Open Bug Bounty ID: OBB-1160332
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:
      a. verified the vulnerability and confirmed its existence;
      b. notified the website operator about its existence.
Affected Website: |
residentialpark-lozen.com |
Open Bug Bounty Program: |
Create your bounty program now. It’s open and free. |
Vulnerable Application: |
Custom Code |
Vulnerability Type: |
XSS (Cross Site Scripting) / CWE-79 |
CVSSv3 Score: |
6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N] |
Disclosure Standard: |
Coordinated Disclosure based on ISO 29147 guidelines |
Discovered and Reported by: |
geeknik |
Remediation Guide: |
OWASP XSS Prevention Cheat Sheet |
Export Vulnerability Data: |
Bugzilla Vulnerability Data |
JIRA Vulnerability Data [ Configuration ] |
|
Mantis Vulnerability Data |
|
Splunk Vulnerability Data |
|
XML Vulnerability Data [ XSD ] |
|
Vulnerable URL:
![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAAA3CAIAAABVZQ1/AAAACXBIWXMAAA7EAAAOxAGVKw4bAAAQ2UlEQVR4nO2dbUwUVxfHR1zpAoPytgsClhcNEkLQGENpg61Vo4QSukVEm9KKLbGEUEMJpQoJpdSgpWBbosY0NkE+VD4QYggxlBCbbAmlirjdbikStLBdcUMXZOmIgMg8H+bpzThz7+zsG4tyfp/2zs49c+65Z/ewZ9n/rGJZlgIAAAAAN+DlaQcAAACA5xaoMQAAAIC7gBoDAAAAuAuoMQAAAIC7gBoDAAAAuAuoMQAAAIC7WBY1JiYm5rfffiMNgRUO5AMAPLt4vsb8/vvvi4uLW7ZswQ6BFQ7kAwA809ioMaOjo/7+/tinrFbrqVOnSEP5tLW1ZWZmkoaOQXJ7dHQ0MDDQMZv8BUqEReYJdmGXNdde2uOgfHjw4MGRI0dUKlVERMSnn376+PFjxwx+/PHHPj4+ly5dsmsWiqozKeQYMjfU4RcgALgVxz/HTE1N1dTUkIbycUeNiYqKslgsThoRwF+gO+wDWFA+5OXlzc/P63S6a9eu9fT0VFZWOmBtYmKioaGht7c3NzfX1Z66C5nJ5vALEADciod7Zffv3x8aGtq5cyd26AwvvPCC80Y8aB+gePnw6NGj/v7+7777LiIiYvPmzWfOnGlpaXHAIMMwvr6+W7ZsWb16tV0TFQpFXFwc/8FSAskGPLvIqjHffvttTExMcHDwu+++a7VaKYqyWq3R0dEMw6xaterSpUv84ZkzZ/z9/b/66qvQ0NDAwMDDhw8/evSIZLmtrW3v3r1r1qwRDLn+wKlTp1Qq1fr167///nuKoubm5j744AN/f/+oqKjPPvvsyZMn3KwbN27s2LHD398/IiJi//79f/75J7+9cO/evX379vn7+2/evPmHH35Al8Za4ybW19fHxMQEBga+88472PUK2hc3btx4+eWXfXx8VCrVgQMH7t27J1gmdz42JuK52LUj/vjjj+Dg4J9//lnOxlEU9fDhww8//FClUm3YsOHzzz9HQVv1NPYGRMCTJ09OnDgRGhrq5+d34MCBiYkJ0tX5Bv38/A4ePDgxMfHJJ5+oVKrg4OAjR448fPhQnB4+Pj5///23n58fd3x4eDg8PJy/v35+fhs3bvz6668lGlkTExP8TSRFBns8IiLi5s2b3INff/2VO/PHH3+UDj7/BHGWYuMm3n1+spESSZCf0l4BwFJiu8YwDKPT6Xp6eq5fvz42Nnb8+HGKotatWzc4OEjT9OzsbG5uLn/41ltvMQxz/fr1vr6+vr6+/v7+2tpaknGJRhnDMIODgwaDobGxMTU1laKo6urqmZkZvV7f0dGh1WovXLjAnZmRkZGXl2c0Gru7u1NTU5VKJf8SRUVFa9euHRgYuHr1Kr/GkKwxDKPX67n1Go3G8vJy8XoFq+jv7z969KjZbDYYDJGRkUVFRdgwYmOCnSteO4fVas3Kyjp9+vSOHTuk9ozHsWPHxsbG+vv7Ozo62trazp8/zx2f/Y+ysrJDhw7ZGxABtbW1XV1dXV1dQ0ND4eHhAwMDElfnMqq7u1un042NjcXHx1ssFr1e39vbOzIywrePbZzevn27tLS0rq6OG3L7Ozg42NnZ2djYiE5TiQgODuZvIikypONi8vLydu/ezdUeATdu3Ni9e3deXh46gs1SbNxIu4+2Q5xI0vkJAJ6ElWRkZISiqOnpaW7Y09MTGxuLnqJpmn8mN+SmGI1G7nhra+v27du5x0ajMTo6Gk1hGIam6cnJSfGQM4Ke4ggJCWEYhnus0+mSk5NZlp2cnFQoFLOzswK3OWcWFhaUSiXfmYCAAAlrgvV2d3dj1ytYO5/h4eGwsDBxcEgxwc4VrB1ZS09PLywsxF5XfDK3fJqm7969yw3b2tpSUlL4JxsMhhdffNFisTgQED5qtbq/v19wEHt1zuDU1BQy6OXlNTMzww17eno2bdrEPRakB4fJZIqNjW1ubkaXIO2vSQT7dGJgI2MzYnwYhqmpqQkKCsrJyRkaGuIODg0N5eTkBAUF1dTUoHhisxQbN4ndZyUTSSInAcCDKGwWIZqm0Uf18PDwyclJm1OUSuWGDRu4x/Hx8UajEU3v6elBp3V2diYnJ6PmhmBI0zS/7/HgwQOLxRIdHc0NFxcXFQoFRVGBgYHZ2dkpKSm7du0KDw/fvn37a6+9hmaNj49TFMV3RtqaYL2RkZFy1nvr1q2ysrKBgYH5+fnFxcXFxUX5McHOFaydo6KioqOj4+LFi/yDKpUKPf7nn38EU8bHx+fn52NiYtB1uTcpxNGjRxsaGoKDg50JiNVqnZycTEpKknl1mqbXrVuHDK5du9bHx4cbhoeHo++3BfnAkZ2dXVxcfPDgQXQJCre/FEVFRERQZEi+2YwYHz8/vxMnThQUFLz//vsJCQncv7olJCRkZGTcvXsXrZEiZCkpbtjdR5ASCQCWJ7ZrjAtZvXr1+vXr0dCu/yibnZ318vLq6+tD731eXv9v9F2+fPnmzZsGg2FsbKykpOSVV14pLS2V9kTCmgNoNJr8/PwLFy4olUqTyZSWlubyuTMzM62trc3NzUVFRVlZWej9S6fTOez2uXPnYmNj33zzTcoVAbH3W3SbiPPh/v37er3+l19+kTOdX305xDXYee7cuVNZWanVaqurq7kj1dXVdXV1hYWF1dXVGzduRGeKs/TkyZOUG+IGAMsL6Y854p4P6kXI7JVduXIF2xdaWFgICQlBTQnBEPvBn6ZpcUNGgE6ni4yMJPXKrly5gvzHWpO5Xv7j8fFxhULBdyAgIEC6V4ZiImcuN12hUAwMDLAsm5GRUVRUJBEBmb0yk8kUHx/P78nYGxA+arVap9MJDpJ6ZRIG0VCQD8ig+Ahpf5egV1ZQUEDTdElJCddsRFgsluLiYpqmCwoKsBO5LMXGDbv7pF4Z/8UFvTJgeeJ4jWEYRqFQoDY0GnIvg+zsbJPJZDAYtm7dWlVVhSyglrRWq01MTETHBUPsC6agoCAlJYX7S7C2tra6uppl2YGBgbS0tGvXrlksFqPRmJ+fn5GRwZ+u0Wj4ziD/sdZkrldwmlqtPn/+/NTU1NDQkEajCQgImJ6eVigUg4ODCwsL7H9vDdiYiOdKv8sMDg4qlUq9Xk/aMsGl8/PzMzMzjUajwWDYtm1bQ0MDd1pWVlZLSwv65t+BgPC/XaipqUlOTtbr9SaTqaioSKvVcsfFV5dZYwT5gBB/pUHaXyz8q5MiQzouJjc3d2RkROJaubm53GNslrK4uMmpMdhEErweAWCZ4HiNYVm2qqrK19e3sbGRP6yvr6dp+vTp02q1OiAg4L333kPf6PKtlZaWlpeXI1OCIbbGzM7OFhcXR0ZG+vr6pqenc39szs/PV1VVxcXFeXt7q9Xq3Nxcs9nMn24ymfbu3UvTdFxcXF1dHf8tUmxN5noFp2m12u3btyuVyrCwsJKSEm7K8ePHUXC487ExEc+VfpdhWfbYsWOvvvoqYcdYwaUZhjl69GhISEhkZGRVVRVXeFjRDbbtDYjg+MLCQllZWUhIiFKp1Gg06O968dVl1hhBPmBP5uD219fXNzY2lr+/WPhXJ0WGdNwZsFnK4uJms8aQEokVvR4BYDmwihW93TjJ6OhoYmLiv//+K33a5s2bm5qaXnrpJezwOUNmTACEY/kwOjq6devWBw8euMkrjwOJBDxzLOl3/nxu374tMQRWOJAPAPB84GEtGVD1X4Z4fBc87gAAAK7CkzUGVP2XIR7fBY87AACAC3F9jYmKipLZL3aH4rJNXCV9b5cd+THh4xG1dv4uzM3Nvf322xLLdMd9BJxJg6ioKO7LGDmOLUF4XX5HAMcSCQA8iCc/x3ikxjxDeEStHe3C3NxcWlrawsKCxMnuuMfBkt3cAcTwAWAJ8FiNcZ+qP+Aw/F0wm8179uxB0pMkXCs7/wzd3EEOnr0jAAAsB2zXGJJyvkB8nqTuToKk6k8RxNUl5PHFovQ2Fem//PJLgR1Bd4Xf3Lh///4bb7zh7+8fExNTX1/Pb3qI7Uj7L7Yv824C586d27dvH5peUVFx+PBhQUhJQvqCnZJYDn8XoqKiKioqpDeRvyisdr1d6vcCBxwWw6eeblLJFMOX7+pff/3l5+d369YtiqImJiYCAwN/+ukn7BTsHQEAYEVhu8ZgNcnF8uNYlXKxvjoyK9EoI4mrk+TxsaL0Eor0DMP0/Yf0rQc4ioqKvL29h4eHu7q6mpqabNqRLw6P7Ni8m4BGo9FqtagX39bWlpWVJbBDEtIX7BRpOeJNsQtsntilfi9wYInF8OW7GhMTU15eXlxcTFFUZWVlenr666+/TklmOwCsXKR/oklSzqdEwvtYdXesZhQrqepPEoySUDUXi9JLS/Rj7ZB+f84pYiF/kHo8yY6E/6QfzEu4yp+SkpLS0tKCjgs2RUJIn79TpOWINwXrgwD0LEm7Xr76vcABZ8Tw+Y7JF8O3y9X5+fn4+PiqqqqQkBDuF/ssOdsBYCVj4zeYJOV8gfw4SaWcpK8uoeovIa6OVTUnidJLKNLbpY4+Pj6+uLjI90fajl3i8Bwy7yag0Wja29v379/f3t6enp4