jobsearch.asme.org Cross Site Scripting vulnerability

2020-05-13T12:40:00

Description

Open Bug Bounty ID: OBB-1160028 Following coordinated and responsible vulnerability disclosure guidelines of the **[ISO 29147](<https://www.iso.org/standard/45170.html>)** standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence. Affected Website:| **[jobsearch.asme.org](<https://jobsearch.asme.org>) ** ---|--- Open Bug Bounty Program:| **Create your bounty program now**. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| **[XSS (Cross Site Scripting)](<https://www.owasp.org/index.php/Cross-site_Scripting_\(XSS\)>)** / CWE-79 CVSSv3 Score:| 6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N] Disclosure Standard:| Coordinated Disclosure based on **[ISO 29147](<https://www.iso.org/standard/45170.html>)** guidelines Discovered and Reported by:| **H_chabik ** Remediation Guide:| **[OWASP XSS Prevention Cheat Sheet](<https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.md>)** Export Vulnerability Data:| Bugzilla Vulnerability Data JIRA Vulnerability Data [ Configuration ] Mantis Vulnerability Data Splunk Vulnerability Data XML Vulnerability Data [ XSD ] Vulnerable URL: ![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAAA3CAIAAABVZQ1/AAAACXBIWXMAAA7EAAAOxAGVKw4bAAARu0lEQVR4nO2dfUxT1/vAr6VigUuRQivWOl5CkBADxDiimTqny0YYIcwhvqwqKmFoUAlxDp1zHW6IbBrHFmYMGtzMtpjFEP4gzjCzNJU4ZN2VNQw7dFixMiwIXWW8VO7vj5Pfzd19p+VS8Pt8/uo5PX2e5zzPuX16TnufziFJEgMAAAAAGVAE2gAAAADguQVyDAAAACAXkGMAAAAAuYAcAwAAAMgF5BgAAABALiDHAAAAAHIxc3NMfHz87du3+ZpAwJE7IjMw4jPQpEARcFeAAbOFGZpjfv/994mJibS0NM4mEHDkjsgMjPgMNClQBNwVYMAsQiTH3L9/Pzw8nPOpoaGhEydO8DX9pLGxMScnh90UsEf02WljhpghK3JHhLEApgFRU+U2iWGAlAvqyZMnO3fu1Gq1ixYteu+998bHxzEM6+/v37ZtG+o8fPgw6hToxzBsdHR0y5Yt0iNFueKff/45cOBAbGxsSEjIkiVLTp48+ezZM5+nzAmnH3yLhZ/W+m/A/ya+72MGBwcrKyv5mn7Cl2NiY2NdLtdUaQF8Ru6IzMBreJpNknJBFRQUjI2NEQRx/fr1lpaWY8eOYRi2ffv2iYkJ1Pnzzz9XVFSgwXz9o6OjmZmZXq9Xum2UK3bt2uVwOK5du+ZwOGpra69evWq1WqXLkbJ4OP3gWyz8tNZ/A/5HIQXp7u7GcVzKUwIjJ4vT6Zw/f/7Y2Bhn0zdrp5MZYoZ8yB0R6fKnEGFTp8GkyV5Qw8PDBoPB4/GgZmtra2JiosfjUSgUg4ODqNNisSQlJZEkydePFH388cfSI0W5Ynh4WKlUUjJlgm2Yb7GYQmsDsj5nL5L2MZ9//nl8fHxUVNS2bduGhoYwDBsaGoqLi/N4PHPmzLl48SK9efr06fDw8E8//XTBggWRkZE7duz4999/kZxbt26tXr06PDx80aJFb7311h9//MGprrGx8bXXXps7dy67Sd9cP3369J133tFqtYsXL/7oo4+obe/Jkyelqx4dHd29e3d4eHhsbOyHH36IhNy6dWvlypUhISFarXbjxo0PHz6kVJ84cUKr1S5cuPD8+fMYhj179uzw4cMLFiwICwvbuHFjf3+/gNMYcGrhtBOpPnXqVHx8fFhY2KZNm/r7+999912tVhsVFbVz586nT58KTIcOp9M4p/bo0aM33ngjPDw8Pj7+1KlTkZGRnAGa8ogw5HMO45um/4Hjixp7ygyBfAuJL5qU5Pv379N9i2BcX5yiQkJCHjx4EBYWhl7S1dWl1+tdLldoaGhERATqNBgMfX19GIbx9WMYFhsb+/7777PXJ8WPP/5Ib1KumJiYwDBMqVRyvortYbbfKFegB+w3DbYfGLFg2CZgv4C1mzZt+uSTT6jmypUrL168KHH9A6KI5xiPx0MQREtLS2trq9PpLC8vxzAsIiKis7MTx/GRkRGj0Uhvvvnmmx6Pp7W1ta2tra2tzWq1VldXI1HZ2dkFBQUOh8NisaxatUqlUnFq5DsoY7B//36n02m1Wq9evdrY2FhbW4usbft/pKiuqKgYHh5ub2+/evWq2Ww+e/YshmFWq7WoqKi3t9dmsxkMhpKSEsoVnZ2dNputvr5+1apVGIZVV1c3Nzc3Nzfb7Xa9Xt/R0SHgNAacWvjsRAItFgtBEE6nMzk52eVytbe337x5s7u7+8iRIwLTEXUa59RKSkqCg4O7urqam5u//vprgQBNbUQY8jmH8U3Tz8AJRI0xZbZATpMkLng2jOtLVNSdO3cOHjz42WefSZQvkVu3bq1fv76goIDeSbkiLCwsKytr8+bNN27coD7lUPB5mOE3Cs43DbYfsP/GoqCgYP369b/++quo/QLW5ufnNzQ0oMePHj0iCCI3N9eH9Q9wI7zN6e7uxjDM7XajZktLS0JCAvUU59YevcThcKD+K1euLF++nCTJgYEBpVI5MjLC1uJwOOLi4tBjj8eD4/jAwABnk9Li9XpxHL937x7qb2xsXLFihQ+qo6OjqdMGgiAyMjIYA7q6umJiYqh5UZYgdDqd1WqV7jQ+kBY+O5FA+kGHQqEYHh6m5CcmJkqZDqfTOKfm9XpVKhU18sqVK/Pnz0eP5Y4IXT7fMNGokZMPnEDU2FNmC2SbJBBNxoWDfCtwVibgLpIke3p6EhISvv/++0kJpwLKaZXdbs/Pz9doNJWVldS82K5wu93l5eVJSUlKpTIxMdFkMnm9XvQUn4fpfhN902Abxn5/qKys1Gg0+fn5drtd2H4+a4eHh9VqNdJeW1ubk5Mjff0DonDvc+ngOE5t7fV6/cDAgOhLVCrV4sWL0ePk5GSHw4FhWGRkZF5e3ooVK9atW6fX65cvX/7yyy9TYltaWtDja9euZWRkUDtTRpOir69vbGwsPj6e0oKW6aRUP3nyxOVyxcXFofETExNoK/3bb78dOnSoo6NjbGxsYmIC7bKRK+iWDA0NDQwMpKam+uY0thYBF+E4Tj/oUKvVISEhlHz0xSnfdESdxp5aX1/fxMQEfST1lKwRYcjnHCYwTT8Dxxc19pQZAjlNEpjjZBEWlZeXV1paumnTJt+Ec5KSkpKdnX3v3j1q1SEYrkBnXydOnBgdHbVarWVlZV6v9/jx4wIeZq8cBOc6YcMwICws7PDhw8XFxbt27UpJSaF+LMdpP5+1ISEhWVlZDQ0N+/btu3LlSkFBgQ/rH+BjWu+P+e677+rq6lJTU8fGxsrKyvbt24f6g4KCFi5ciB5LPCibEtUjIyMKhaKtrY0gCIIg2tvbCYLAMCw3N3fNmjVms5kgiKamJmHJQUFBvpnEqYXPRVLgm87UImtE2PLZwwSmKVPgRKfMZ5I/0WTAJ+rRo0ft7e3+SOakoqLCbDbv3bv37t279H4+V8ybN2/lypU1NTWXL1+mOn2+NARgG3D37t2SkhKz2Uz9Ug7jt5/PWnRc9uTJk9bWVuFYw0HZpBHe5ghssSWelTU0NFDbXjoEQRgMBkan1+uNjo6mtqiMJjnJkxkpqnEcZ+zo+/r6lEolfTDnaQNCp9MRBMHoFD2XENDCaaewQHqTPR06AmdljKmhs4Lu7m7UpM4K5I4IWz7nMM5p+hk4PicLTJmOsOfpxrvdboVCQR3KWSwW0bMyPlHIPLptPvyujE+dy+UqLS3Fcby4uJjSxXAF/RiNJEmz2UwdMIp6mJT2pkF/FduA4uJiHMfLyspcLhfDS2z7BawdGRnRaDRnzpzZsGEDOZn1D4jie47xeDxKpZI6A6WaaLnk5eX19PTYbLb09HSTyUSSZEdHR2Zm5vXr110ul8PhKCwszM7OpiSjs2az2bx06VKqk9Fk2FNYWJiTk+NwOGw227Jly2pqanxQXVxcvGLFCpvN5nQ6q6urKyoqSJLU6XS1tbWDg4N2uz03N1fgraqysjIjI6O9vb2npwd9mBJ2Gv1Ina2Fz07pOYZzOnS9bKfxTS0vLy83N7e7u9tms6WmpiIVckeEIZ9vGN80/Qkcn5OFp0zBNklg1WVkZBQWFvb29trt9lWrViFFbrdbqVR2dnaiLwno15eUa4ciMzPTaDQ6nU4k/OjRo8L9ApNC/UajET1muKKzs1On0507d87pdA4ODqJnKysrJXqYZOUY9jph+IEdC6PRSGUCTij7ha0lSXLr1q1qtfry5cuoKXH9A6L4nmNIkjSZTKGhofX19fTmqVOncByvqqrS6XTz58/fvn07+nZ6bGzMZDIlJSUFBwfrdDqj0djb28vQcvDgwSNHjlDyGU2GPR6Pp6ioKDo62mAwoK/v0LPV1dXSVY+MjJSWlhoMhtDQ0KysLPQJxWw2L1++XKVSxcTElJWVCbxVeb3eQ4cORUdHq1Sq3Nxc9GFK4veubC18dkrPMZzTEXYa39R6e3uzs7NxHI+Li6uqqkIq5I4IQz7fMM5p+hk4PicLT5mCbZLAquvq6lq3bh2O4ykpKTU1NVT4ysvL2RdUfX298LXD2AH39fVt3bpVo9Ho9fry8nLqNg6+foFJMWC7oqmpae3atWq1OjQ0NDU19dy5c9I9TP43x3C+aTD8wDZgUghYS5JkQ0MDjuOUXonrHxBFJMf4gD93ICYlJd28eZOv6adwwGfQZ0BS/oiw5QecGWhSoJDPFRJXUaBiIbD+AVHEf1c2ndy5c0egCQQKgiASEhIw+SMyAyM+A00KFAF3RaAMmLb1/1wyQ+suczI+Pt7S0mIwGPgG3L59e8+ePdNp0mQZHx/fsmXL33//jZqiBjPGTyfHjx8/f/7848ePf/nllyNHjhQXF3OaJxwRAJilSFn/gBRmU44pKioqKSkRKBRYUFBA3aMwM5k7d25wcPDBgwdRU9RgxvjpZO3atbW1tQaDwWg07t+/f8eOHewxohEBgFmKlPUPSELKgVpNTU1CQkJwcHB6enpTU5PoeDm+NeH8BTAdl8ulUCj47oX2mdLSUpVKVV9fP1WTslqt6P5ztsEjIyObN29maKHG+wCnQAAAgGlD/PuYL7744vTp0+j+r+bmZqPR2NDQsHr16mnIf5PC4/GEhobOmzdvCmX29/fX1NRYrdalS5cGBQVNSRF7jUbj8XgwlsGoxHp0dDTf+MnCJxAAAGDaED8rq6qqunDhwvr167Va7ZYtW44dO0aVNXzuQWkgLS0N3bE8tQmMQW9v76uvvjqFZQ2nXCAAAMBkEckxQ0NDTqeTXiF1zZo1qIQqveB8ZGTk22+/zVnBngFf+XfOquwPHz58/fXXw8PDlyxZ8u23305qYpzF2wUq27Mn0t/fT68rzqhDzi5RLqX2vgCiJdYxaZXMJyUQAABAVkRyjMfjUalU9H9KUKvVbrebera9vR3VQnc4HFSFeQH4astzVmUvKSlRq9UdHR1NTU30HKNlwVbEWVpcoLI9eyJRUVHsuuLUeEaJcom19/2Er5K5FIcAAAAEAOGva9hfdN+7d4+6fRqj1UK3WCx8Zf8p+OplMUBV2VHJIHq5b+o7/x4WbKXs0uLCle1FJ8Koe8EoUY5Jq71Psu5tZsxd4F5okr+SOadD+AQCAABMGyLf+SuVSsYffdNLqdNroRsMBtGy/wK15dlV2dH/9NHLfVNyFi1aJKyIs7S4cGX7SU2EXaJcSu19/+GrZC7qEAAAgIAgkmPQSdH4+Dh1XOZ2u9Vq9ZTbkZubW1hYePbsWZVK1dPTk5mZKTCYfRb0+PFj9jA5SosHnLt37x47doxRyVyiQwAAAKYZkRwTERGh1+stFssrr7yCeiwWS0pKim/KdDpdcHDwX3/9hTYTnZ2d6A7Ex48fO53ODz74AA1Dn/p1Oh2GYQ8ePEBbGbvdTskR/VuUiIgIjUZz+/bttLQ0Ue2ziD179ly6dKmoqMhut0dFRVH9cvxPDAAAgP+I3x9TXl6+a9euurq69PT05uZmk8lE/fe1MKOjo//RpFQGBQVt3ry5tLT0yy+/dLvdJpMJ/dW2VqvVaDRfffXV1q1b+/r6TCYThmFBQUGZmZllZWVnzpwZHBxEnQjOoyGFQkE/1istLS0qKqqrq9NoNFVVVfn5+atXr+bUPs14vV502MgwWHQ8hmEej8dms8XGxjLGwFkZAAAzE/H7Y/bt21dWVlZUVKTX66uqqi5duiTlBkz0gzQ6dXV1GIadOXMmJiZm2bJlmZmZOTk5e/fuReN/+OGHCxcuxMTErFmzBpWfwzAMJYPk5OQNGzYwftnFBu17/vzzT9Q8dOjQ2rVr161bl5iY2NPTg/ZefNqnE4IgXnjhBbbBouMxDPvmm2/YCQYAAGDGMockyUDbMGUcOHDAZrP99NNPgTaEl9HR0eTk5KNHj+7evRuTYDBjPAAAwOziucox4+PjBEG8+OKLgTZEiBs3brz00kvosRSD6eMBAABmF89VjgEAAABmFLOptj8AAAAwu4AcAwAAAMgF5BgAAABALiDHAAAAAHIBOQYAAACQC8gxAAAAgFxAjgEAAADkAnIMAAAAIBeQYwAAAAC5gBwDAAAAyAXkGAAAAEAuIMcAAAAAcgE5BgAAAJALyDEAAACAXECOAQAAAOQCcgwAAAAgF5BjAAAAALn4P8nguDlBMFXBAAAAAElFTkSuQmCC) --- **Mirror:** [Click here to view the mirror](<http://1160028.openbounty.org/mirror/>) ### Coordinated Disclosure Timeline Vulnerability Reported:| 13 May, 2020 12:40 GMT ---|--- Vulnerability Verified:| 14 May, 2020 14:44 GMT Website Operator Notified:| 14 May, 2020 14:44 GMT a. Using the ISO 29147 guidelines| ![](/images/done.png) ---|--- b. Using publicly available security contacts| ![](/images/done.png) c. Using Open Bug Bounty notification framework| ![](/images/done.png) d. Using security contacts provided by the researcher| ![](/images/done.png) Public Report Published [without any technical details]:| 14 May, 2020 14:44 GMT

{"id": "OBB:1160028", "type": "openbugbounty", "bulletinFamily": "bugbounty", "title": "jobsearch.asme.org Cross Site Scripting vulnerability ", "description": " \n\n\nOpen Bug Bounty ID: OBB-1160028\n\nFollowing coordinated and responsible vulnerability disclosure guidelines of the **[ISO 29147](<https://www.iso.org/standard/45170.html>)** standard, Open Bug Bounty has: \n\n&nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; \n&nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence.