logo
DATABASE RESOURCES PRICING ABOUT US

esplorus.com Cross Site Scripting vulnerability

Description

Open Bug Bounty ID: OBB-1160128 Following coordinated and responsible vulnerability disclosure guidelines of the **[ISO 29147](<https://www.iso.org/standard/45170.html>)** standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence. Affected Website:| **[esplorus.com](<http://esplorus.com>) ** ---|--- Open Bug Bounty Program:| **Create your bounty program now**. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| **[XSS (Cross Site Scripting)](<https://www.owasp.org/index.php/Cross-site_Scripting_\(XSS\)>)** / CWE-79 CVSSv3 Score:| 6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N] Disclosure Standard:| Coordinated Disclosure based on **[ISO 29147](<https://www.iso.org/standard/45170.html>)** guidelines Discovered and Reported by:| **geeknik ** Remediation Guide:| **[OWASP XSS Prevention Cheat Sheet](<https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.md>)** Export Vulnerability Data:| Bugzilla Vulnerability Data JIRA Vulnerability Data [ Configuration ] Mantis Vulnerability Data Splunk Vulnerability Data XML Vulnerability Data [ XSD ] Vulnerable URL: ![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAAA3CAIAAABVZQ1/AAAACXBIWXMAAA7EAAAOxAGVKw4bAAAOdklEQVR4nO2db0xb1RvH71iHBS6O8te1XWjJwgghzCwL8gLj3BZdkBBkyDSi65QoWabBZerGEkQ0bKIsSqYxRpONN+7FQkxDzFzITJqmwQ3xWhtkhCFUAs3SMop3G3Qd9/fi5ndyc+85p7fQy4Xt+bzinN57znOe524PfVq+zwZBEBgAAAAA0IAkvQ0AAAAAHlogxwAAAABaATkGAAAA0ArIMQAAAIBWQI4BAAAAtAJyDAAAAKAVayLH2O32P//8kzQERMAtAACsO/TPMX/99dfS0tKOHTuwQ0AE3AIAwHokRo6ZnJxMT0/HvhQOh0+fPk0aqsfpdFZXV5OGK4Fi/LpD6pbbt28fPnw4JyfHYrF8+OGH9+/fj3e19957LyUl5cKFC3Hdhfw5OTlpMpni3XSFqInmsh9CAAA0YvnvY+bm5jo6OkhD9WiXYx4mpG5xOByRSITjuKtXr3o8ntbW1riWCoVC3d3dAwMDDQ0NGliqFfn5+cFgkH7Nsh9CAAA0Quda2czMzOjo6O7du7FDQETqlnv37g0NDX333XcWi2X79u1nz569dOlSXKvxPJ+amrpjx46NGzfGdaPBYCgsLJT+sMo89thjq78pAAArQVWO+eqrr+x2e1ZW1muvvRYOhxmGCYfDNpuN5/kNGzZcuHBBOjx79mx6evrnn3+el5dnMpkOHTp079490spOp/O5557btGmTcri4uPjmm2+mp6fn5+d/9NFHDx48EK+5fv36008/nZ6ebrFYDhw48Pfff4tVlJg73rlz5+23387Jydm6devHH38sLijee/r06ZycnC1btvzwww+ymoy0LqTcWrbFgwcPTp48mZeXl5aW9tJLL4VCIdLW4i5dXV12uz0tLe3gwYOhUOj999/PycnJyso6fPjwnTt3sF5KSUn5999/09LSxJfGxsbMZrMa20RCoZA0cCS3YOctFsvvv//OMIzFYvntt9/Ey3755RdScBHoGqyRWKdR4kIKt+yZjGkVAACrQOwcw/M8x3Eej+fatWvT09MnTpxgGGbz5s0jIyMsyy