u+L5BQkifv1MSy8Fq6cuElCfy1e8FDiy9GL5drq5Zs+bs2bN79uxpaGgIDQ3lDkrfTQAAVia2e2WXL1++ePFiUlLS/Px8SUnJRx99RDpTrFJO6h648D/KkCi9TqfT6XR6vd4ZufvlTFZW1tWrVymKam9vFzfKnMfJf+gi5cmdO3c4tUe++r1Wqy0sLLxz546EAySD7hPDl+8qRVFms9nLy8tsNqMj0CsDAAx2feoRKOfzwaq7Y7sH0qr+MntlfFVzsSi9tEQ/1s709LSXlxe/Z8XvlSF5XVKvDNkh+U+yL//uCSzLJiYmdnV1cbrOglDLEdKXWA5WSx/rg5xnkXa9fPV7kgMCg3LE8Flyr0xCDN8uof6pqamwsLDm5uagoCDungss9MoAAIeNGmNTOR9BUncXI63qzxLE1SVUzcWi9DZrDNZOcnJyfn6+2WweGhpKTU1FU7KzszUazcjIiMFgSEpK4tcYrB2SODzWvvy7J7AsW1lZmZSUxMnCc/C/sbAppC+xHJKWvtgC/4roWZJ2vXz1e4EDzojhs6IaI0cMX76rLMsWFhbm5OSwLHvy5MmdO3eSZgEAYKPG2FTOR5DU3cVIq/qzBHF1CVVzsSi9zQ8HtbW1YjvDw8O7du2iaTohIaGhoQFNMZvNGRkZNE1HR0efPn2aXxuwdkji8Fj7dt09gWsDoqH4W2tpIX2J5WC19LHuYYck7Xr5CBxwRgyffbrGuFwMv6+vj6Zp7rPR7OxsdHR0U1OTXRYAYOVgX6/MJcTFxfX29pKGJJbJbf4GBwfVarWnrs4wjFKpFPwPlTOg5cjcBQEu3BTHHLDJMkkbAFixeEDb/5lW9dfpdLGxsZ66emdnZ2pqqkuUrzjQcjy+Cx53AAAAd+Cx+8c8Q3zxxRfh4eGZmZl3794tLy+vrKz0iBtWq/Xs2bOHDh1y0o6rlvP48eOenp7IyEgn/QEA4HnG0x+k5OLBpodWq922bZu3t/emTZu++eYbj/jAsqy3t3dWVpb4Z4n24qrl5OXlBQUFtba2OumPW4FeGQB4FtffaxkAAAAAODx8H0wAAADgOQZqDAAAAOAuoMYAAAAA7gJqDAAAAOAuoMYAAAAA7gJqDAAAAOAuoMYAAAAA7gJqDAAAAOAuoMYAAAAA7gJqDAAAAOAuoMYAAAAA7gJqDAAAAOAuoMYAAAAA7gJqDAAAAOAuoMYAAAAA7uJ/a5yCxai7cbgAAAAASUVORK5CYII=)
Mirror: Click here to view the mirror
Coordinated Disclosure Timeline
Vulnerability Reported: |
13 May, 2020 15:45 GMT |
Vulnerability Verified: |
14 May, 2020 11:44 GMT |
Website Operator Notified: |
14 May, 2020 11:44 GMT |
a. Using the ISO 29147 guidelines |
![](/images/done.png) |
— |
— |
b. Using publicly available security contacts |
![](/images/done.png) |
c. Using Open Bug Bounty notification framework |
![](/images/done.png) |
d. Using security contacts provided by the researcher |
![](/images/done.png) |
Public Report Published |
|
[without any technical details]: |
14 May, 2020 11:44 GMT |