\n\nAffected Website:| **[jobsearch.asme.org](<https://jobsearch.asme.org>) ** \n---|--- \nOpen Bug Bounty Program:| **Create your bounty program now**. It's open and free. \nVulnerable Application:| Custom Code \nVulnerability Type:| **[XSS (Cross Site Scripting)](<https://www.owasp.org/index.php/Cross-site_Scripting_\\(XSS\\)>)** / CWE-79 \nCVSSv3 Score:| 6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N] \nDisclosure Standard:| Coordinated Disclosure based on **[ISO 29147](<https://www.iso.org/standard/45170.html>)** guidelines \nDiscovered and Reported by:| **H_chabik ** \nRemediation Guide:| **[OWASP XSS Prevention Cheat Sheet](<https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.md>)** \nExport Vulnerability Data:| Bugzilla Vulnerability Data \nJIRA Vulnerability Data [ Configuration ] \nMantis Vulnerability Data \nSplunk Vulnerability Data \nXML Vulnerability Data [ XSD ] \n \nVulnerable URL:\n\n![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAAA3CAIAAABVZQ1/AAAACXBIWXMAAA7EAAAOxAGVKw4bAAARu0lEQVR4nO2dfUxT1/vAr6VigUuRQivWOl5CkBADxDiimTqny0YYIcwhvqwqKmFoUAlxDp1zHW6IbBrHFmYMGtzMtpjFEP4gzjCzNJU4ZN2VNQw7dFixMiwIXWW8VO7vj5Pfzd19p+VS8Pt8/uo5PX2e5zzPuX16TnufziFJEgMAAAAAGVAE2gAAAADguQVyDAAAACAXkGMAAAAAuYAcAwAAAMgF5BgAAABALiDHAAAAAHIxc3NMfHz87du3+ZpAwJE7IjMw4jPQpEARcFeAAbOFGZpjfv/994mJibS0NM4mEHDkjsgMjPgMNClQBNwVYMAsQiTH3L9/Pzw8nPOpoaGhEydO8DX9pLGxMScnh90UsEf02WljhpghK3JHhLEApgFRU+U2iWGAlAvqyZMnO3fu1Gq1ixYteu+998bHxzEM6+/v37ZtG+o8fPgw6hToxzBsdHR0y5Yt0iNFueKff/45cOBAbGxsSEjIkiVLTp48+ezZM5+nzAmnH3yLhZ/W+m/A/ya+72MGBwcrKyv5mn7Cl2NiY2NdLtdUaQF8Ru6IzMBreJpNknJBFRQUjI2NEQRx/fr1lpaWY8eOYRi2ffv2iYkJ1Pnzzz9XVFSgwXz9o6OjmZmZXq9Xum2UK3bt2uVwOK5du+ZwOGpra69evWq1WqXLkbJ4OP3gWyz8tNZ/A/5HIQXp7u7GcVzKUwIjJ4vT6Zw/f/7Y2Bhn0zdrp5MZYoZ8yB0R6fKnEGFTp8GkyV5Qw8PDBoPB4/GgZmtra2JiosfjUSgUg4ODqNNisSQlJZEkydePFH388cfSI0W5Ynh4WKlUUjJlgm2Yb7GYQmsDsj5nL5L2MZ9//nl8fHxUVNS2bduGhoYwDBsaGoqLi/N4PHPmzLl48SK9efr06fDw8E8//XTBggWRkZE7duz4999/kZxbt26tXr06PDx80aJFb7311h9//MGprrGx8bXXXps7dy67Sd9cP3369J133tFqtYsXL/7oo4+obe/Jkyelqx4dHd29e3d4eHhsbOyHH36IhNy6dWvlypUhISFarXbjxo0PHz6kVJ84cUKr1S5cuPD8+fMYhj179uzw4