4sLDQ0NEiHL774Is/z165dGxwcHBwcHBoa6uzsJC1OKZS1t7ffvXvX6/VevnzZ5XJ9++234nxVVZXD4fD7/W63u6Kiwmg0ikbG3PHdd9+dnp4eGhq6fPmy0+n85ptv0AFHRkZ8Pt/58+crKioorsBuLaWzs7O/v7+/v390dNRsNg8PD1O2Fh3rdrs5jpueni4qKgoGg16vd2BgYGJioqWlheQlxI0bN44fP/7FF1+QbMtRkJWVJQ0cxS2keRkOh2Pv3r1i7lFy/fr1vXv3OhwOigNJTqPEBRtu2TNJiCEAAKuLQGViYoJhmPn5eXHo8XgKCgrQSyzLSq8Uh+Itfr9fnO/t7d21a5f4s9/vt9ls6Bae51mWnZ2dxQ6zs7N5nhd/5jiurKxMEITZ2VmDwbCwsKA0Urmj1MJoNMqy7Pj4uDh0Op3l5eXoXrQp9lwZGRmkrWXk5uYODQ3JJrFbi/vOzc2Jk263Oykp6e7du+LQ4/Fs27YN6xbE1NRUQUHBxYsXKbZNKVDpFtK8Ep7nOzo6MjMz6+vrR0dH0fzo6Gh9fX1mZmZHR4cYR5KRWKdR4kJ5wGSxAwBAdwwxkxDLsqh2ZDabZ2dnY95iNBq3bt0q/lxUVOT3+9HtHo8HXXblypWysjJUiZIOb9++HQwGbTab+NLS0pLBYGAYxmQy1dXVlZeX79mzx2w279q165lnnqHsiLh161YkErHb7ega8b8q8YBqviVF2hoRDodnZ2dLS0tVbs2y7ObNm8VJq9X6+OOPp6SkIEehz7dlXkLU1dU1NzcfPHiQYpvFYqEfimQbxV0y0tLSTp482dTU9MYbbxQXF6MvuRUXF1dVVY2Pj6MzYo0kOY2hxiVmuAEAWCOs6mf+Gzdu3LJlCxpSCmULCwtJSUmDg4Mcx3Ec5/V6OY4TX/rxxx+///770tLSSCRy7Nixd955Z9XsV7N1vB+kxwRbKJuZmfF6vVIDsLYpa2WJtU3k5s2bR48edblc7e3taLK9vd3lch05cuTmzZt0IxkNnAYAwFqB/jaHVDjCvoQtZfz000+olCElGo1mZ2ejaoxsKAgCy7LKEooMjuOsVitpR5W1Mll1ZX5+PikpCZUH3W43OrJya9lkbm4ux3HKk2JrZSTHSodKt6A1lZNK21ahVtbU1MSy7LFjx4LBoOylYDDY3NzMsmxTUxPFSKzTlHFR84BBrQwA1hrLzzE8zxsMBlSCR0Pxv4C6urqpqSmfz/fkk0+2tbWhFVA53uVylZSUoHnZUBCEpqam8vJyn883PT3d2dnZ3t4uCMLw8PD+/fuvXr0aDAb9fn9jY2NVVRVpx/n5eYPBMDIyEo1GBUFobGysrq72+/0+n2/nzp3d3d3KA4qUlZU1NjYGAoHR0dGKigrxyNitpScSBKGjo6OsrMzr9U5NTYm/2ovzyq1V5hilW5SepNiGRbY11i2UeRkNDQ0TExOkvcTtGhoaKEZinRYzx2AfMNkzCQCA7iw/xwiC0NbWlpqaev78eemwq6uLZdkzZ87k5uZmZGS8/vrr6KNs6WrHjx9vaWlBS8mGgiAsLCw0NzdbrdbU1NTKykrxd+pIJNLW1lZYWJicnJybm9vQ0BAIBMRlsTueOHECWcjz/FtvvZWdnW21Wtva2sTEg80xY2Nje/bsYVm2uLi4u7tbPDJla3RjNBr94IMPsrOzjUZjTU0N+tVeubXKHKN0C/Z6rG3Ku5RRILmFMr9sSEZinUbPMaRwC4pnEgAAfdkgCEJii2+Tk5MlJSX//fcf/bLt27f39PQ89dRT2KEWO65HVuKWh5WHONwA8PAR+3tlGnHjxg3KEBABtwAAsK7RWUsGVP3XILpHQXcDAABIFHrmGFD1X4PoHgXdDQAAIIEkPsfk5+errJUnSnFZ/Y5M4gT/V6FxgC5K9dIoLC4uvvLKK5RjauGEmI+BmnCvkUYA+nZDAIC1gJ7vY0DVn44uSvUoCouLi/v3749Go5SL1ejtL9uAlQCNAABgjaBbjgFV/zWINAqBQGDfvn2i4CaFxOrtJ/AxWAuNAHTvhgAAuhM7x5C09KW66wxZ1p4ERdWfIsKPFfBXdgGQKuebTKZXX31VbEmA+Oyzz2TrUCT9Z2ZmXnjhhfT0dLvd3tXVJS16KNeh269cn2SqTKn+66+/fv7559Htp06dOnTokMylpA4CskhRjiONQn5+/qlTp+hBlB4Kq9sfU/lfdoHUAJWNALBnXEYjAPWm/vPPP2lpaX/88QfDMKFQyGQy/frrr9hbsN0QAOCRInaOIWnpy3TXsQrtFL0sSqGMIsKPFfDHdgHged7r9YotCfx+v1Qqn+f5wf9Dbz0gcvTo0eTk5LGxsf7+/p6enpjrqFTFl66jNFWmVF9TU+NyudDnEE6ns7a2VrYOqYOALFKk4yiDEhfY54Si/C+T/VcaoL4RAL07g8pGAOpNtdvtLS0tzc3NDMO0trZWVlY+++yzzGqpwwHAOoP+J5oULX2Z2jxWoR2rlyVQVf3pIvxYRXdlFwBZSwK32y1tSYBdh/SH99Fo1Gg0Int6e3vFedI6KoXR0Pp0U6W3lJeXX7p0Cc3LgkLpICCNFOk4yqBgbZCBXiXp9mOV/5Wy/0oD1DcCwD6Ny2gEEJepkUikqKiora0tOzsbSSqQnnYAeJSJ8TeYJNF4me46SaGdpC1PUfWnqMpjFd1JXQCkLQmsVqu0JUFcyvC3bt1aWlqS2kNfR70qPoJiqpSampq+vr4DBw709fVVVlbKPm+gdBCQRopyHFITATWQnhOs8r9S9l9pQFyNAOjdGVSGOy5TN23adO7cuX379nV3d+fl5YmTMTspAMAjSOxamXotfaVCO6l6kMBvlFG6ADxk1NbW/vzzzwzD9PX1KQtlK2eFX+giPSdK5X+s7L/SgNVvBKDeVIZhAoFAUlJSIBBAM1ArAwAMcb3rQVr6yvoJVqEdWz2gq/qrrJVJFd2VXQDoLQmw65Ak/cXiEpIWJtXK0Dok+0nrq++eIAhCSUlJf39/RkYGWgehpoMA5TikJgIqa2UykG4/SflfKftPMkC2oPIxw9qwjEYA6k0VBGFubu6JJ564ePFiZmbm8PCwOAm1MgBQEiPHkLT0lf+qSbL2SmKq+pNE+BmCoruyC0DMHINdByvpLwhCXV1dTU3NxMSEz+crLS2V5hjsOiRVfOz66rsnCILQ2tpaWloq1e2XfmIRs4MA5TikJgLKFaQ7oldJuv105X8k+680QH0jADU5Rk0jAPWmCoJw5MiR+vp6QRA+/fTT3bt3k+4CACBGjlEjaC9CkrVXElPVnyLCj1V0V3YBiPnmoLOzU7kOVtJfEIRAIFBVVcWyrM1mO3PmjDQ3YNchqeJj14+re4JYBkTDmCr92Ehhj0NpIoDtRCcbxtVcAIvMAPWNAGLmmIQ3AhgcHGRZVnxvtLCwYLPZenp64loBAB4d4quVJYTCwsKBgQHSkMQaaXE4MjKSm5ur1+48zxuNRtl3qFYCOo7KKMhIYFCWZ0BM1shjAwCPLDpo+69rVX+O4woKCvTa/cqVKxUVFQlUvkLH0T0KuhsAAIAW6NY/Zh3xySefmM3m6urq8fHxlpaW1tZWXcwIh8Pnzp17+eWXV7hOoo5z//59j8djtVpXaA8AAA8zer+RUouORQ+Xy7Vz587k5ORt27Z9+eWXutggCEJycnJtba3yzxLjJVHHcTgcmZmZvb29K7RHU6BWBgD6kvheywAAAAAgonMfTAAAAOAhBnIMAAAAoBWQYwAAAACtgBwDAAAAaAXkGAAAAEArIMcAAAAAWgE5BgAAANAKyDEAAACAVkCOAQAAALQCcgwAAACgFZBjAAAAAK2AHAMAAABoBeQYAAAAQCsgxwAAAABaATkGAAAA0Ir/AfrHa+a5NtygAAAAAElFTkSuQmCC) --- **Screenshot:** ![esplorus.com vulnerability](/twimages/screen-1160128.jpg) **Mirror:** [Click here to view the mirror](<http://1160128.openbounty.org/mirror/>) ### Coordinated Disclosure Timeline Vulnerability Reported:| 13 May, 2020 14:19 GMT ---|--- Vulnerability Verified:| 13 May, 2020 14:27 GMT Website Operator Notified:| 13 May, 2020 14:27 GMT a. Using the ISO 29147 guidelines| ![](/images/done.png) ---|--- b. Using publicly available security contacts| ![](/images/done.png) c. Using Open Bug Bounty notification framework| ![](/images/done.png) d. Using security contacts provided by the researcher| ![](/images/done.png) Public Report Published [without any technical details]:| 13 May, 2020 14:27 GMT Vulnerability Fixed:| 14 June, 2020 15:34 GMT ---|---