logo
DATABASE RESOURCES PRICING ABOUT US

mede.co.id Cross Site Scripting vulnerability

Description

Open Bug Bounty ID: OBB-1160278 Following coordinated and responsible vulnerability disclosure guidelines of the **[ISO 29147](<https://www.iso.org/standard/45170.html>)** standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence. Affected Website:| **[mede.co.id](<http://mede.co.id>) ** ---|--- Open Bug Bounty Program:| **Create your bounty program now**. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| **[XSS (Cross Site Scripting)](<https://www.owasp.org/index.php/Cross-site_Scripting_\(XSS\)>)** / CWE-79 CVSSv3 Score:| 6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N] Disclosure Standard:| Coordinated Disclosure based on **[ISO 29147](<https://www.iso.org/standard/45170.html>)** guidelines Discovered and Reported by:| **geeknik ** Remediation Guide:| **[OWASP XSS Prevention Cheat Sheet](<https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.md>)** Export Vulnerability Data:| Bugzilla Vulnerability Data JIRA Vulnerability Data [ Configuration ] Mantis Vulnerability Data Splunk Vulnerability Data XML Vulnerability Data [ XSD ] Vulnerable URL: ![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAAA3CAIAAABVZQ1/AAAACXBIWXMAAA7EAAAOxAGVKw4bAAAPJ0lEQVR4nO2df0hb1xfAX611/nhZ1SbRJikaV7SI2FHEyciYs6UtTkSssx3L2rSTTaQTJ/tBLTiXFds5lc25MUYHrYy1f5RSggxXpIMgWWdTlzlxLmimWabBqdXutVWb+r5/PL6Xx3v3vrxoYvxxPn/l3nfvuef+aI7v3PScLSzLUgAAAAAQAiLCrQAAAACwYQEbAwAAAIQKsDEAAABAqAAbAwAAAIQKsDEAAABAqAAbAwAAAISKNWFj9Hr9b7/9RipuSDbDHAEAAMJvY37//felpaW9e/diixuSzTBHAAAAyq+NGRsbUygU2Edzc3Pnz58nFeVjsViKi4tJxaAwNjaWkJAQXJniIUgLJR4dzfHevXsnT55UqVRarfaDDz54/PhxoOO+8847MTExly9fXp62q7AyEqNLsOzjBADAmmL57zGzs7ONjY2konxWwcasAikpKVNTUzIbozmaTKbFxUWHw3Hr1i2bzVZfXx/QoNPT021tbbdv3zYajQFrHD7krNWyjxMAAGuKMPvKJiYmnE5nfn4+tri+eOqpp+Q0Q3N89OhRX1/fN998o9VqMzIyWltbr127FtCIDMPExsbu3bt369atAXWMjIxMT0/nf1hlZK4VAADrHVk25vPPP9fr9Tt27Hj99dfn5uYoipqbm0tNTWUYZsuWLZcvX+YXW1tbFQrFp59+mpSUlJCQcOLEiUePHpEkWyyWgwcPbtu2TVDk3CktLS16vT4uLu7o0aPT09PvvfeeSqXasWPHyZMnHzx4wHVZWFh44403FApFSkrKhx9++OTJE67+n3/+OXTokEKhyMjI+P7779GIpPaIJ0+enDlzJikpKS4u7pVXXpmenubqHzx48NZbb6lUql27dn300UeCjgL/D2l0/hxjYmL+/vvvuLg4rn54eFij0VAUdefOnRdeeEGhUGi12iNHjvzxxx/YpZuenuZvgYSG4nqtVnv37l2KorRa7S+//MI1+/HHH0nbhEBtsEpil45bmfPnz6tUqp07d3777bd8Tx32qAhOl1+tAABYu7CSjI6OUhRlMpnGx8eHh4cLCgoqKyu5R0NDQzRNz8/P+3w+ftHlclEUVVZW5na7h4eHs7KyGhoaSPILCwu/++47cZEb12g0ejwep9NpMBiUSiWnBvcSUF1dzXWpq6s7duyYy+UaHBzMz89vb2/n6ktKSvg6xMfHS7dHNDY25uTk9Pf3ezye6upqq9XK1Z86daqoqMjtdg8MDOzbt6+trU2wUDRNoyJpdPGU0WJqNJre3l6WZdVq9cWLF2dmZlwuV2trq8vlYllWKUK8BSQNpTVHJCcnFxQU2O127NPe3t6CgoLk5GSuiFUSu3TcVh4/ftzr9XZ1dQ0NDaG14h5hj4pgagAArFNk2Zj79+9zRZvNlpaWhh7xv1UFXxxut5urv379ek5ODvfZ7XanpqaiLgzD0DQ9MzMjLnJCZmdnuUc9PT0REREPHz5EauzevZv7rFQqGYbhPjscjtzcXJZlfT5fdHQ0Xwf0LY9tz0etVvf19QkqfT4fTdPcNynLshaLJS8vT7BQaDUkRhdMmcPj8aSlpV29epVl2ZmZmcjIyPn5eYECHhHiQbEa+tUcwTBMY2NjYmJieXm50+lE9U6ns7y8PDExsbGxkVs6kpLYpeO2kj9lOUdFcLoAAFinRPp90aFpGnmBNBrNzMyM3y7R0dG7du3iPu/Zs8ftdqPuNpsNNbt582Zubi76XZOgSNP09u3buc86ne7pp5+OiYlBcrhL43v37k1NTaWmpnL1S0tLkZGRFEVNTk5SFMXXgftAao+Ym5ubmZnJzs4WzGhycnJxcVGv1yOB3PcjFtLo4jlylJWV1dTUHD16lKKohISEsrKyvLy8goICjUaTk5Pz4osvUhSl1WpJw0lrKF/zuLi4M2fOVFZWnjp1KjMzE/3ILTMzs6ioyOVyoe3AKklaOoqiaJom/XqNdFQAANgY+LcxQWTr1q07d+5ExZX/omx+fj4iIsJutyNTEREhdcMks32gV+jyEc9xYmKiv7//559/RjVXrly5e/fuwMDA+Ph4bW3t888//8UXX6hUKoGof//9N+jqjYyM1NfXW61Ws9mMKs1mc3Nzc1VVldlsfuaZZ0hKnjt3jgrl0gEAsC6Rfs0RO8SQ20emr+zGjRvIAcLH5/MplUrkwxEUJcYVFGmaxrq2+N6qGzduSLfno1arHQ6HWOCyfWVodMEcUWNBDR+Hw6HT6dhV8ZVVVlbSNF1bWzs1NSV4NDU1VVNTQ9M0uo3DKoldOrHXS85RAV8ZAGwMlm9jGIaJjIxEjntURBe5Ho9nYGDg2Wef5d/5Iye+1WrNyspC9YKifBtTWVmZl5fH/UHd1NRkNpu5eu7WHekg3Z5/tdDY2Jibm8tdXJ8+fRrd+VdUVBQXFwtuzlFH7J2/YHTBHMVrwrLs4ODg4cOHb926NTU15Xa7KyoqioqKxF2wg2I1lKgXYDQaR0dHSWNxwxmNRgklsUvn18Zgj4rgdAEAsE5Zvo1hWbahoSE2NvbSpUv8YktLC03TFy5cUKvV8fHxx48fR3f1fGnvvvtuXV0dEiUoyrcx8/PzNTU1Op0uNja2sLAQ/cHu8XgOHjxI03R6enpzc7NEe8FYPp/v/fffVyqV0dHRJSUl6I96hmHefPNNpVKp0+kaGhp8Ph+/o0AIdnTBHLFTW1xcbGhoSE9Pj4qKUqvVRqPR6/Vit0Y8qFhD6fplQ1ISu3TSNoZ0VFjR6QIAYD2yhWXZ4DrfxsbGsrKy/vvvP+lmGRkZHR0dzz33HLa4IdkMcwwImUcFAID1y6re+fP5888/JYobks0wRwAAAD5hjiWzCaP6r33CvgthVwAAgGARThuzCaP6r33CvgthVwAAgCASfBuTkpIi08MelojLcgLLr6YcCcIS356/CwsLC6+++qrENFe4CNijEpRjsEbSB4Q3hwIArAXC+R6zMaL6h46wxLdHu7CwsHD48GGfzyfROKCMBoEqsBIgfQAArBHCZmM2UlT/DQN/F7xe74EDB5qbm6W7BDdKfxCPwVpIHxD2HAoAEHb82xhxFHdxtHaKHBKfBCmqP0WIUU+KA0/hwvXzUwMkJCS89tprXEoCxCeffCKQI/Cu8J0bExMTL7/8skKh0Ov1LS0tfKeHWI60/mL5JFUF8e2//PLLQ4cOoe5nz549ceKEYEnF42J3SmI6/F1ISUk5e/as9CbyJ4WN9u83X4CgAV8BmekDsHNcRvoA+ar+9ddfcXFxv/76K0VR09PTCQkJP/30E7YLNocCAGwq/NuYoqIik8nkdrt7enoMBkN0dDRFUQzDDA0NDQwMXLp0yWAwUBTV1NTU3d3d3d3tdDo1Gs3g4CBFUSoRSKyEo6y6unp8fLyvr6+rq8tisXz11VdcPcMwvb29drvdbrf39fU1NTVx9Waz+eHDh/39/V1dXVar9euvv+Ya9/f322y23t5et9tdV1eHxmIYxv5/+HJInD59Oioqanh4uLu7u6Ojw68ckv4ksKpu374dxbc3Go0lJSVWqxXdXlgsltLSUoEc7LjinSJNR7wpAYE9JyaTaf/+/dz3rIA7d+7s37/fZDKRFMAKxB4z8Rz5YI+NYHkDUlWv19fV1dXU1FAUVV9fX1hY+NJLL1GSpx0ANi/S/0UTG8VdHK2dJcR1x0bZYiWj+pPia0nEgReH6xekJOjp6eGnJMDKIUUW4IKPIX1QoH6SHAn9sfKlVeV3ycvLu3btGqoXbAp2XPFOkaYj3hSsDgLQU1K0f2y+AHGyALEC8tMHYE/jMtIHBKTq4uLinj17GhoalEolCsRAOu0AsJnx838wSaHmBdHaSXHdSRHpJaL6S8Six8aBJ4Xr56ck0Ol0/JQEAcWTn5ycXFpa4usjLSegLAAcEqryKSkp6ezsPHLkSGdnZ2FhoeC+gTSuYKckpoPNOyAT0jnB5gsQJwsQKxBQ+gCJ3AGU7O0OSNVt27a1t7cfOHCgra0tKSmJq/SbfwEANiH+fWVXrly5ePFidnb24uJibW3t22+/TWopjutO8h4E8RdlKFy/w+FwOBz9/f0Oh2N5otY4paWlP/zwA0VRnZ2dYkfZylnhD7pI52RkZISLj4nyBZjNZqvVWlVVNTIyIqEASWDo0gfIV5WiKK/XGxER4fV6UQ34ygAAQ0BvPVwUd6z/BBvXHes9kI7qL9NXxo8DLw7XL52SACvn/v37ERERfJ8V31eGAhKTfGVIDkl/knz52RNYls3Kyuru7o6Pj0dyECRfmUACaTrYvANYHeQ8RdH+SfkCxMkCSAoIBIqPGVaHZaQPkK8qy7Kzs7PJyclXr15NTEwcHBzkKsFXBgBi/NgYbBR37L9qUkh8MdJR/VlCLHqJOPDicP1+bQxWTm5ubkVFhdfrdTqdBoMBdSkrKyspKRkdHR0YGMjOzubbGKwcUix9rHz52RNYlq2vr8/OzuZH++ffWIjHxe4UdjqkvANiCfwR0VNStH/pfAEoWYBYAfnpA+TYGDnpA+SryrJsVVVVeXk5y7Lnzp3Lz88n9QIAwI+NwUZxx/6rJoXEFyMd1Z8lxKKXiAPvN1y/+OWgqalJLGd4eLigoICm6czMzLa2NtTF6/UWFRXRNJ2amnrhwgW+bcDKIcXSx8oPKHsC5wZERb+x/bE7hZ0ONu8AVj1sMaCUBFgECshPH+DXxgQ9fYDdbqdpmns3mp+fT01N7ejoCEgCAGweAvOVBYX09PTbt2+TiiTWSGLEoaEhtVodrtEZhomOjhb8hmoloOnI3AUBQdyU5SnglzVybABg0xKG2P7rOqq/w+FIS0sL1+g3b940GAxBjHyFphP2XQi7AgAAhIKw5Y9ZR3z88ccajaa4uNjlctXV1dXX14dFjbm5ufb29mPHjq1QTrCm8/jxY5vNptPpVqgPAAAbmXC/SMkljE4Pq9W6b9++qKio3bt3f/bZZ2HRgWXZqKio0tJS8X9LDJRgTcdkMiUmJl6/fn2F+oQU8JUBQHgJfq5lAAAAAOAIcx5MAAAAYAMDNgYAAAAIFWBjAAAAgFABNgYAAAAIFWBjAAAAgFABNgYAAAAIFWBjAAAAgFABNgYAAAAIFWBjAAAAgFABNgYAAAAIFWBjAAAAgFABNgYAAAAIFWBjAAAAgFABNgYAAAAIFWBjAAAAgFDxP5vFCL2lD881AAAAAElFTkSuQmCC) --- **Screenshot:** ![mede.co.id vulnerability](/twimages/screen-1160278.jpg) **Mirror:** [Click here to view the mirror](<http://1160278.openbounty.org/mirror/>) ### Coordinated Disclosure Timeline Vulnerability Reported:| 13 May, 2020 15:29 GMT ---|--- Vulnerability Verified:| 13 May, 2020 15:36 GMT Website Operator Notified:| 13 May, 2020 15:36 GMT a. Using the ISO 29147 guidelines| ![](/images/done.png) ---|--- b. Using publicly available security contacts| ![](/images/done.png) c. Using Open Bug Bounty notification framework| ![](/images/done.png) d. Using security contacts provided by the researcher| ![](/images/done.png) Public Report Published [without any technical details]:| 13 May, 2020 15:36 GMT