cMLFiwICwvbuHFjf3+/gNMYcGrhtBOpPnXqVHx8fFhY2KZNm/r7+999912tVhsVFbVz586nT58KTIcOp9M4p/bo0aM33ngjPDw8Pj7+1KlTkZGRnAGa8ogw5HMO45um/4Hjixp7ygyBfAuJL5qU5Pv379N9i2BcX5yiQkJCHjx4EBYWhl7S1dWl1+tdLldoaGhERATqNBgMfX19GIbx9WMYFhsb+/7777PXJ8WPP/5Ib1KumJiYwDBMqVRyvortYbbfKFegB+w3DbYfGLFg2CZgv4C1mzZt+uSTT6jmypUrL168KHH9A6KI5xiPx0MQREtLS2trq9PpLC8vxzAsIiKis7MTx/GRkRGj0Uhvvvnmmx6Pp7W1ta2tra2tzWq1VldXI1HZ2dkFBQUOh8NisaxatUqlUnFq5DsoY7B//36n02m1Wq9evdrY2FhbW4usbft/pKiuqKgYHh5ub2+/evWq2Ww+e/YshmFWq7WoqKi3t9dmsxkMhpKSEsoVnZ2dNputvr5+1apVGIZVV1c3Nzc3Nzfb7Xa9Xt/R0SHgNAacWvjsRAItFgtBEE6nMzk52eVytbe337x5s7u7+8iRIwLTEXUa59RKSkqCg4O7urqam5u//vprgQBNbUQY8jmH8U3Tz8AJRI0xZbZATpMkLng2jOtLVNSdO3cOHjz42WefSZQvkVu3bq1fv76goIDeSbkiLCwsKytr8+bNN27coD7lUPB5mOE3Cs43DbYfsP/GoqCgYP369b/++quo/QLW5ufnNzQ0oMePHj0iCCI3N9eH9Q9wI7zN6e7uxjDM7XajZktLS0JCAvUU59YevcThcKD+K1euLF++nCTJgYEBpVI5MjLC1uJwOOLi4tBjj8eD4/jAwABnk9Li9XpxHL937x7qb2xsXLFihQ+qo6OjqdMGgiAyMjIYA7q6umJiYqh5UZYgdDqd1WqV7jQ+kBY+O5FA+kGHQqEYHh6m5CcmJkqZDqfTOKfm9XpVKhU18sqVK/Pnz0eP5Y4IXT7fMNGokZMPnEDU2FNmC2SbJBBNxoWDfCtwVibgLpIke3p6EhISvv/++0kJpwLKaZXdbs/Pz9doNJWVldS82K5wu93l5eVJSUlKpTIxMdFkMnm9XvQUn4fpfhN902Abxn5/qKys1Gg0+fn5drtd2H4+a4eHh9VqNdJeW1ubk5Mjff0DonDvc+ngOE5t7fV6/cDAgOhLVCrV4sWL0ePk5GSHw4FhWGRkZF5e3ooVK9atW6fX65cvX/7yyy9TYltaWtDja9euZWRkUDtTRpOir69vbGwsPj6e0oKW6aRUP3nyxOVyxcXFofETExNoK/3bb78dOnSoo6NjbGxsYmIC7bKRK+iWDA0NDQwMpKam+uY0thYBF+E4Tj/oUKvVISEhlHz0xSnfdESdxp5aX1/fxMQEfST1lKwRYcjnHCYwTT8Dxxc19pQZAjlNEpjjZBEWlZeXV1paumnTJt+Ec5KSkpKdnX3v3j1q1SEYrkBnXydOnBgdHbVarWVlZV6v9/jx4wIeZq8cBOc6YcMwICws7PDhw8XFxbt27UpJSaF+LMdpP5+1ISEhWVlZDQ0N+/btu3LlSkFBgQ/rH+BjWu+P+e677+rq6lJTU8fGxsrKyvbt24f6g4KCFi5ciB5LPCibEtUjIyMKhaKtrY0gCIIg2tvbCYLAMCw3N3fNmjVms5kgiKamJmHJQUFBvpnEqYXPRVLgm87UImtE2PLZwwSmKVPgRKfMZ5I/0WTAJ+rRo0ft7e3+SOakoqLCbDbv3bv37t279H4+V8ybN2/lypU1NTWXL1+mOn2+NARgG3D37t2SkhKz2Uz9Ug7jt5/PWnRc9uTJk9bWVuFYw0HZpBHe5ghssSWelTU0NFDbXjoEQRgMBkan1+uNjo6mtqiMJjnJkxkpqnEcZ+zo+/r6lEolfTDnaQNCp9MRBMHoFD2XENDCaaewQHqTPR06AmdljKmhs4Lu7m7UpM4K5I4IWz7nMM5p+hk4PicLTJmOsOfpxrvdboVCQR3KWSwW0bMyPlHIPLptPvyujE+dy+UqLS3Fcby4uJjSxXAF/RiNJEmz2UwdMIp6mJT2pkF/FduA4uJiHMfLyspcLhfDS2z7BawdGRnRaDRnzpzZsGEDOZn1D4jie47xeDxKpZI6A6WaaLnk5eX19PTYbLb09HSTyUSSZEdHR2Zm5vXr110ul8PhKCwszM7OpiSjs2az2bx06VKqk9Fk2FNYWJiTk+NwOGw227Jly2pqanxQXVxcvGLFCpvN5nQ6q6urKyoqSJLU6XS1tbWDg4N2uz03N1fgraqysjIjI6O9vb2npwd9mBJ2Gv1Ina2Fz07pOYZzOnS9bKfxTS0vLy83N7e7u9tms6WmpiIVckeEIZ9vGN80/Qkcn5OFp0zBNklg1WVkZBQWFvb29trt9lWrViFFbrdbqVR2dnaiLwno15eUa4ciMzPTaDQ6nU4k/OjRo8L9ApNC/UajET1muKKzs1On0507d87pdA4ODqJnKysrJXqYZOUY9jph+IEdC6PRSGUCTij7ha0lSXLr1q1qtfry5cuoKXH9A6L4nmNIkjSZTKGhofX19fTmqVOncByvqqrS6XTz58/fvn07+nZ6bGzMZDIlJSUFBwfrdDqj0djb28vQcvDgwSNHjlDyGU2GPR6Pp6ioKDo62mAwoK/v0LPV1dXSVY+MjJSWlhoMhtDQ0KysLPQJxWw2L1++XKVSxcTElJWVCbxVeb3eQ4cORUdHq1Sq3Nxc9GFK4veubC18dkrPMZzTEXYa39R6e3uzs7NxHI+Li6uqqkIq5I4IQz7fMM5p+hk4PicLT5mCbZLAquvq6lq3bh2O4ykpKTU1NVT4ysvL2RdUfX298LXD2AH39fVt3bpVo9Ho9fry8nLqNg6+foFJMWC7oqmpae3atWq1OjQ0NDU19dy5c9I9TP43x3C+aTD8wDZgUghYS5JkQ0MDjuOUXonrHxBFJMf4gD93ICYlJd28eZOv6adwwGfQZ0BS/oiw5QecGWhSoJDPFRJXUaBiIbD+AVHEf1c2ndy5c0egCQQKgiASEhIw+SMyAyM+A00KFAF3RaAMmLb1/1wyQ+suczI+Pt7S0mIwGPgG3L59e8+ePdNp0mQZHx/fsmXL33//jZqiBjPGTyfHjx8/f/7848ePf/nllyNHjhQXF3OaJxwRAJilSFn/gBRmU44pKioqKSkRKBRYUFBA3aMwM5k7d25wcPDBgwdRU9RgxvjpZO3atbW1tQaDwWg07t+/f8eOHewxohEBgFmKlPUPSELKgVpNTU1CQkJwcHB6enpTU5PoeDm+NeH8BTAdl8ulUCj47oX2mdLSUpVKVV9fP1WTslqt6P5ztsEjIyObN29maKHG+wCnQAAAgGlD/PuYL7744vTp0+j+r+bmZqPR2NDQsHr16mnIf5PC4/GEhobOmzdvCmX29/fX1NRYrdalS5cGBQVNSRF7jUbj8XgwlsGoxHp0dDTf+MnCJxAAAGDaED8rq6qqunDhwvr167Va7ZYtW44dO0aVNXzuQWkgLS0N3bE8tQmMQW9v76uvvjqFZQ2nXCAAAMBkEckxQ0NDTqeTXiF1zZo1qIQqveB8ZGTk22+/zVnBngFf+XfOquwPHz58/fXXw8PDlyxZ8u23305qYpzF2wUq27Mn0t/fT68rzqhDzi5RLqX2vgCiJdYxaZXMJyUQAABAVkRyjMfjUalU9H9KUKvVbrebera9vR3VQnc4HFSFeQH4astzVmUvKSlRq9UdHR1NTU30HKNlwVbEWVpcoLI9eyJRUVHsuuLUeEaJcom19/2Er5K5FIcAAAAEAOGva9hfdN+7d4+6fRqj1UK3WCx8Zf8p+OplMUBV2VHJIHq5b+o7/x4WbKXs0uLCle1FJ8Koe8EoUY5Jq71Psu5tZsxd4F5okr+SOadD+AQCAABMGyLf+SuVSsYffdNLqdNroRsMBtGy/wK15dlV2dH/9NHLfVNyFi1aJKyIs7S4cGX7SU2EXaJcSu19/+GrZC7qEAAAgIAgkmPQSdH4+Dh1XOZ2u9Vq9ZTbkZubW1hYePbsWZVK1dPTk5mZKTCYfRb0+PFj9jA5SosHnLt37x47doxRyVyiQwAAAKYZkRwTERGh1+stFssrr7yCeiwWS0pKim/KdDpdcHDwX3/9hTYTnZ2d6A7Ex48fO53ODz74AA1Dn/p1Oh2GYQ8ePEBbGbvdTskR/VuUiIgIjUZz+/bttLQ0Ue2ziD179ly6