logo
DATABASE RESOURCES PRICING ABOUT US

my1.alfaman.pro Cross Site Scripting vulnerability

Description

Open Bug Bounty ID: OBB-1160303 Following coordinated and responsible vulnerability disclosure guidelines of the **[ISO 29147](<https://www.iso.org/standard/45170.html>)** standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence. Affected Website:| **[my1.alfaman.pro](<http://my1.alfaman.pro>) ** ---|--- Open Bug Bounty Program:| **Create your bounty program now**. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| **[XSS (Cross Site Scripting)](<https://www.owasp.org/index.php/Cross-site_Scripting_\(XSS\)>)** / CWE-79 CVSSv3 Score:| 6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N] Disclosure Standard:| Coordinated Disclosure based on **[ISO 29147](<https://www.iso.org/standard/45170.html>)** guidelines Discovered and Reported by:| **geeknik ** Remediation Guide:| **[OWASP XSS Prevention Cheat Sheet](<https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.md>)** Export Vulnerability Data:| Bugzilla Vulnerability Data JIRA Vulnerability Data [ Configuration ] Mantis Vulnerability Data Splunk Vulnerability Data XML Vulnerability Data [ XSD ] Vulnerable URL: ![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAAA3CAIAAABVZQ1/AAAACXBIWXMAAA7EAAAOxAGVKw4bAAARFElEQVR4nO2dfUxT1xvHj4AM7EWhtKXSOkAZGkKQMMJY0jmGZjJGCENE59jAjTgkuDDimODGOragY/Nlhr1kcUZx2fxDjSFkcYTNpCOECcOudggVEcpb4wpad9WCwP39cbObm/vW2zfqD5/PX/ecnvOc5zz3yGPPvf2eJQRBIAAAAADwAn6+dgAAAABYtECOAQAAALwF5BgAAADAW0COAQAAALwF5BgAAADAW0COAQAAALzFI5FjYmJi/vrrL74i4CkgsAAALDC+zzFXr16dn59fv349ZxHwFBBYAAAWHgc5Znh4OCQkhPMjm8124MABvqJ4mpubc3Jy+IouMz09/eqrr/I5zwl7su+++25wcPCpU6fc98fnUIG9ffv2zp075XK5SqV6//33Hz586II11yJDRXh4eDgsLMyFcd1BYDFTuLyMAQDghhBkaGgIwzAxHwm0FCY1NbW1tZWv6Bp2uz09PT0/P98plxhTsFqtfn5+er1+dnbWTX8eBajA5uTk7NixY3R0tK+vT6PR7Nu3z1lTLkeGivDQ0FBoaKiz47qP3W4XbuDyMgYAgBMf75VNTEyYTKb09HTOostYLJZNmzZ98cUX7hjBcXzZsmXr16/39/d30x+fQwX2wYMHPT093333nUqlWrt27eHDh8+ePeusNZcjExAQEBcXR79YYJ544omFHxQAHmdE5Zgvv/wyJiYmPDz89ddft9lsCCGbzRYdHY3j+JIlS06dOkUvHj58OCQk5PPPP4+IiAgLCysqKnrw4AGf5ebm5hdffHHp0qWMIrmtcejQoZiYGIlEsm3btsnJyffee08ul4eHh+/cufPevXsIoa+++mrz5s2Utf379xcVFSGEoqKi9u/fLzCjrq6uZ599Njg4WC6Xb926dWxsjNFgcnKSPkHOLiKd5BuO3j0sLOy1114jY0uHbMMOJll/4MABuVy+cuXK77//HiF07969t99+Wy6Xr1q16uOPP56bm2PHOTg4eGRkRCKRkPUDAwORkZEIobGxsc2bN0skkjVr1hw5ckRgI4sdGb5x2fUqlerPP/9ECKlUqj/++INs9ssvvwjcKUabrq6u5557LiQkRKVSbdmy5dq1awihubm56urqiIgIiUSydevWyclJzhDRd+o4o8pY1Q69AgDAIY5zDI7jer2+o6Pj8uXL4+Pj+/btQwitWLGir68PwzC73V5YWEgvvvLKKziOX758ubu7u7u7u6enp6Ghgc+4wMMYctz29na9Xj8+Pr5u3Tqr1WowGDo7O4eGhmpqahBCubm5Op3u33//pbrn5eWJmXZPT8+uXbssFovRaFSr1eXl5YwG4eHh9AnydRHjpMBwOI4bDAYytmazmWrPiD9nMHEc7+vrMxqNJ0+e1Gg0CKF33nlnfHy8p6fn4sWLzc3NX3/9NV+cSfr7+/fu3Ut+2ysvL1++fHlfX19ra+vJkyepNnIW7MjwjSvgD53i4uKNGzeSuYdNV1fXxo0bi4uLyWJ2dnZxcbHZbG5vb9doNEFBQQihhoaGtra2trY2k8kUGRnZ29vLFyLhqDJWNac/AAA4h/BW2tDQEELo7t27ZLGjo2P16tXUR5zPY8guZrOZrD9//nxKSgp5bTabo6OjqS44jmMYNjU1xS6SRu7cuUN+1N7e7ufnd//+fcqN2NhY8jotLe3s2bOUA/QNd5F76wMDA0qlUmBGfF3EO8k3HD227e3tVGzpPnAGk6ynQkcQxOzsLIZhg4ODZLG5uTktLY28ZsSZZHR0dPXq1WfOnCH7BgUF0UehHpaMsmBEhm9cAX8Y4DheX18vlUoLCgpMJhNVbzKZCgoKpFJpfX09juMEQUxNTQUEBLCfqSgUip6eHs7Q0WctZonC8xgA8CwBDpMQhmHU2ziRkZFTU1MOuwQFBa1atYq8Xrdundlsprp3dHRQzVpbW1NTU6ltGUYRw7AVK1aQ12q1evny5cHBwZQdq9VKXufm5ra0tGzZsqWlpSUrK0vkhvuVK1eqqqp6e3tnZmbm5+fn5+dd6yLSSb7h6LFVq9WcseULJoZh9B2tW7duzczMxMTEUC3Jv6SIFViS/Pz8ioqKbdu2kX0RQvRRqGYqlUo4LHzjCvjDQCKRVFdXl5aWvvnmm/Hx8dR7bvHx8dnZ2YODg1SEw8LC8vPz09LSMjIyIiMjU1JSnn/+eZvNNjU1lZiYyLbMCBEdvqgCAOBZFvSZv7+//8qVK6miR95azsvL+/nnnxFCLS0tIjfKEEK5ubkbNmzQ6XR6vZ7s7o0uHunrPuzATkxMGAyGPXv2OOzL3ivzhoc3btwoLy/X6XR1dXVUZV1dnU6nKysru3HjBlX5008/HT9+PDExcWZmprKykprCIngvAwAWJV7JMXa7fWRkhLw2mUxPPvkku83c3FxLSwv1t49RFM9TTz2lUCh+/fXXzs7OrKwsMV3++eef8fHxDz/8cM2aNSqVitzT93gXj/RF4oKJEFIoFIGBgTdv3iSLfX190dHRiCewCoXCaDTSiwgh+ijUR3oWIsflq2eze/fupKQkpVJpMpmqq6up+urqapPJpFAokpKSdu/eTdU//fTTRUVF1dXVJ06cuHDhwooVK6RSqbP6BSKjCgCAm7ieY2Qymd1uv379OmexsrJybGzs77//1mq12dnZVK/p6WnyoqOjQ6lUUnspjKJT5OXlVVZWajQa4V/YUUPL5XKpVPrNN9/YbLbr169rtVqyXiqV2u32/v5++htZwl3E4EJfylUSvmDS8ff33759e0VFxcjICNlyx44diCew/v7+5OtkVDEzM5M+CvWRioXIcfnq2eA4bjQaDx06FB4ezvgoPDz8yJEjRqMRx3GE0LVr11566aVLly5NTk6OjIw0NjYmJSUhhCoqKnbt2nX16tWxsbE9e/b8/vvvArEVjipjGQMA4Cau5xiJRPLBBx8kJSWRb3lSxXPnzmEYlpKSkpycrNFoEhMTq6qqyC7Dw8MymYy89uDP+/Py8gwGQ35+vkAb+tAIobNnz544cUKpVG7YsGH16tVkZUhIyN69e5OTk3/44Qe2Bc4uInGqL8NVvmCyOXr0qFKpTE5OzszMzMnJKSsrQzyBHR4eViqV9JrGxsa7d+/GxcXl5OQ4+0oV57gC9QxOnz4dFRUlYD8qKur06dMIodjY2LS0tNLSUvJhjN1uP378OEKoqqoqPT09IyMjNjZ2dHQ0Pj7eoc98UWWsagAA3GQJQRCetTg8PJyQkEC9T8zH2rVrm5qannnmGc6iU9y7d08mk42Pjy+8PIm3ERlMAVwI7PDwcFJS0u3bt10e9BHH/agCACASx++VeYn+/n6BolO0trZqNJrFl2A8gjuBBQAAcBMfa8m4r+pvs9kaGxsLCgo87drji0ajYT+RWkjgDAIAWDT4Msd4RNVfoVCEhoa+8cYbXnDwcYS8Cz58FRjOIACAxYTnc0xUVJTInW6PPPafnp4+d+6ceK1DMQLvC2lHAJvN9uOPPy7wYwNSj4d8GOPwfARvBMEjhzsIO0Yu0QWQ8fftWQYA8Cjgy+8xXjo5ZtFw586d+vr6BR6UugvT09OZmZmzs7MCjaOioigtA4874A5iHPNJeAHgccNnOcZLqv6AO9DvgsjzETyrlu/BZfAoyPj7/CwDAPA5jnMMW02dU1ieU19dAD5Vf8SjFc+nx44Qmp6efuutt0JCQqKioj766KO5uTmHsvmfffYZp1o+1YC+uTExMfHyyy+HhITExMQcOnSIvunBtiPsP9s+n6sMnXm+UwzosMflvFMC06HfBYfnIzAmxam671C3n9GA7oBIGX/OObog4y/e1Zs3b0okkitXriCEJicnw8LCLl26xNmF8ywDAHiscJxjONXU2arpnPrqAmpXAhtlfJrwfCr3dXV19+/fNxgMFy9e1Ol03377LRKUzcdxvPs/hI8eICkvLw8MDBwYGGhra2tqanJoR6SmPd0O21WGzryYUww4x2XfKb7psG+KU3CuEwHdfoZoP9sB8TL+Ahr+SLSMv3hXY2JiampqKioqEEK1tbVZWVkvvPACWihtNwD4P0NYlplTTZ2tmk7w6KtzKsMTgqr+fJrwAnrsMpmM1H4nCEKv16empgrI5guo5TOE/Ul9e1L3nvKH0r3nsyPgP6d9YVfpXQROMeAbl/MIAM7psG8Kpw8MqE/5VPc5dfvZov1sB8TL+HOuRhdk/J1ydWZmZt26dVqtViaTWSwWspJvtQPA44yD32Byqqkjlmo6n746nzK8gKq/gCY8px777du3rVYrpbc4Pz8fEBCABGXzndJ1v3Xr1vz8PN0fYTviNe0pxCj8I0enGPCNyz4CgG86nEcAiIRvnXDq9rNF+9kOOCXjL6Dhj0TfbqdcXbp0aWNj46ZNm44dOxYREUFWOjwHAQAeQxzvlfGpqbNh/6iCb/fAg2+U2e12Pz+/7u5uUhXYYDCwtYEXB66dYiAeN1/o4lsnbN1+TtF+tgMLL+Mv3lWEkMVi8fPzs1gsVA3slQEAB05969Hr9Wq1mnP/RKFQ6PV6RiXn7sHs7KxMJqO2a9hFMXtlFy5coDY9MAxj759wbkwJ2Ll7966fnx99z4q+VzY0NETW8+2VUXb4/OezL+wqI84JCQltbW2hoaGUHQq+vTKGBb7pMO4CXyRFfkquE4IgSktLMQyrrKy0Wq30BlartaKiAsOw0tJSyjFOBxgG2cuM0we+vTL6smF0FO8qQRB37txRKpVnzpyRSqW9vb1kJeyVAQAbBzmmt7c3MzPzt99+s1qtZrO5pKQkOzub8191fX19amqqwWAYHR0l/zPIZ1On0yUkJPAVCYIoKSnJyckxm81GozE5OfnYsWPEf38s8vPzR0dHjUZjUlKSVqsl25eWlqalpRmNxvHx8YaGhrq6Ooc5htNOampqSUmJxWIxmUwajYbqkp+fn5ubOzQ0ZDQaExMT6TmG0w6n/3z2BVzFcTwgIIB+/HBtbW1iYmJ2djZVQ39iwR6X805xTod9Fyh/GBY4T7PmXCcEQRQWFlL5jNN4YWEhec1wgM8ge5mJyTGct4kRXvGuEgRRVlZWUFBAEMSnn36anp7O1wsAAAc5ZmZmRqvVxsXFBQYGKhSKwsJCi8XC+a96dna2qqpKJpMFBQXl5uYy/jNIZ+/evTU1NXxFgiBwHN+1a5dMJlOr1VqtdnZ2lvjvr8bBgwcp8Zj79++T7e12e0VFhVqtXrZsWVZW1uDgoMMvBw0NDWw7AwMDGRkZGIbFx8cfO3aM6mKxWLKzszEMi46OPnjwID03cNrh9J/PvoCrBEFotdply5adPHmSLJLbgFSR/dSaMS7nneKcDvsucA7BV+RcJ2xrAjAc4DPIXmYOcwzfsiFY4RVJd3c3hmHkdyO73R4dHd3U1OSUBQB4fHBur8wjxMXFdXZ28hX5EN60WTD6+voUCoWvRsdxPCgoiPEOlTtQ0xF5Fxh48Ka45oBDHpFlAwCPLT7Q9vegqv/Co9frnT2gzIN4/BQDajo+vws+dwAAAG/gs/Nj/o/45JNPIiMjc3JyBgcHa2pqamtrfeIGeYrB9u3b3bTjqek8fPiwo6NDrVa76Q8AAIsZX3+REosPNz10Ol1ycnJgYGBsbOzRo0d94gNBEIGBgXl5eeyfJTqLp6ZTXFwslUrPnz/vpj9eBfbKAMC3eP6sZQAAAAAg8fE5mAAAAMAiBnIMAAAA4C0gxwAAAADeAnIMAAAA4C0gxwAAAADeAnIMAAAA4C0gxwAAAADeAnIMAAAA4C0gxwAAAADeAnIMAAAA4C0gxwAAAADeAnIMAAAA4C0gxwAAAADeAnIMAAAA4C0gxwAAAADe4n8i+oFuWpZGVgAAAABJRU5ErkJggg==) --- **Screenshot:** ![my1.alfaman.pro vulnerability](/twimages/screen-1160303.jpg) **Mirror:** [Click here to view the mirror](<http://1160303.openbounty.org/mirror/>) ### Coordinated Disclosure Timeline Vulnerability Reported:| 13 May, 2020 15:36 GMT ---|--- Vulnerability Verified:| 13 May, 2020 15:45 GMT Website Operator Notified:| 13 May, 2020 15:45 GMT a. Using the ISO 29147 guidelines| ![](/images/done.png) ---|--- b. Using publicly available security contacts| ![](/images/done.png) c. Using Open Bug Bounty notification framework| ![](/images/done.png) d. Using security contacts provided by the researcher| ![](/images/done.png) Public Report Published [without any technical details]:| 13 May, 2020 15:45 GMT