Open Bug Bounty ID: OBB-1159205
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:
      a. verified the vulnerability and confirmed its existence;
      b. notified the website operator about its existence.
Affected Website: |
espace-aubade.fr |
Open Bug Bounty Program: |
Create your bounty program now. It’s open and free. |
Vulnerable Application: |
Other |
Vulnerability Type: |
XSS (Cross Site Scripting) / CWE-79 |
CVSSv3 Score: |
6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N] |
Disclosure Standard: |
Coordinated Disclosure based on ISO 29147 guidelines |
Discovered and Reported by: |
Sprachlos |
Remediation Guide: |
OWASP XSS Prevention Cheat Sheet |
Export Vulnerability Data: |
Bugzilla Vulnerability Data |
JIRA Vulnerability Data [ Configuration ] |
|
Mantis Vulnerability Data |
|
Splunk Vulnerability Data |
|
XML Vulnerability Data [ XSD ] |
|
Vulnerable URL:
![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAAA3CAIAAABVZQ1/AAAACXBIWXMAAA7EAAAOxAGVKw4bAAAQB0lEQVR4nO2de0xb1R/Ar6W8LzBe5S0UJxCyMFwIoqLiRibBhnSRMcXqOkc2RggiYSi4IDLDJoNF0ZDFZMnARfeHMQtZFjR1mobgHgwKdggVGRQolRUG88JKV3p/f9z8bm7uq7fQ8ti+n796Tr/n+zjn3H57T9tvn8JxHAEAAAAAFyDaaAcAAACAxxbIMQAAAICrgBwDAAAAuArIMQAAAICrgBwDAAAAuArIMQAAAICr2Lw5RiqV9vf3czWBrQ4sKAA8CWzSHPPnn3/abLadO3eyNoGtDiwoADwh2Mkx4+Pjfn5+rE8tLCycOnWKq7lGOjo68vLyuJqAQ/AsosDhgYGBwuU//PBDb2/vtrY2HhmnLOga43Ki2vv37x86dCg0NDQqKuqjjz569OjR+vuwnppJJY7uDSf6AGwVVn8fMz8/39DQwNVcI5Bjtiizs7MtLS3Xr19XKBQ8Yo/ZgiqVSovFotForl271t3dXVtbu9EebWpiY2NNJtNGewGsE5vxrGx6elqn02VlZbE2gc0MhmE+Pj47d+50c3PjknnMFvThw4e9vb3ffvttVFRUYmLi2bNnf/zxx412yrWIxeKEhATqA0fx9PR0tlPAJkVQjvnqq6+kUmlwcPC77767sLCAIMjCwkJcXByGYU899VRbWxu1efbsWT8/vzNnzoSFhQUGBh48ePDhw4eEnlu3br388st+fn5RUVFvvvnmX3/9xWquo6Nj79697u7utOa+ffvOnDlDdPb393t6ehLOIAhy9OjR48eP8ws8++yz/MNpbiwvLx8+fNjPzy82NvbTTz9dWVnhCoG49+cK+YUXXvD29g4NDd2/f//U1BSCICsrK9XV1WFhYb6+vvv375+dneWxyAqrWtoRBO0c44svvhDoHoIgU1NTr7/+up+fX2Ji4vfff88/JySzs7PUXUH4c+rUqdDQ0IiIiPPnz9MWlFWAywTXpDE3J5cSVnMOqWXV7O3tPTEx4evrSwiMjIxERka6LjRWPVxTvfZJYyUqKur27dvEgxs3bhCdP//8M5c8CSFD3ajE4+bmZqlU6uvre+DAgdnZ2ePHj4eGhgYHBx86dGhxcZGQnJ6efuONN/z8/KRSaXNzM/OMjufaFLjoNO7evevr69vX14cgyOzsbGBg4G+//WY3RoCG/RyDYZhGo+nu