dKmoqMhut0dFRVH9cvxPDAAAgP+I3x9TXl6+a9euurq69PT05uZmk8lE/fe1MKOjo//RpFQGBQVt3ry5tLT0yy+/dLvdJpMJ/dW2VqvVaDRfffXV1q1b+/r6TCYThmFBQUGZmZllZWVnzpwZHBxEnQjOoyGFQkE/1istLS0qKqqrq9NoNFVVVfn5+atXr+bUPs14vV502MgwWHQ8hmEej8dms8XGxjLGwFkZAAAzE/H7Y/bt21dWVlZUVKTX66uqqi5duiTlBkz0gzQ6dXV1GIadOXMmJiZm2bJlmZmZOTk5e/fuReN/+OGHCxcuxMTErFmzBpWfwzAMJYPk5OQNGzYwftnFBu17/vzzT9Q8dOjQ2rVr161bl5iY2NPTg/ZefNqnE4IgXnjhBbbBouMxDPvmm2/YCQYAAGDGMockyUDbMGUcOHDAZrP99NNPgTaEl9HR0eTk5KNHj+7evRuTYDBjPAAAwOziucox4+PjBEG8+OKLgTZEiBs3brz00kvosRSD6eMBAABmF89VjgEAAABmFLOptj8AAAAwu4AcAwAAAMgF5BgAAABALiDHAAAAAHIBOQYAAACQC8gxAAAAgFxAjgEAAADkAnIMAAAAIBeQYwAAAAC5gBwDAAAAyAXkGAAAAEAuIMcAAAAAcgE5BgAAAJALyDEAAACAXECOAQAAAOQCcgwAAAAgF5BjAAAAALn4P8nguDlBMFXBAAAAAElFTkSuQmCC) \n--- \n \n**Mirror:** [Click here to view the mirror](<http://1160028.openbounty.org/mirror/>)\n\n### Coordinated Disclosure Timeline\n\nVulnerability Reported:| 13 May, 2020 12:40 GMT \n---|--- \nVulnerability Verified:| 14 May, 2020 14:44 GMT \nWebsite Operator Notified:| 14 May, 2020 14:44 GMT \na. Using the ISO 29147 guidelines| ![](/images/done.png) \n---|--- \nb. Using publicly available security contacts| ![](/images/done.png) \nc. Using Open Bug Bounty notification framework| ![](/images/done.png) \nd. Using security contacts provided by the researcher| ![](/images/done.png) \nPublic Report Published \n[without any technical details]:| 14 May, 2020 14:44 GMT\n", "published": "2020-05-13T12:40:00", "modified": "2020-08-11T12:40:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://www.openbugbounty.org/reports/1160028/", "reporter": "H_chabik", "references": [], "cvelist": [], "lastseen": "2020-08-20T02:32:43", "viewCount": 4, "enchantments": {"dependencies": {}, "score": {"value": 0.5, "vector": "NONE"}, "backreferences": {}, "exploitation": null, "vulnersScore": 0.5}, "openbugbounty": {"patchStatus": "unpatched", "mirror": "http://1160028.openbounty.org/mirror/"}, "immutableFields": [], "cvss2": {}, "cvss3": {}, "_state": {"dependencies": 1645493672, "score": 1684001301, "epss": 1678951884}, "_internal": {"score_hash": "fe0caa055eef1eba5916e6842fcf2ea9"}}