logo
DATABASE RESOURCES PRICING ABOUT US

yourkeylessremote.com Cross Site Scripting vulnerability

Description

Open Bug Bounty ID: OBB-1160412 Following coordinated and responsible vulnerability disclosure guidelines of the **[ISO 29147](<https://www.iso.org/standard/45170.html>)** standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence. Affected Website:| **[yourkeylessremote.com](<http://yourkeylessremote.com>) ** ---|--- Open Bug Bounty Program:| **Create your bounty program now**. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| **[XSS (Cross Site Scripting)](<https://www.owasp.org/index.php/Cross-site_Scripting_\(XSS\)>)** / CWE-79 CVSSv3 Score:| 6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N] Disclosure Standard:| Coordinated Disclosure based on **[ISO 29147](<https://www.iso.org/standard/45170.html>)** guidelines Discovered and Reported by:| **geeknik ** Remediation Guide:| **[OWASP XSS Prevention Cheat Sheet](<https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.md>)** Export Vulnerability Data:| Bugzilla Vulnerability Data JIRA Vulnerability Data [ Configuration ] Mantis Vulnerability Data Splunk Vulnerability Data XML Vulnerability Data [ XSD ] Vulnerable URL: ![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAAA3CAIAAABVZQ1/AAAACXBIWXMAAA7EAAAOxAGVKw4bAAAQhklEQVR4nO2dbUwcVRfHR7qlCwyWl2WhCw0sbWhDCG0agsSgIm3aBjeEUKQ1YksrUUKQIPGtkCBiQysCKlZjGkxaYlI+VEIIMdiQmqwEK6W4rohIYIV1hU3l3YXCFpjnw81zM5m5d3aW7rK8nN+nvXdmzpx7z8we5szyv09wHMcAAAAAgBvw8rQDAAAAwJYFcgwAAADgLiDHAAAAAO4CcgwAAADgLiDHAAAAAO4CcgwAAADgLjZEjtFqtb/++iutCWxJIMoAsB3wfI757bffVldXDx06RGwCWxKIMgBsExzkmNHRUX9/f+Km2dnZy5cv05ryaW1tTU9PpzVdi8Rw1s2Cp1hzgNwBjvL09PT58+dDQkLCw8PffffdR48ercHam2++6ePjc+PGDaeOwqEcHR0NDAxcw3kfBzkX0oYKGQCsjbU/x8zMzFRVVdGa8lnPHLOdWXOA3AGOcm5urt1uNxgMd+7c6erqKi8vd9bU5ORkfX393bt3c3Jy3OCpu4iMjJyYmJDeZ0OFDADWhodrZePj44ODgykpKcQmsCXBUX748GFvb++1a9fCw8MPHDhQV1d369YtZ63ZbDZfX99Dhw7t2LHDqQMVCkVMTAz/wzqza9eu9T8pAKwzsnLMZ599ptVqg4ODX3nlldnZWYZhZmdno6KibDbbE088cePGDX6zrq7O39//448/Dg0NDQwMPHfu3MOHD2mWW1tbjx8/vnPnTkHziy++OHHiBN6trKzs3LlzDMPMz8+//vrrISEhe/fu/eCDD1ZWVgQ1B37dA226fPlySEjInj17vv76a/6pf//99+Dg4B9//BE1l5aWXn31VX9//8jIyPfff39lZYXmAx/xUaj/3r17zzzzjL+/f3h4+KlTp/744w9aJ9FJsVm0W21trVar9fPzO3369OTk5Ntvvx0SEhIcHHz+/Pn5+Xl0avEUieMl4TlmZWXl4sWLoaGhfn5+L7744uTkpIR9+e7xo+zj4/P333/7+fmh/qGhIY1GwzDMP//8c+LECT8/v3379n3yyScShazJyUnBuIjuETvDw8Pv37+PPvz888/I4Pfff087l3gHYkCJ8yaOMr9SR7xfxCEDgE0JJ8nIyAjDMLm5uWNjY0NDQ6mpqfn5+WjTwMAAy7KLi4vLy8v8pslkYhgmKyvLbDYPDQ3FxcVVVFTQ7KelpX3zzTfipsViUSqVc3NzqD8uLq6lpYXjuAsXLuh0OrPZ3NfXd+TIkfr6+pGREZZl+Q4HBATwnT979qzVam1vbx8YGMA7z8zMxMTEXLt2DR9YWlp65swZk8nU39+fkpJy9epVog+C04mPQv1qtbqhoWFqaspkMtXV1ZlMJlqn2EmiWbRbTk6OxWIZHBxMTk5WqVQoLuiZoKioCJ1aPEXEeNE8x1RVVSUkJBiNRovFUlRUpNfrJezLd08cdOyeRqPp7u7mOC4jIwNfP/Hx8TigKhHicRHdo82JmLCwsNTU1J6eHvGm7u7u1NTUsLAw3EMMKHHeJC5FtIl4vwiGBgCbEVk5Bn/PdnV1RUdH402CL3f+PWM2m1F/c3NzQkIC+mw2m6OiovAhNpuNZdmpqSliMykp6datW9gyutNYlkV3Msdxra2tSUlJDnMMNsh3Mi0traCggD9SlUpls9nQZ4PBkJiYSPRBcDriUVNTUwqFYnFxkW+f2El0kmgW7TYzM4M6Ozs7vby8FhYWULOrq2v//v0cxxGnSDB2Cc/5qNXq3t5eQSfNvkz3OFGUERaLJTo6uqmpCZ1CqVTyrx8cUIsIwbiI7knMiRibzVZVVRUUFJSdnT04OIg6BwcHs7Ozg4KCqqqq8KTRAkqcN4lLUeJ+EYQMADYjCocPOizL4mKURqOZmppyeIhSqdy7dy/6fPDgQbPZjA/v6urCu92+fTsxMRFXQgTNjIyMtra2U6dOtbW1paWl7dq1a3x83G63a7VabBndn9LOiystZWVl7e3tDQ0NuGd6enpiYiIqKgo1V1dXFQoF0Qe+HdpRgYGBWVlZSUlJqampGo0mISHhueeeI3YSnaSZZVl29+7dqDMiIuLJJ5/08fHBE4teID948EDOFNFOgZmdnZ2amoqPjxccKGFfjnuMKMqIrKys4uLi06dPo1MwDMO/fvBu4eHh4rE4dE/mnCD8/PwuXryYn59/4cKF2NhY9Du32NhYnU5nMpnwABlKlGnzxlAuRQTtfgGALYDjHONCduzYsWfPHtyU/kVZZmZmcnIywzBtbW25ubmu8mFhYaG5ubmpqamwsDAzMxN9aywuLnp5efX09OCvWi8vL4c+0I5iGObmzZv379/v6+sbGxsrKSl5+umnP//8c2Kn2EOiWbvd7qoZkPacj7Nv0eUg/t3g+Pi40Wj86aefHB4bEhIi6Pn3339d6RzDMAwzPDxcXl6u1+srKytRT2VlZU1NTUFBQWVl5b59+/Ce4oBeunSJcc+8AcBmRfoxR7oSJadW1tLSgp/9+SwvL6tUKlzBEDQRcXFxHR0dAQEBqFhHLHrMzc15eXnhal5nZyfNQ9