logo
DATABASE RESOURCES PRICING ABOUT US

survey.gov.lk Cross Site Scripting vulnerability

Description

Open Bug Bounty ID: OBB-1159859 Following coordinated and responsible vulnerability disclosure guidelines of the **[ISO 29147](<https://www.iso.org/standard/45170.html>)** standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence. Affected Website:| **[survey.gov.lk](<https://www.survey.gov.lk>) ** ---|--- Open Bug Bounty Program:| **Create your bounty program now**. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| **[XSS (Cross Site Scripting)](<https://www.owasp.org/index.php/Cross-site_Scripting_\(XSS\)>)** / CWE-79 CVSSv3 Score:| 6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N] Disclosure Standard:| Coordinated Disclosure based on **[ISO 29147](<https://www.iso.org/standard/45170.html>)** guidelines Discovered and Reported by:| **rahul83636534 ** Remediation Guide:| **[OWASP XSS Prevention Cheat Sheet](<https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.md>)** Export Vulnerability Data:| Bugzilla Vulnerability Data JIRA Vulnerability Data [ Configuration ] Mantis Vulnerability Data Splunk Vulnerability Data XML Vulnerability Data [ XSD ] Vulnerable URL: ![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAAA3CAIAAABVZQ1/AAAACXBIWXMAAA7EAAAOxAGVKw4bAAARC0lEQVR4nO2dfUxT1/vAj7XUipe30nYodQOzMTSENYQxzZxhbL6EMcLQIWOdMiWIhDFDcFG2uc4xZQrGoWPLggYN2YwxhDBDnEG3dIw4ZFBZZV1FrBVrp4hUKytYvd8/Tn7nd9f70ooUKns+f91z7nPOec5zTvvcc87t02k0TSMAAAAA8AGiyVYAAAAAmLKAjwEAAAB8BfgYAAAAwFeAjwEAAAB8BfgYAAAAwFeAjwEAAAB8hf/6mOjo6HPnzvElgQnDryzvV8qMC1OvRwDAxE99zB9//PHgwYPnnnuOMwlMGH5leb9SZlyYej0CADc8+JjLly8HBQVx3rLb7Tt37uRLPiJNTU3p6el8SeBRYI6pwPhivLf85cuXw8LCxksxAWU8ik0wj6KPgHknppv79u2Ljo6eNWvWCy+8cOrUKV83B/wHGfs6ZmhoaMeOHXzJRwR8jJ/gV5b3K2XGhcnt0b59+/bu3Xvw4EGLxfLBBx9kZ2f/+uuvk6UMMFURT7YCHFy7ds1kMiUnJ3MmgQnDryxPlLFarZOty/ggbF6xWBwTE+NTBSoqKurr619++WWE0MqVKwcGBioqKn744QefNgr81/BqHfPll19GR0eHh4e/8847drsdIWS326OiohwOx7Rp0w4dOsRM7tmzJygoaPfu3U888URYWNjatWv/+ecfXM/Zs2dfeumloKCgyMjIlStX/vnnn5zNNTU1LVu2LCAgwC35xhtv7N69G2eeO3duxowZWBmE0IYNGzZv3iws8MwzzwgXd1ODra3b9gXZHcL5O3fuVCgUs2fPPnDgwOrVqz///HMiuWjRokOHDiGERkZG1q9fHxQU9NRTT33yySf3799HCH311VfLly8nwh9++OHatWuZmly7du21114LCgqKjo6uqqoiW1J3797dsGGDQqGYO3fup59+imvja9oj58+fDw8P/+WXXzgHgnPsrl69unz58qCgoGefffa7777DpTwOE58dMF988QV75iDWrGDPST6D4NGpqqrCm0KrV6++efPm5s2bFQpFeHj4u+++e/fuXVxcQCtSD+fE5tNHuAjp0aVLl2bNmtXV1YUQunnzZlhY2E8//RQZGfn7779jyR9//NHj8BEZ9khxTgm73W61WhcvXkzy161bt3//fo8NAcDDQQtiNpsRQrm5uVartbe3NyUlpaCgAN8yGo0URTmdTpfLxUz29fUhhFatWmWxWHp7e+Pi4rRaLS6iVCpra2sHBwf7+vr27NnT19fH2Whqamp9fT07WVtbu2zZMpxZXl4uFouPHDmCk/PmzTt9+rSwQGlpqXBxNzXY2prNZoqimMYJDQ0lVlqzZo3NZjtx4oTRaDx27FhiYiIWs1qtUql0aGiIpumysrLs7Oy+vr6enp7k5OT9+/fTNN3f3y+VSm/fvo3l4+LiGhsbmZpkZmZmZGTYbLbe3t74+HjcKE3T69atS0tLs1gsBoMhISGhurqapmm+pplqk16Q66GhoZiYmG+//ZZvIDjHLiMjgznQWDGPw8RnB2xGzpnDVEZgTnIaBMtrNJr+/n6TybR48WK5XI6L42VEcXExLs6pFdNunOoJ6ONlj7ChlixZQtN0YWFhTk4O/W8iIiJSUlI6OjpoLtrb21NSUiIiIvhGinNK4FnHWSEAjCNe+Rjy9dfW1jZv3jxyy+0LFydxEYvFgvMbGhrw/B4cHBSLxU6nk92KxWKJiorC1w6Hg6KowcFBdtJqtQYGBuIakpKSSkpK8KfRbDYHBwePjo4KC1gsFuHiTJU4tRX2MURnmqaHh4dxizRN19TUpKen43y5XO5wOPC1Xq9PSkrC1wsXLjx27Bhpgtmuy+WSSqXEHzc0NOBGXS4XRVEkv6mpaeHChQJNc/aCXKemphYWFjLFmJbntAZWjDnQWDGPw8RnB76Z46YM35zkMwiWJ462tbVVJBINDw+T4k8//bTw6BBbcaon/Bnxpkc0TY+OjsbGxmq1WrlcbrPZ3IbM4XDs2LFDJpNlZWWZTCaSbzKZsrKyZDLZjh07sOacI8U5JZjToLS0VC6Xy+VyojkAjBeefQzntyrnLeJjmM9HPT09SqUSX2dnZ6vV6pKSksrKyp9//pnIuFwuq9WKrxsaGlJSUsgtt6RarT59+rTNZlOpVENDQ0ql0uVy1dbWZmZmeiPgsTgTtrYCPoaZT4rj5+hXX30VP64ODg4ihOT/h0wmI5apqKjIzc2laXr//v1ZWVnMeqxWq0QiYdqTfJUz800mE3mSZTfNhO1jysrKRCLRwYMHmWJulmdbAz8RsxXzaGc+OwjMHKYyfKPAZxCBOcxMCowOkeRUT/gz4k2PMC0tLQghPHCcDA4OZmRkiMVikiMWizMyMtzWqZyfMvaUYK5j8LLmzJkzTMsAwLgwob+P+f7772tra+Pj40dHR0tKSt577z2cP3369NmzZ+Nr4TfKUlNTW1pajh8/npaWFhISolardTpdS0tLamqqNwIei3ujrZdkZWU1NjbeunWrvb0dd8HpdIpEoo6ODr1er9fru7u79Xo9Fs7MzGxubkYIHT9+PDMz86Ea8qZpAYaHhxsaGo4cObJlyxZykIBYln8oawjbWcAOfEzA+1dj0OpRYPfIZrOJRCKbzcYpf/HixaKiIp1Ot337dpK5fft2nU5XWFh48eJFksk5UuwpgZfL9+7dQwiFhIRERkZKJJLAwEBfdBb4TyPsgsa2jkGM/YHGxkayP8BEr9erVCq3TJfLJZfLyXaHW5Km6ba2tqSkpPT09ObmZpqma2pqiouLIyIiyDJIWMBjcT6wtrdv3xaJRGRXpLW1VWAd43Q6ZTLZ3r17mYskiqI6Ozs5m4iLi2tpaQkNDSX1EyNIpVKz2YyTHvfK+JomuK1jxGJxT08PTdNpaWlFRUWkUTfLs63htlfW2NhI5oZHO3PagW/muCnDNycF9sq8WcfwaeVRPeHPiDc9oml6aGgoIiLiyJEjMpkMDweTgoICiqJKSkoGBgbcbg0MDGzatImiKHIIxIR8yjinxJw5c5jbCZWVlStWrODrPgCMjbH7GIfDIRaLye4wSZJzzv7+foPBoFar8TlnT0/PihUrTp8+PTAwYLFY8vLy0tLSSM14B1mn08XFxZFMtyRGqVQqlUos39/fHxwcrFarvRcQvks2svm0TUpKysvLs9ls+PRYwMfQNJ2TkxMcHHz06FGSU1BQsHDhQoPBYLVad+3atX37dnJr27Zt8fHxbJvQNL1q1aqMjAyz2WwwGJhn/nl5eenp6W5H3HxNk9pu374tFouNRqPL5WJqbjQapVJpd3c32/J81sBn/mSgmd/dwnbmtAPfzHFTRmBOchrEex/DqRWxG596Hn2Mxx7RNF1YWIj3SMvLy5OTk+l/o9FoyEMGJ2azWaPRCIwUzTUlqqur8VsY169fr6+vl8lkbW1tAq0AwBgYu4+haVqr1QYGBtbV1TGTVVVVFEVVVFQolcrQ0NA1a9bg89XR0VGtVhsTEyORSJRKpUajIWebpJXS0tKysjJSv1sSk5OTs2rVKpJMTEx0kxEWELjL7CyftvjFIYqiFixYUF1dLexjGhsbKYoix8s0TTudzk2bNqlUqsDAwNTUVOaTLN6ZIcZk1mmz2dLS0iiKioqKqqioYLr5/Px8uVyuUqm0Wi1+wY+zaTcNt2zZggfOLb+4uBi/3eRmeT5r9Pf3L1u2jKKomJiYyspK5twQHgVOO2Bldu3a5TZz3JQRfu5hG8R7H8PWin12xZ7YHtf67CJuPero6KAoCi93nE5nVFTU4cOH6TEh8Cljz0aapqurq6OioiQSSUJCAvvVSgB4dDz4mDHA94XrDTExMWfOnOFLTm0cDodUKmW+nMaJ0Wh0O4v2BX5leT9RZgwTm6+In/QIACYA//qd/19//SWQnNqcPHly8eLFHkN+6fX6efPm+VoZv7K8XykzLky9HgEAH34ad/lx59y5cxs3buS7e+/evbfeeuvvv/8mOXa7Hb+1zCn/2WefHThw4MaNG7/99ltZWVlBQcH4awwAAOADwMf4hNzc3KioKL67AQEBEomktLSU5JD9ek755OTkmpoalUql0WiKi4vdIs0AAAD4LdNomh7fGi9fvhwXF3fnzp3xrVOtVt+6dWsc6xxf7HZ7TU3N1q1bEUI3b95UKpXDw8MzZsxACN26dau4uLi5uVkqlWo0mvLy8oCAgK6urtTU1GvXrk224gAAAD4E1jHjA/OvDRwOR2BgIHYwCKF169Y9ePCgu7u7paVFp9NhMZlM5nA4Jk1dAACACQF8jG8ZGRk5fvx4TU1NZGTk/PnzKysrjx49OtlKAQAATBCefQw7XjozWHpYWNjbb7/NjEHifT04/+zZs4sWLZo5c6ZCoXjzzTevXr2K8znjxnPCF0GdHXKfTw0vw7/zNeT2TwdM3ZxO54MHDyQSCU5KpdLh4WF2F7wJ3g4AAPDY4dnHFBcXW63Wzs7OEydONDU11dTUIIQcDkd3d3dbW1t7e7vFYikrKxtbPQihzs7O/Px8m81mMBhUKlVRURHOLyoqCg4O7unpaW5uZvoYBQusT3t7e0dHR0dHR2dn565du7Cww+EwGo0Gg6Gurg7/VQafGg6HQ6/Xt7a26vV6q9UaGxs7MDDQ3d195swZs9lMOsjZUEhICPlrA41Gw+x1SEhIQkJCWVnZvXv37ty5o9VqExMT2cbJzc195ZVXyP+FAAAATBGEfz7DGQPKLZh5a2srMyQ45+/OBIJrMent7cWxcvnixtM03c9COOg681eNjxj+XSBUO2fAfExPT49arSYBB0+ePMmW4QveDgAA8FjjYR1z/fr10dHR6OhonIyNjcXfsxRFkX+EVKlUOC76GOpBCHV1dS1dujQyMlKhUCQlJTmdTiyPEJo7dy6RJ1VFskAISaVSprDFYsHXFEUxf9UooAZFUSEhIaRHwcHBM2fOxMk5c+YMDAzga76GBJg/f35XV9f169fLy8sTExOXLl3Klpk1a9bWrVt7e3tHR0cXLFjgsU4AAIDHgsk/88/IyFiyZIlOp9Pr9Ti+vTCce2X+T2Bg4N69e7dt28YnwBm8HQAA4LHGQywZpVIpkUguXbqEn/2NRqPATwvHUM+NGzesVuvHH3+MxchyQalUIoSuXLmCFw0mk4lUxf5XD5fL5XQ6mcJPPvmkj7rjZUNs6urq5HL566+/znl348aN9fX1+fn5JpMpPDz8oVQCAADwWzysY6ZPn56dnb1p06YrV66cP39eq9Xm5OR4U+/Iv0EIcdajUChkMtnXX39tt9svXLig1WpJuytWrCgpKbl69SqWJzVz7pUhhJjCaWlp49sdJpwNyeVyp9N54cIFhJBIJHK5XMwi9+/fr6ioYPbC5XKJxf/v4B0Oh8FgqKqqAgcDAMCUwuOJDTteusdg6exWvvnmG75A9DqdLjExUSqVRkRElJSUMM/2+eLGu+Fl0HW+7rAl+cK/8zWEIf904HQ6pVIp8+j+8OHDCQkJTDWOHTsWHx/vyfYAAACPN+MfS2bi8UX0mkds6P333zcYDKdOneK8OzIyEhsb+9FHH61fv368dQQAAPAj/Cu2/5ShsrJS4N/gZ8yYUV9f/+KLL06kSgAAABPP5L9XNiUJCAh4/vnnBQTAwQAA8F8AfAwAAADgK6bCeQwAAADgn8A6BgAAAPAV4GMAAAAAXwE+BgAAAPAV4GMAAAAAXwE+BgAAAPAV4GMAAAAAXwE+BgAAAPAV4GMAAAAAXwE+BgAAAPAV4GMAAAAAXwE+BgAAAPAV4GMAAAAAXwE+BgAAAPAV4GMAAAAAXwE+BgAAAPAV/wOgP7+nJvcvLgAAAABJRU5ErkJggg==) --- **Screenshot:** ![survey.gov.lk vulnerability](/twimages/screen-1159859.jpg) **Mirror:** [Click here to view the mirror](<http://1159859.openbounty.org/mirror/>) ### Coordinated Disclosure Timeline Vulnerability Reported:| 13 May, 2020 08:08 GMT ---|--- Vulnerability Verified:| 13 May, 2020 08:17 GMT Website Operator Notified:| 13 May, 2020 08:17 GMT a. Using the ISO 29147 guidelines| ![](/images/done.png) ---|--- b. Using publicly available security contacts| ![](/images/done.png) c. Using Open Bug Bounty notification framework| ![](/images/done.png) d. Using security contacts provided by the researcher| ![](/images/done.png) Public Report Published [without any technical details]:| 13 May, 2020 08:17 GMT