7r5586bBYPj4448RBAkICBgaGkJR1Gw2KxQKanPfvn0Yht28ebOnp6enp6e3t7exsZFQJZPJlEqlXq/v6urKzMz08vJitch1UCaTyVQqFdF55coVm83W2dlJNFUqVW5uLr+AXC7nH05zo76+fmlpaWBgoLOzU61Wnzt3jicErpB7e3uPHDliNBq1Wm10dHRpaSmCII2NjSqVSqVS6XS6yMjIwcFBHoussKrlAcOwnv9j1z0EQUpLS/39/QcHB69evUrNMfweBgcHU3cFYXdoaEir1V64cCEzM5MQo64vU4DLBOuksW5OHiVMcw6ptTsDw8PDlZWVTU1NrguNSw/rVDtl0kIZsO4xpVK5Z88eIvcwuXXr1p49e5RKJfMpwp+uri6NRmMwGJKSkkwm08DAwPXr18fGxmpqagix0tJSDw+PkZERlUrV3t7O1MNzbQpZdGaYUqm0pqamvLwcQZDa2trc3NzXXnuNNTqAD5yXsbExBEEePHhANLu7u+Pj48mnUBSlShJNYoheryf6f/rpp7S0NBzH5+bmxGKx2WxmWtHr9XFxccRjDMNQFJ2bm2M2DQaDj48PoSE9Pb2ioqKwsJCw6O/vb7FY+AX0ej3/cJpXISEhGIYRjzUaTXp6OlcIXCHTGBkZCQ8Px3FcIpH09vYyBZgWmTI8apkrsm3btlW4Z7Vavby8qPKEHiEeUn0g7JJLSUBdUFYBLhPMSePZnKxKWM05pJZ/BiYnJ+Pj4y9duuTS0Fj1sJpzyqQRcdHA2cAwrKGhISgoqKCgQKfTkf06na6goCAoKKihoYHQz9wk8/PzRLOrq0skEi0tLZHubd++Hf//nhwdHSX6qXuSgP/atLvoXGFaLJakpKS6urqQkBCj0cgaOMCP2G4SQlGUvLGNjIycm5uzO8TLyysmJoZ4nJSUpNfrEQQJDAzMz8/PyMjYvXt3ZGRkWlraq6++Sqrt7u4mHv/yyy/p6enkjTC1GRERkZCQ0N3dnZycbDAYamtrExISVlZWVCpVdna2u7s7v0BMTAz/cGoI9+/fN5lMcXFxRNNms4nFYp4QWENGEKSvr6+qqmpwcNBisdhsNpvNtrCwMDc3l5KSQps0VosIglDfNt67d49L7SpWhEvPzMwMgiBUeX4PeUBRlHamQVtfmgCXCa5JY92cPH7SzDmk1u4M5Ofnl5eXHzhwwHWh8ehhTrWzJi0qKgoRgK+vb3V1dXFx8fvvv5+cnEx+uS45OVkmk42OjgYEBLAORFGUfCo6Otrf39/b25t0j/h2wMzMjM1mk0qlRD+5J0l4rk2Bi84apru7+zfffJOdnd3S0hIWFiZkHgAa9nOME/nhhx9u376t1WoNBkNFRcWLL7749ddfIwji5uYWERFByPB/oyw3N1elUo2OjspksoCAgNTUVLVaTT3p4hewO5zEbDaLRKKenh7yShOJRDwhcCGXy4uKis6dO+fl5TU5OZmTk0P0Mz8S57Ko0WiEq3UUh/RweegQ/N8o4zfB8z2CtfgpUC2/5unp6YGBgT/++GN1Xq3RB4vFwiW/9kljHo6R73Vo/PPPP7W1tWq1ur6+nuysr69vamoqKSmpr69/5plnhDizOhy6NpnTwhWm0WgUiURGo9HpDj8p8N/mcB2/sD7FelZ2+fJl1pMZjUYTHR1N67RarSEhIeQdMa2J43h3d3d6enpeXt7Vq1dxHG9tbS0rKwsPDzcYDEIE7A6ngqIo64kWMwSukGdmZsRiMVWemD2JRKLRaFZhkYBL7YMHD0QiEXkM0tXVxXpWZtc92lnZ5cuXyUW36yHtGIS6Q3DGgjIFeEwwJ41nc7IqYTXnkFoe96xWK3Wjui40Vj2s5hzVzOWewLOy4uJiFEUrKipMJhPtKZPJVF5ejqJocXExzrtJaJGSTWJPjo2NEf3MszIa1GtTyKJzhTk/Px8eHn7p0qWgoKDBwUEeiwAXq88xGIaJxWLy4JVsEq9o+fn5k5OTWq02NTW1rq4Ox/HBwcGcnJxr166ZTCa9Xl9UVCSTyUjNxEGqWq3esWMH2UlrEkgkEolEQshPTk76+/unpqYKF+B/lnqeW1xcnJGRQbwtamxsrK+v5wqBK2TCXGtr6/z8vE6nk8vlxOw1NDSkp6cPDAxMTk6Wlpaq1Woui1zrwqoWx/H09PSioiKj0ajT6TIzM6k5Rrh7OI7L5XKqPNnP6iF10vhzDG1BWa9/rklgThrP5mRVwmrOIbX8a8Q1D84NjVUPV45Z+6QJR6FQkDmAlbGxMYVCga8qx+A4np+fL5fLx8bGtFptSkoKLcfwXJtCFp3L55KSkoKCAhzHP//886ysLAHTANBZfY7Bcbyurs7Hx+fChQvUZnNzM4qip0+flkgk27Zte++994hP8CwWS11dXUJCgoeHh0QiUSgU5GdopJXKysqamhpSP61JUFhYmJ+fTzbT0tJoMvwCPM/SgjWbzeXl5dHR0T4+Prm5uaOjo1whEAOZIeM4rlar09LSvLy8wsPDKyoqyDdlVVVVISEhXl5ecrmcfN/HtMi1LqxqcRwfGRnZvXs3iqLJycktLS1kjkFRtLGxUaB7OI5PTk7u3bsXRdGEhISmpiayn+kh1+0scz5xxoKyXv9ck8CcNJ7NyaqE1ZxDanncY744uig0IauwuuiEb781srocYzQaZTIZiqJxcXGnT5+m5Rj+a5PmANcFSKOnpwdFUeKG3mw2x8XFtbe3rzX4J4+ncBx37uHb+Pj4jh07/vvvv1WMTUxMbG9vf/7551mbm5a1hPxEsVUWFNjkDA8Pv/LKK//+++9GOwLYZ10/87fL8PAwTxPY6sCCAk5Bo9HEx8dvtBeAIDZjLZnHg/7+/mPHjvEIPHr06O2334b3YgAghJMnT54/f/7evXs3btyoqakpLi7eaI8AQUCOcRVKpZL8tQEr7u7uHh4elZWV6+URAGxhsrKyWltbo6OjFQpFWVnZwYMHN9ojQBDO/zzmiWVhYaG1tbW6uhpBkNnZWYlEsrS0RNb+W15eViqVV65coX5s09fXl5ubOz09vTEeAwAAuBi4j3Ea1H83IMoPUxNMTk6O1WqlDQkKCsIwbF29BAAAWEcgx6wHRqMxOzubKJUIAADw5GA/xywuLh49ejQ0NDQmJuazzz4jC4kT5bgDAwPfeecdRwuPsxbcZhpCOEpzM+Gqrs81nD8onhrjXIZof3ZAcy82NvaTTz5xaGGEVEoHAADY5NjPMWVlZQaDobe3t7Ozs6Ojo7W1FUEQDMMGBgaI8uB6vZ6sv40ILjzO7GE1xCrJWmycq7o+a81zrqCE1BhnNUT7s4O1Lwx/pXQAAICtAf9PNK1WK4qi5C9+Ozo6MjIyaOXBu7q6HC08zuxhNcQqibNVFuIqX886nCcouzXGeerk8//EnbWT2kP9gwOcu1I6AADAFsLObzBnZmYsFgu1pDbxIkstDx4dHb2KwuO0Hi5DrGOZVbjHx8e5ytczh/MEZbfGOMJdJ3+NUP/gAOGulA4AALCFcPLv/B0tPL46mFW4e3p6nGti/aH+wQEBa6V0AACALYSdHCORSDw8PO7evUu86x8aGuL/XWFERISPj8/c3Nxzzz1Hdo6Pj9v1wyFDzL9UsVqtZrN5YmKCuMPQ6XRPP/20s4KiIdzQWjh27NjFixePHDmi0+mCg4NdYQIAAMDV2PnM383N7a233iovL5+YmLhz505dXV1hYSH/EIVCUVJScufOnenp6TNnzpw8eVKIHw4ZimJA9FdUVExNTRHDZTKZE4OiwWooJCTEbDb//fffCIKIRCLmr2GYWK1W8oZvcXGR+oU0DMO0Wm1zczMkGAAAti72v1f25ZdfhoeH79q1KycnJy8vr6SkxK58RkZGTk7O9u3bf//9d+FfsnLUEA0URdPS0nbt2pWZmZmSklJVVeUiW1yGfH19T5w4kZqa2tbWJpFIEAQh8g0PGo2GvA0ymUylpaXkU999911sbKxwrwAAADYhj0ktmXWrri/c0AcffKDVan/99VcugeXl5aSkpBMnThw+fNghzQAAAFuFzVXb/3GiqamJ+bkRFU9Pz4sXL7700ktkj1KpdLlbAAAA6wjcx2wWQ8vLy2Kx2M3NzemaAQAANgq4j9kskAU0AQAAHhsek/sYAAAAYBMCdZcBAAAAVwE5BgAAAHAVkGMAAAAAVwE5BgAAAHAVkGMAAAAAVwE5BgAAAHAVkGMAAAAAVwE5BgAAAHAVkGMAAAAAVwE5BgAAAHAVkGMAAAAAVwE5BgAAAHAVkGMAAAAAVwE5BgAAAHAVkGMAAAAAV/E/O5NkjTLxrdQAAAAASUVORK5CYII=)
HTTP POST data:
