logo
DATABASE RESOURCES PRICING ABOUT US

animalscoco.com Cross Site Scripting vulnerability

Description

Open Bug Bounty ID: OBB-1159116 Following coordinated and responsible vulnerability disclosure guidelines of the **[ISO 29147](<https://www.iso.org/standard/45170.html>)** standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence. Affected Website:| **[animalscoco.com](<http://animalscoco.com>) ** ---|--- Open Bug Bounty Program:| **Create your bounty program now**. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| **[XSS (Cross Site Scripting)](<https://www.owasp.org/index.php/Cross-site_Scripting_\(XSS\)>)** / CWE-79 CVSSv3 Score:| 6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N] Disclosure Standard:| Coordinated Disclosure based on **[ISO 29147](<https://www.iso.org/standard/45170.html>)** guidelines Discovered and Reported by:| **geeknik ** Remediation Guide:| **[OWASP XSS Prevention Cheat Sheet](<https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.md>)** Export Vulnerability Data:| Bugzilla Vulnerability Data JIRA Vulnerability Data [ Configuration ] Mantis Vulnerability Data Splunk Vulnerability Data XML Vulnerability Data [ XSD ] Vulnerable URL: ![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAAA3CAIAAABVZQ1/AAAACXBIWXMAAA7EAAAOxAGVKw4bAAAPSUlEQVR4nO2df0wTZxjHT6iswDGhtIC0BkoMEkLQGMJYwjanZnOsIQwR3cYmboQRg0tHnFNMWMcWdGy4jbAfWbZE+Wf+YchCyOIM0aQjDROGt9ohIDIovxrSInWnllq4/XHZ5XZ37/VaehT1+fzV9+17zz3P+77wcE/L911HURQGAAAAADIQEW4HAAAAgEcWyDEAAACAXECOAQAAAOQCcgwAAAAgF5BjAAAAALmAHAMAAADIxZrIMXq9/s8//0Q1ATmASQYAYBUIf465fv368vLy1q1bBZuAHMAkAwCwOvjJMRMTE3FxcYJvud3uU6dOoZrS6ezsLC4uRjUlIuJnWOyscZhJvn379qFDhzQajVar/eCDDx48eBCEtffeey86OvrcuXPSL2HmeWJiIiEhIYibrgSJqxz0lgYAgCH455iFhYWmpiZUUzohyTFpaWlOpzOIuz+eMJNcWVnp9XoJgrh8+bLFYmloaAjUlMvlam1t7e3traiokMFTWZC4W4Le0gAAMIS5VjY7OzsyMrJjxw7BZkA88cQTIXTsEYaZ5Pv37w8MDHz//fdarXbLli1nzpy5cOFCoNZIkoyJidm6dWtkZKT0qxQKRWZmJvvFKgO7BQBWB0k55quvvtLr9YmJiW+88Ybb7cYwzO12p6enkyS5bt26c+fOsZtnzpyJi4v77LPPkpOTExISDh48eP/+fZTlzs7OF154Yf369fxmX1/f008/HR0drdFo9u3bNz09jf1X5WhpadHr9QkJCa+//jrtD7v2wgyIjY3dv3+/y+V6//33NRpNYmLioUOH7t69S99L0D6Hvr6+Z555Ji4uTqvV7t2798aNG3T/0tLSiRMnkpOTY2Nj9+3b53K5MAy7e/fuO++8o9FoNm3a9NFHHy0tLQUxmI30C6VHzZ7k6OjoycnJ2NhYun90dDQ1NVUkaj4ul4u9DVBB8fu1Wu0ff/yBYZhWq/39998Zg7/++ivqXpwB0peGnpxTp05pNJqNGzf++OOP7FoZ/Zq/XTk7XNwrAABQ+M8xJEkSBGGxWK5evTozM3P8+HEMwzZs2DA0NITjuMfjqaioYDdfeeUVkiSvXr3a39/f398/MDDQ3NyMMi5SKBsYGKiurnY4HDabTafT1dbWMv5YrVbaH7vdXl9fL+hwT08PQRAzMzNZWVlOp9Nqtfb29o6PjzPjUfbZGAyGyspKu93e09NTWFioVCrp/ubm5u7u7u7u7pGRkdTU1MHBQQzD3n333ZmZmYGBgYsXL3Z2dn7zzTdBDGYT0IUSo+bPOc3w8PDRo0c///xzVNQaHhiGJSYmsrcByjcpwdJUVlbu2rWLTj8c+vr6du3aVVlZGcTSkCQ5NDRks9nOnj1bWFjIsSy4XTk7HOUwAAB+oEQZHx/HMOzOnTt002KxZGRkMG/hOM4eSTfpS+x2O93f0dGRl5dHv7bb7enp6cwlJEniOD4/Py/YZDM6OpqSksL3p6enh/aHc/eFhQVmQERExL179xj/N2/eLG6fCWp+fl6hUHg8Hv74pKSkgYEBdo/P58NxfGxsjG52dnYWFBQEMTi4u0iPWnCSp6amMjIyzp8/LxL1FA+6n5kxlG8Sg2Xca2pqUqlU5eXlIyMjdOfIyEh5eblKpWpqaiJJUsRJwUmjJ4cdMnuVRbYrZ4cDABAECr9JCMdxprCQmpo6Pz/v9xKlUrlp0yb6dVZWlt1uZy63WCzMsEuXLuXn5zNfK+I0r127duzYscHBQa/Xu7y8vLy8zPdHp9Px/cFxfMOGDcyAJ598Mjo6mnGA+bAXZZ8hISGhrKysoKBg586dqampeXl5zz33HIZhbrd7fn4+NzeXPXhubs7r9er1eiZq+pdXQIPZBHqhxKg5k0xTVlZmNBr3798vErVWq8VEQfkmJViG2NjYEydO1NTUvPXWW9nZ2fT33LKzsw0Gw9jYGBNgQEtDT47It9dQ2xUAgJWzqp/5R0ZGbty4kWmKf6OspKTk2WefNZvNBEH88ssvIXdGiv2ffvrphx9+yM3N9Xq9dXV1R44cYcci/V4BDQ7JhSj4hbLZ2Vmr1coOTTBqwVqZHNy6dau2ttZsNjc2NtI9jY2NZrP58OHDt27dEneSJuSTBgBA8Ig/5vALYvHx8ai3BGtlP//8M1N8YOPz+dRqNVNC4TTn5uYUCgUzmCAI+r4of9h3RznMbkq0z4YgCJ1OR79OSkoiCIITjkitTPpgNtIvlBg1Z5IZm5wewahXp1ZWU1OD43hdXZ3T6WT3O51Oo9GI43hNTY2Ik5TQpPHXVKRWxt6uUCsDgJUT/HOMWq32eDw3b94UbNbV1U1PT//1118mk8lgMDBXLS4u0i8sFktKSgpTQuE0NRqNSqX69ttv3W73zZs3TSZT0H4KgrKvUqk8Hs/w8PDS0tKNGzdeeumlK1euuFyuycnJtra2bdu20cOMRmN1dfX169enp6ePHDny22+/RUZGHjhwwGg0Tk5O0lG/9tprQQxm5ifQC6XAmWSayMhI+utkNKiotTw4xlG+BeQzSZI2m62lpSUxMZHdn5iY+MUXX9hsNpIkRZwUnDQpMyO4XTlbGgCAYBBPQeJ/IJtMppiYmLNnz7KbLS0tOI6fPn06KSkpPj7+zTffZD58Zls7evRofX09Y4rTpCjKbDbn5eUplcqUlJS6urrQPseg7FMUdfz4cToor9drMpkyMzOjoqKSkpIqKiocDgc9xufzHTt2TK1WK5XKkpIS+o9ukiSrq6vVarVOpzOZTD6fL9DBHOeDvhAVNX+S+YNFohaEfWvUDKD6gyagpfH7HIParhRvhwMAECjrKIoKbdKamJjIycn5559/xIdt2bKlvb39qaeeEmwCcgCTzEfidgUAIDj8f69MJoaHh0WagBzAJAMAsMqEWUsGVP3XIGFfhbA7AABAqAhnjgFV/zVI2Fch7A4AABBCQp9j0tLSJFa3Q6K4HCgP0SkAYdGWZ6/C4uLiq6++KhKmHJMQkm0gxTF6eqVv15W4EZYjDABgLRDO55iw5JiHiLBoyzOrsLi4uGfPHp/PJzJYjiMVQrINpDgG0v0AsAqELceEUNUfCBXsVXA4HLt376ZVMkUIrUh+CLfBWlDvD/sRBgAQdvznGL6IOl8sHUMI0YsgouovIl8veGTA4uLi22+/HRcXl5aW9uGHHy4tLaGOAGD49NNPOXY41RV2cWN2dvbll1+Oi4vT6/UtLS3sogffjrj/fPsoVzna8l9//fWLL77IXH7y5MmDBw9yppR/X8GVEgmHvQppaWknT54UX0R2UIJi+9K1+vkOCBqUIt2P8c56kCLdL93Vv//+OzY29tq1axiGuVyuhISEK1euCF6COsIAAB4f/OcYQRF1vli6oKa6iMiVSKFMRL5e8MiAxsbGe/fuWa3Wixcvms3m7777DhM9AoAkyf7/ED96gKa2tjYqKmp0dLS7u7u9vd2vHelS9owdvqscbfmSkhKz2cx8ctDZ2VlaWsqxI3hf/kqhwuEvSkAI7hPpWv18BwQNyifdL91VvV5fX19vNBoxDGtoaCgqKnr++eexVZR0A4CHCfF/0RQUUeeLpVNCmuoUWuRKRNVfXL5eUINdrVbTku8URREEkZ+fjzoCQMQO6l/lfT6fUqlk/Ono6GCUBQTtBCopJu4q+5KCgoILFy4w/ZxFEbwvf6VQ4fAXRdAHDsy7KLF9iVr9fAdQBqVI91P/131AbRtOaAG56vV6s7KyTCaTWq1mJAZQux0AHmf8/A8mSkSdI5aO0lRHCcKLqPqLSMELarDfvn3b6XSmp6fT/cvLywqFAhM9AiAgLfe5ubnl5WW2P+J2ApKyp/F7WgFNSUlJV1fX3r17u7q6ioqKOJ83oO7LWSmRcARl/yWC2icStfr5DggalFW6PyBX169f39bWtnv37tbW1uTkZLrT7/EHAPAY4r9WJiKizoGvqY6qHoTwG2UejyciIqK/v58gCIIgrFYrQRDBmVrjlJaW0mcQdHV18QtlK2eFX+hC7ROJWv18B1AG5ZPul+4qhmEOhyMiIsLhcDA9UCsDAAECeuqhRdQF6yd8TXUKUT0QV/WXWCtja7DjOM6vn4gcSSBo586dOxEREeyaFbtWNj4+TvejamWMHZT/KPvST0+gKConJ6e7uzs+Pp6xw4CqlXEsoMIRlP0X9EHKu4zYvnStfpQDHINSpPspdK1MRLo/oGMFFhYWUlJSzp8/r1KpBgcH6U6olQEAHz85ZnBwcM+ePZcvX3Y6nXa7vaqqymAwCP5UNzU15efnW63Wqakp+o9BlE2z2ZyTk4NqUhRVVVVVXFxst9ttNtv27dtbW1up/35ZlJWVTU1N2Wy2bdu2mUwmenxNTU1BQYHNZpuZmWlubm5sbPSbYwTt5OfnV1VVORyOkZGRwsJC5pKysrKSkpLx8XGbzZabm8vOMYJ2BP1H2RdxlSRJhULBfDZAUVRDQ0Nubq7BYGB62J9Y8O8ruFKC4fBXgfGHY4F9R+ZdwX1CUVRFRQWTzwSNV1RU0K85DqAM8reZlBwjuEyc6ZXuKkVRhw8fLi8vpyjqk08+2bFjB+oqAAD85BhBEXXBn2pBIXpB/Kr6i8jXC2qwezweo9Go0+liYmKKiorGxsb8Phw0Nzfz7YyOju7cuRPH8ezs7NbWVuYSh8NhMBhwHE9PTz99+jQ7NwjaQUnZC9oP6PQEugzINPmfWnPuK7hSguEIyv4LuifYDPREAD4cB1AGpUj3U//PMSGX7u/v78dxnH428ng86enp7e3tAVkAgMeHwGplISEzM7O3txfVRLFGDiUcGhpKSkoK191JklQqlZzvUK0EJhyJq8AhhIsSnAN+WSPbBgAeW8Kg7f9Qq/oTBJGRkRGuu1+6dKmwsDCEyldMOGFfhbA7AACAHITt/JiHiI8//jg1NbW4uHhsbKy+vr6hoSEsbrjd7ra2tgMHDqzQTqjCefDggcVi0el0K/QHAIBHmXA/SEkljEUPs9m8ffv2qKiozZs3f/nll2HxgaKoqKio0tJS/r8lBkqowqmsrFSpVB0dHSv0R1agVgYA4SX0Zy0DAAAAAE2Yz8EEAAAAHmEgxwAAAAByATkGAAAAkAvIMQAAAIBcQI4BAAAA5AJyDAAAACAXkGMAAAAAuYAcAwAAAMgF5BgAAABALiDHAAAAAHIBOQYAAACQC8gxAAAAgFxAjgEAAADkAnIMAAAAIBeQYwAAAAC5+Bdyzt4p8KfZKwAAAABJRU5ErkJggg==) --- **Screenshot:** ![animalscoco.com vulnerability](/twimages/screen-1159116.jpg) **Mirror:** [Click here to view the mirror](<http://1159116.openbounty.org/mirror/>) ### Coordinated Disclosure Timeline Vulnerability Reported:| 11 May, 2020 16:29 GMT ---|--- Vulnerability Verified:| 11 May, 2020 16:41 GMT Website Operator Notified:| 11 May, 2020 16:41 GMT a. Using the ISO 29147 guidelines| ![](/images/done.png) ---|--- b. Using publicly available security contacts| ![](/images/done.png) c. Using Open Bug Bounty notification framework| ![](/images/done.png) d. Using security contacts provided by the researcher| ![](/images/done.png) Public Report Published [without any technical details]:| 11 May, 2020 16:41 GMT