0Jnlr9qIMUzIpAwMDMTExYmOEGm8RD0c+NMm1IWlA0C7uiPMY7kojK8V1980GNRD03r9///33309NTQ0NDV22bNmxY8dmZ2fp5dDYPJ+PggBcsMA88f0+Znx8vKamBlecJ8gYk5qaOjIyoth3dHS0sbGxo6PDaDRSdgF8QDJH/td79+7d3bt38/Pb39+/c+dO8scl35HcCzcoSqWKPqGxQQ0Ew/bs2eNwOC5evOhwOJqamlpbW7u7u+nl0Cyohf0oAB55OCJ2u12n09G8RWjpLU6nMzo6emZmBllUZAEtUQMa87wdgv+HLEzK4ODgypUrOY4bHBxcvXo1/0JS4y3i4QjSJHr54ldffZWZmanRaLKzs1tbWwnaxR3lvXCDolSq6BN6G9RA0Ds1NaXRaMbHx1VVN5+rMcAXL+ADVPcxX3zxRXp6elxc3FtvvTUxMcEwzMTERFpamsvlWrJkydmzZ8XFzz//PCIi4vjx40uXLo2Jidm9e/fff//Ny7l27doLL7wQERGRnJz8+uuv//7770h1zc3NL7/88hNPPCEpyrdQ6uvr09PTY2Jidu7cyRs2OjoqNky8a4FszzDM9PT0O++8ExERkZqa+sknnwjfKJHW4oaAFHLnzp1XX301IiIiPT29vr4et3H04MGDd999Nz4+/qmnnvr0008FA44dO4b04dq1a0NDQ+Pj47dt23b79m3y3M3Ozh48eHDp0qXh4eHbtm0bHR3FaRS7KDw8/I033hgdHf3www/j4+Pj4uLefvvtBw8eyOcoOTn5119/ZRgmOTn56tWr/AtJDcMwP/30E9lOXBtBmkQvX5ybmxPeCgoKwmmXdJT3wg2KUqmiT+htoEHRmZIGgl5eqUajkXdBXif8JXH06NH4+PjExMTTp09LFpR8mUs+GXywlof+asStCNzqw613QCWUL26Xy8WybHt7e2dnp9PprKioYBgmKirKarXqdDq32200GsXFzZs3u1yuzs7Orq6urq6u7u7uuro6XlRubm5BQYHD4TCbzevWrdNqtUiNyI0ypGE9PT28YQ6Ho7KykmGYuLg4sWGK7RmGqa6unpqa6unpaW1tNZlMJ06cIFiLGwJSSElJSUhISF9fX1tb27lz53AeLi0tdTqd3d3dra2tzc3NTU1NvLVdDxH7sLu7e+/evUNDQxaLJSUlpaSkhDx9dXV1bW1tbW1tNpstKSmpt7cXp5F5ONdms5llWafT+cwzz4yMjPT09HR0dNjtdsFjhEnBUVBQsGHDBvEHt5hr165t2LChoKBAUY5Y7927dy9fvvzNN99otdrvv//+zJkzhM8L8WYXrpfiRplv3b2ygQaCM5GeFPSGh4dv3LgxPz//l19+EX9jYDDXCcMwLpfLarVaLJYzZ86sW7dO3AW5zCWfDD5YK5ZPczXiVgRu9eHWO6AW5Nscu93OMMzk5CRfbG9vz8jIEN5C7pXxXRwOB19/4cKFVatWcRw3Njam0Wjcbrdci8PhSEtL41+7XC6dTjc2NiYvijVKDDObzUjDJFYh2+v1epfLxb9mWZbf3EBaSxiCXIjH49Fqtbdu3RL8EB0dLfebx+PR6XRCs+bm5jVr1uB8KKGvry8hIUEuU4zBYOju7hbXIDUKLhI2Usxmc1BQ0NTUFF9sb2/PzMzkX0vmiAaXy1VTUxMbG7t9+3abzSbU22y27du3x8bG1tTUCA7EDQepl2Z3Rd5R3gs3KEqlij6hsYESpDORnpTrnZycrKioyMrK0mg0mZmZVVVVHo+HQ10n3MNLAmkz4RKVjMsrayXyaa5GMcKKwK0+DrPeAfXw7nmM3W4XpooQY7RarVDf29trMBj41/n5+dnZ2eXl5Z999tnly5eFNh6Px+l08q8vXLjw4osvCm+Ji8jgQTZMbBWy/djYGMMw+ofExsaSrUVWIoU4nc6QkBCxH5AxRtLMZrMlJCQQfNjd3f3SSy8lJSXxipAyBcbHxzUaDf8hQtZIdqmkKJkjesbGxvLy8jQajVCj0Wjy8vIkTwhww/FZL01HXBtKpYrNaOToReBqBCTORHqSoNftdre3t69Zs+bQoUPI