SjUCj6+/s5jtPpdIWFhXgTy7LiEofYB4FN2lF8DAZDREQErZNYDxGblQgEvym/VubQc7VabTAYBJ0StTKZ7omjvLy8zO8R1MpaWlrWs1aWn5/PsmxJScnExAS/f2Jiori4mGVZ/D5SAA4ocd6Il6LD+wVqZcAWYO05xmazKRQKXLPGTfwO02Kx9PX1HT58mP/OH9ev9Xp9XFwc7hc0EeXl5fHx8TqdDvfk5eWlp6cLXt4mJibm5eVZrVb0tlk6x+CegYEBpVJpNBpRMz8/PykpCf1NWl1dXVlZSfRhbm5OoVAMDAyg17DEo/r7+0+ePHnnzp2JiQmz2ZyXl6fT6YidRCeJZmV+idOmSBwv2nhxgKqqqhITE9G768LCQvzOn2hfpnvEKPNPikDv/PH1wzclRnBqonu0ORGTk5MzMjIica6cnBz0mRZQ4rw5zDHE+0UQMgDYjKw9x3AcV1FR4evre/36dX6ztraWZdkrV66o1eqAgICzZ8/id798a2+99VZpaSk2JWgiDAYDwzDYPsdxNpvttddeU6lUERERFRUV6Ise/eCNZdnY2Nj6+nqZOYbjuKKiomeffRZ9XlxcLC4ujoiI8PX1TUtLw3/2in1477338KiJR9nt9oqKipiYGG9vb7VanZOTY7VaiZ1EJ4lm5ecY4hSJ40X0XPBM8M4776hUKqVSmZGRgf+uJ9qX6R4xyoKdOY6zWCzHjx/39fWNjo6uqalxKscQ3ZOYkzVDCyhx3qRzDO1+4US3GABsOp7gOM61xbfR0dG4uLj//vtPercDBw40NjY+9dRTxCZifn5epVKNjY2tv9THhvJhy0CMsjSjo6OHDx+enp52n1eeReb9AgCblHV958/nzz//lGgibt++nZyc7Nkv943gw5aBGGUAALYwHtaSkVD1n52dvXr1anZ2todc2yg+rD8eV933uAMAALgKT+YYaVV/XJ72nIMbwod1xuOq+x53AAAAF+L6HBMZGSmzuCz9/zFLS0vffvuty3UDnRLnl/BhHUT+PSLtzo/C0tLSSy+9JDFMd0yC4DKIjIxcw8uYDaKcL2f5APn3CwBsRjz5HAOq/tJ4RNodR2FpaenkyZPLy8sSO8sRqF+zA48DKOcDwAbBYzkGVP03IPwoWK3WY8eO1dTUSB/i2gdNF14GG0E53+PLBwCAx3GcY8QC5kQ5epoUPA2aqj8jqR5PXDJAWgk/MDDw5ZdfRksSYD766COBHYk1AsbHx1944QV/f3+tVltbW8sveojtSPsvtk9zVSDtLmehAdrCB4JISQyHH4XIyMiysjLpIPIHRRS6d0oqX+CATOV84hjXoJwv39W//vrLz8/vl19+YRhmcnIyMDDwhx9+IB5CXD4AALYVjnOMTqfLzc01m82dnZ3JyclKpZJhGJvNNjAw0NfXd/36daToVV1d3dHR0dHRMTg4qNFo+vv7GYYJEYHNShTKioqKxsbGent729vbW1tbv/zyS9Rvs9m6u7t7enp6enp6e3urq6tRf2Vl5cLCgtFobG9v1+v1X331FdrZaDR2dXV1d3ebzebS0lJ8LpvN1vN/+HZoFBYWent7Dw0NdXR0NDY2OrRD858G0dXdu3djafecnJyMjAy9Xo8L962trZmZmQI7xPOKI0UbjjgoTkG8TnJzc48ePYq+ZwXcu3fv6NGjAhU4vgNEg8TLTDxGPsTLRjC9Trmq1WpLS0uLi4sZhikvL09LS3v++ecZyasdALYv0v+iSRQwJ8rREyXNiQJTnKSqv7R6PFECnaaEzxcx4y9JQLRD+091JJ+F/cFS8zQ7zip6SbvKP0S80AB/qmkLHwgiRRuOOChEHwTgrTShe/lS+QIH5CvnE6/GNSjnO+Wq3W4/ePBgRUWFSqVC/97P0a92ANjOOPgfTJoivUConCZpThNjl1D1l1BiJ0qgSyjh4zJOREQEf0kCp6TUHzx4sLq6yvdH2o5TSvIICVf5SC80QDuvIFISwyGq7suEdp3Il8oXOOCUcr6EbD4jO9xOubpz586rV68eO3asvr4+NDQUdTpcegAAtiGOa2U3b95saGiIj4+32+0lJSVvvPEGbU+xpDmteuDCX5RhmXqDwWAwGIxGI1IY23pkZmZ+9913DMO0tbWJC2WPz2P+oIt2nQwPDyNpSL5Uvl6vLygoGB4elnCAZtB9yvnyXWUYxmq1enl5Wa1W3AO1MgAg4NRTDxIwJ9ZPiJLmxOqBtKq/zFoZXwLdKSV8mh3aGgGouIS1eGm1MmyH5j/NvvzVEzjRQgN85CwSKjEcouo+0Qc5W7HQvXypfJoDAoPiy4zowxqU851S9Z+ZmQkLC2tqagoKCkJLRXBQKwMAEg5yDFHAnHhX06TgxThU9aepxzMUCXSnlPAl7NDWCMjKysrIyBgZGenr68PLy0vYoSnJE+3LXz2BIy12wH9jIT4vMVLE4dBU98UW+GfEW2lC9/Kl8gUOyFfOl5Nj5Cjny3eV47iCgoLs7GyO4y5dupSSkkI7CgAABzmGKGBOvKtpUvBiHKr6S6jHEyXQnVLCR5uqq6vFdmhrBFitVp1Ox7JsVFTUlStX+LmBaIemJE+079TqCYKFBhzK2hMjRRwOUXWf6B6xSRO6l4/AAfnK+Q5zjMuV83t6eliWRc9Gi4uLUVFRjY2NTlkAgO2Dc7UylxATE3P37l1ak8YGWRNwYGBArVZ76uw2m02pVAp+Q/U44OHIjIIAFwZlbQ44ZINcNgCwbfGAtr8cVf8Ni8FgiI6O9tTZXb7QAB6Ox6PgcQcAAHAHHls/ZhPx4YcfajSa9PR0k8lUWlpaXl7uETfQQgNnzpx5TDuuGs6jR4+6uroiIiIe0x8AALYynn6QkosHix56vf7IkSPe3t779+//9NNPPeIDx3He3t6ZmZnif0t0FlcNJzc3NygoqLm5+TH9cStQKwMAz+L6tZYBAAAAAOHhdTABAACALQzkGAAAAMBdQI4BAAAA3AXkGAAAAMBdQI4BAAAA3AXkGAAAAMBdQI4BAAAA3AXkGAAAAMBdQI4BAAAA3AXkGAAAAMBdQI4BAAAA3AXkGAAAAMBdQI4BAAAA3AXkGAAAAMBdQI4BAAAA3MX/AN/mg5RItefqAAAAAElFTkSuQmCC) --- **Screenshot:** ![yourkeylessremote.com vulnerability](/twimages/screen-1160412.jpg) **Mirror:** [Click here to view the mirror](<http://1160412.openbounty.org/mirror/>) ### Coordinated Disclosure Timeline Vulnerability Reported:| 13 May, 2020 16:13 GMT ---|--- Vulnerability Verified:| 13 May, 2020 16:24 GMT Website Operator Notified:| 13 May, 2020 16:24 GMT a. Using the ISO 29147 guidelines| ![](/images/done.png) ---|--- b. Using publicly available security contacts| ![](/images/done.png) c. Using Open Bug Bounty notification framework| ![](/images/done.png) d. Using security contacts provided by the researcher| ![](/images/done.png) Public Report Published [without any technical details]:| 13 May, 2020 16:24 GMT