![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAAAjCAIAAADNIk3yAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAEJ0lEQVR4nO3cXyjrfxzH8e9s2p9m+TfFmrhy4V8ppVyJC4naFUJTrsTdcoGWREmSdrELF0su1hqxdiG5WFpbobhQSm5cLMqFXMhiQn4Xy/e3szmzHT5OOc/H1fb5s/d7V68+332/U7y+vkoAAAiQ87cbAAD8WGQMAEAUMgYAIAoZAwAQhYwBAIhCxgAARCFjAACikDEAAFE+zphIJKJQKE5OTpLG19bWCgoK5DV5eXlJu9LMxinek7Q+Xj1OqVRWVlbOzs6+vLzIH3J9fZ2bmxsOh1N7lpnN5omJiaenp/R1AQBfK9NzzNLSUtKIw+H4ZO1YLBaLxc7OzvLz82NvUpfp9fr4VDQa9fv9W1tbc3Nz8qzX69Xr9R6P53e77u/vt7e3g8HgzMxMVnUBAJ+UUcaoVKr19fWrqyt5ZH9///j4+JO11Wq1Wq3WaDTya7VanWalVqutr69fWlryer3ylMfjcTqdfr9fPqak7qqtrV1cXNzY2Mi2LgDgMzLKGI1G09nZ6XQ65RGHw9HX1yesqw+aeX5+jr8+Pz+/vLzs7+9vaGjY3t5Ov4vDCgB8s0yvlY2NjS0vLz88PEiSdHFxsbOzMzIyIrKx911fX9vtdovFEn/rdrvjUTcwMJB6uUx2e3s7PT3d0dHxTV0CACRJyjxjGhsba2pqVlZWJElyOp29vb3FxcUiG/tfNBo1Go1Go7GoqKi8vLyiokL+ZcXj8VitVkmSLBZLMBi8u7tL3WU0GktKSgwGw8LCQvpCFxcXlZWV4r4IAPxrVJkvHRsbs9lsVqvV5XLt7e2J6ymJTqeL//aTk5NTUlKiVCrj44eHh3q9vrq6WpIkrVbb3t7u8/kGBweTdgUCgfHxcZfLpdVq0xcqKyv7zu8FAD9eFs/HdHV1qVSq7u7upqamqqqqxCmdTheLxRJvKY5Gozqd7mtazMkxmUwmk6m0tFQOGEmS3G736empfFjx+Xxutzt11+DgYHFxscvl+rCQUqksLS39kp4BAFK2z2DabLadnR2bzZY0bjQaCwsLDw4O5JFQKFRXV/cFDf7Gy8vL+vp6KBQ6fnN6enp0dJR485vMbrcvLCw8Pj6K6wcAkCq7jLFarbu7u62tralTU1NTQ0ND4XD45uZmc3PTbrfb7fbEBY+/Sjz0/IFAIFBYWNjY2Gh6Yzab29raEm9rlvX09BgMhtXV1Q8/lhwCgC+UXcao1eqWlpZ3p0ZHR4eHh61Wa1lZ2fT0tMvlam5ulmej0ajmV5lcvErD4/F0dnYmDXZ0dCReLks0OTk5Pz+f+gxNokgk8m03MgDAv0Dx+vr6t3sAAPxM/CcmAEAUMgYAIAoZAwAQhYwBAIhCxgAARCFjAACikDEAAFHIGACAKGQMAEAUMgYAIAoZAwAQhYwBAIhCxgAARCFjAACi/Ad+Z4gzyJSJsAAAAABJRU5ErkJggg==)
Screenshot:
Mirror: Click here to view the mirror
Coordinated Disclosure Timeline
Vulnerability Reported: |
11 May, 2020 20:54 GMT |
Vulnerability Verified: |
11 May, 2020 21:02 GMT |
Website Operator Notified: |
11 May, 2020 21:02 GMT |
a. Using the ISO 29147 guidelines |
|
— |
— |
b. Using publicly available security contacts |
|
c. Using Open Bug Bounty notification framework |
|
d. Using security contacts provided by the researcher |
|
Public Report Published |
|
[without any technical details]: |
11 May, 2020 21:02 GMT |
Additional notification email sent: |
26 July, 2020 10:50 GMT |