64RDTQTNMkdOH6W1igtWXkSuCNzqI6x3QCX8+v+Yr7/++tSpUytWrJiZmSkvL9+3bx9fHxwcnJiYyL+m3ChbKNxud1BQUFdXF8uyLMv29PSwLEuwFllJELLg5OXlrV+/3mQysSzb0tJC0yU4OHhhbfBtUvr7+0tKSkwmU3V1tVBZXV1tMpmKi4v7+/tV0kvZkWajbD4qaOSwInA1PHJn4jyJ0/vkk0+uXbu2sbHxu+++42sW/DrxwVof8GpF+HOpAv+HHIJ8u49hRDfRP/zwA3Kfh2XZlJQUSaXH49Hr9cIdrqSoxn0Mx3E6nU6+S0BjrbhSLoS/W7fb7XxxPntlgg+Hh4fFNwEsy5LvYziOMxgMLMtKDMPtldF8c5RMCiVFRUU6na68vHxkZETy1sjISFlZmU6nKyoqIkjwTS9lR1wbSqWKzXw2HgnOmXJPyvWKN6Y4jjOZTPymsfw64ZTuY3DLXNKL3lrO+/sY3IrArT6Obr0DC4jvMcblcmk0GmGDVSjyF9/WrVsHBwctFkt2dnZVVRXHcb29va+88sqlS5dGRkYcDkdhYWFubq4gmX/IYTKZli9fLlRKiirFmKKiojVr1lgsFqfTWVdXV11djbOWMASkkK1bt+bl5dntdovFsmLFCl7j5OSkRqOxWq3C1kRhYeGmTZscDofFYlm5cmVjYyPOhxzHGQyGpqam8fFxm82Wl5eHlCl+YlRTU7N69eqenp7BwUH+uyRSI9lF4qJkUigxGo3Cgkdit9uNRqNQlD/08k0vZUdcG0qlis18Nh4J2ZliT0r0Wq1Wg8Fw8uRJp9M5Pj7Ov1tTU8NhrhPFGIO8RCWfDPTWct7HGA6zIjjM6uMwSxVQD99jDMdxVVVVYWFhZ86cERfr6+t1Ol1tba3BYIiOjt61axf/pG5mZqaqqiorKyskJMRgMBiNxqGhIYmW/fv3V1ZWCvIlRZVijNvtLisrS0lJCQsL27hxI/+lD2ktYQhIIUNDQ7m5uTqdLi0trba2VtBYUVEh9pvL5dq7d69er09JSeGfwfLW1tXVSXzIcZzJZFq1apVWq01ISCgvL5fLlN8nHThwQK/Xa7XavLw8/rukXKPiXAtFyaSoAfK2zGe9NB1xbSiVKjbzg9Mo9ba0tOTk5ERGRoaFha1YseLkyZN8PfI6IccY5DLnkXwy0ONDjMGtCNzqQy5VQD0UYowP+PxrGY7jsrKyOjo6cMVHGv4r5GJbsQAs1qT4rJemI64NpVLFZo+c0xSZzzL3P4/N6nsUQfwbaxG5efMmofhIw7JsRkbGYluxACzWpPisl6Yjrg2lUsVmj5zTHjMem9X3KBKgeZf9g9rZzg8fPnz69Ol79+5dvXq1srKyqKhIPV0Bzuzs7LFjx/7444+FbQwHQAA4YPUFCP/dGOOHbOc5OTlNTU0pKSlGo7G0tHT37t3q6QpwgoOD5+bm9u/fv4CN4QAIgACsvkBBcTdtcnKytLT06aef1mq1WVlZtbW18v9qLawEPm8rWaZ8O7iuri4jI0P+R2vcxvGRI0dKSkrIWhobGzMyMkJCQrKzs1taWsiNBXVyJzc0NND0DSjKysq0Wi3/C44FEejxeFauXCl5POB2u/Pz8+UqkI0lSGaQZkIBAPAzyjGG/wmg1WodHh5ua2vLycnp7Oz0Soe3EmgeJ0ratLW1RUZG9vT0iNsMDQ3t2rWrq6tLp9P19fXt2LFDHNtWr1598eJFgorGxsa0tLS2trbh4eHz58/HxsbyP+ikMcz9b7yNyovOyMhIUFAQy7IejweZO2dBcLvdOTk5W7du9S2MSWZQcUIBAPA/CjFm/snAfZDgbYxxOBx6vf78+fPyZopp2AkqkpKSLl26JBQbGhrEf+iZj/GBj39GYbfbjxw54puueR4AAQCAf1B4HoNLBi5P+s1g0oMT0okjk2zLc4OTmZ6e3rJli9FofPPNN3H28yDTsOPETkxMOJ1OcaLZ9evXC8loCScF4MClSZf4kJB1X9ISCXIKkGIJQxCfj8Cf1EAeAuVxAHJSU1M/+ugjst9w4A6AYOjOEQAAwD8oxBhCMnB50m9kenCCBGSSbXlu8HgZYiHFxcVdXV3IH43MJw27y+XSarXiIBQZGTk5OSlugDwpgCxT4jF5DSHrvqQl0i24DO244wOQQxCfj7B582bFIVAeB7CwEPLakc8RAADAryje6SCTgdtlSb85THpwnAQOn2RbsnkyKENoc+LEiaysrB07dmzZsgVnv3wrRpLtXHyyAKHXrVu3xKkEGPzJAowosater+cfRMs9Jq8hZ92XeBvpFuQUEFKiIYfAYf5ujRuCtwnYJfiwV0Y4AILDnyMAAID/8eJ//uJk4PLPBVx6cJwEQpJtyucxGo3GYDBYrdahoSGdTic+LICMJNu5+GQBgcHBQXHqco7j+vr6hPzq5Ew2YWFh4o9++eE3uGFSZt3HgZsC3PEB5FwdyBhDHgIh4QcBH2IM4QAIAfk5AgAA+B8v/ucvJAM3Go2FhYXINuT04GIJxcXFfJJt4VEN7sRZyeYYwzD37t1jGGZubu7UqVPLli1jGObAgQPl5eWU2yOSbRbxyQIC/E7RP//8I2yXTU5ORkZG0sgPCgpKTk6maTkf5G7p6+tj1MzQHjgoHgDR39//8ccfS84RAADA/yj/B1PyEIX/Ja68WVRUVGxsLPJf1kgJiYmJYWFhY2NjyQ+Rf9DzsDL4+rCwsNdee41/vX///uHhYcLDcIHZ2dkff/xR8SSPqKiopKQks9ks1JjN5meffVZR/nwwGAwhISF//vknX7RarWlpabjGcrfgpsArsYGPZAblE/ree+9lZ2cnJCTYbLaDBw8ukpkAADCMYoy5efNmRkbGl19+eefOnYmJiStXrhQXF+NuYsrKyvbu3Xv9+vXbt2/v27fvypUrZAn83cyNGzfu3Llz/Pjxw4cP83L0er3b7RZSiSTLkKsODQ2trq4+dOjQ/fv3ySNqb29PSEhIT08Xah48eID8AVtFRcWePXt+/vnn0dHRb7/9tqqq6sCBA2ThAtP/hvK09uDg4Pz8/LKysr/++uvGjRtVVVU7duzANUa6BTkFXokNfCQzKJ9Ql8tlsVjq6+vj4uIWyUYAAB6iuJuGTAaO3ENHpgfHSeCISbYVc4MjDcjOzq6oqCAPR57tnPA8APc/f/LzGLmTGxoaaJ7HcHRZ9wngpgB3fAByCFxgP48hHwABAEBAsYTjOL/HtcVk2bJl586de/7554WagYGB5cuXK94AAQGCZAblEwoAQOAQWLn9/QAy23lBQYHfDQF85DE+AAIAHj/+c/cxcqanpzUazX/h51gAAAB+BmIMAAAAoBb/3fNjAAAAALWBGAMAAACoBcQYAAAAQC0gxgAAAABqATEGAAAAUAuIMQAAAIBaQIwBAAAA1AJiDAAAAKAWEGMAAAAAtYAYAwAAAKgFxBgAAABALSDGAAAAAGoBMQYAAABQC4gxAAAAgFpAjAEAAADUAmIMAAAAoBb/A2r0I89IAK4WAAAAAElFTkSuQmCC)
Mirror: Click here to view the mirror
Coordinated Disclosure Timeline
Vulnerability Reported: |
11 May, 2020 14:55 GMT |
Vulnerability Verified: |
13 May, 2020 08:36 GMT |
Website Operator Notified: |
13 May, 2020 08:36 GMT |
a. Using the ISO 29147 guidelines |
![](/images/done.png) |
— |
— |
b. Using publicly available security contacts |
![](/images/done.png) |
c. Using Open Bug Bounty notification framework |
![](/images/done.png) |
d. Using security contacts provided by the researcher |
![](/images/done.png) |
Public Report Published |
|
[without any technical details]: |
13 May, 2020 08:36 GMT |