logo
DATABASE RESOURCES PRICING ABOUT US

serresparatiritis.gr Cross Site Scripting vulnerability

Description

Open Bug Bounty ID: OBB-1161017 Following coordinated and responsible vulnerability disclosure guidelines of the **[ISO 29147](<https://www.iso.org/standard/45170.html>)** standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence. Affected Website:| **[serresparatiritis.gr](<http://serresparatiritis.gr>) ** ---|--- Open Bug Bounty Program:| **Create your bounty program now**. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| **[XSS (Cross Site Scripting)](<https://www.owasp.org/index.php/Cross-site_Scripting_\(XSS\)>)** / CWE-79 CVSSv3 Score:| 6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N] Disclosure Standard:| Coordinated Disclosure based on **[ISO 29147](<https://www.iso.org/standard/45170.html>)** guidelines Discovered and Reported by:| **g0bl1nsec ** Remediation Guide:| **[OWASP XSS Prevention Cheat Sheet](<https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.md>)** Export Vulnerability Data:| Bugzilla Vulnerability Data JIRA Vulnerability Data [ Configuration ] Mantis Vulnerability Data Splunk Vulnerability Data XML Vulnerability Data [ XSD ] Vulnerable URL: ![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAAA3CAIAAABVZQ1/AAAACXBIWXMAAA7EAAAOxAGVKw4bAAAPB0lEQVR4nO2df0xb1RfA3xjMDlo3ChRGMVBMgJAF9wfiVFTc5kQkS40Mo1aHblmQMCVIJqCZTTfZwmBGXXAxLpn8oftjMctiFl3QxTrRDQYd6xgwwNKVUVlhVF9YKYX3/ePle/Py3r3vvRae/Dqfv3rvuz/OOffcnr7bvtNVDMNQAAAAAKAAYQstAAAAALBsgRgDAAAAKAXEGAAAAEApIMYAAAAASgExBgAAAFAKiDEAAACAUiyKGGMwGK5du0YqAv8xYP8lBywZsGhZ+Bhz/fr12dnZRx55BFsE/mPA/ksOWDJgMSMRY4aGhjQaDfaS1+s9fPgwqSifc+fO7dixg1RcfiBDidiWd5VrW/Fec4e1fwizDA0NRUdHKyFSCMLcu3fvrbfeiouL0+v1H3zwwfT0tBKCkQhW4Dmu6bxsGTkyyNnjaBzl/EFyanFCfqcCQoQRxeFwqNVqOZdEWoqTk5Nz4cIFUnH5wTWUz+cTaYmu8mwr3muOIPsHO4vD4Vi/fr0SIoXgWjt27HjttddcLldPT09ubm51dbUSgpEIVuCQ9w7LfG0ZyRWXIydqo5w/iCDHaedobSBYFvisbGRkpK+vLy8vD1tc9jzwwAMhXBXvNRe49lduFqW5f/9+R0fHV199pdfr09PTjx07dubMmYUWSozw8PC0tLTQ+s7jlpmXFUe6zEWpkFm6TruMkRVjPvvsM4PBEBMT88Ybb3i9XoqivF5vSkoKTdOrVq365ptvuMVjx45pNJqjR4/Gx8dHR0fv2rXr/v37pJHPnTu3ffv2iIgIYbGtre2pp57SaDR6vf7ll1++efMmRVFTU1O7d+/WaDTJyckff/zxzMwM9f975MOHD8fFxW3YsOHkyZPCGlJf7ERsd6wKbW1tjz/++Nq1a+Pi4nbu3Dk8PIwVgNRSaCh2WJIKQlPzDgSwVuIyMjLy4osvajQag8HQ2NjIHl9gBebanzsL+7qxsdFgMERHR7/++uusD1AUNTw8/Pzzz2s0mvT09G+//RZNijX1X3/9FRUV1dnZSVHU2NhYdHT0xYsXuaKKmB3rhKT2a9euvX37dlRUFNuxv78/MTExKI8KaqFnZmZqamri4+OjoqJ27tw5NjZGEpiEXq+/evUq+/qnn34SaSlsI7llsOKJ+BvJqjw/JImKdNHr9ZcvX5apFGpA8mehFiIqBKUFoDTSMYamaZvN1traeuXKlTt37lRXV1MUtW7dup6eHrVa7fP5TCYTt/jSSy/RNH3lypX29vb29vaOjo76+nrS4CJfxhQWFpaUlDidzkuXLuXm5qpUKoqiLBbL5ORkV1fXjz/+aLVaT5w4gYTs6emx2+2nTp3Kzc3F1pD6YiciqdDR0bF37163222325OSksrLy0kCYFvyDMWzM28EFp6peQbECs+lvLx8zZo1/f39LS0tzc3N4tORTvZpmu7q6mJ9wOl01tbWosEffPDB7u7u8+fPc2MM1tQGg6G2traiooKiqAMHDhQUFDz77LPCibBmxzqhSHtEb29vVVVVQ0MDyVYkr5C/0PX19S0tLS0tLX19fYmJid3d3SICxwngCVxSUrJ161YUcni0tbVt3bq1pKQE1UhuGax4WEXEV0Hoh+KiylSKpxHJn0lGJqkgXwtAccSP0hwOB0VR//zzD1tsbW1NTU1Fl7Dfx7BdnE4nW//9999nZ2ezr51OZ0pKCupC07RarR4fHxcWx8fHw8PDhaersbGxNE2zr202W05ODpoRjYOtIfXFTiSiApf+/v6EhATSdNiWPEMhA2JV4F7FviZZCREIBFQq1eDgIFKEPSLHCsy1v1A25AOXLl1ifYAdnGsldP6ONTXDMH6/PyMjw2w2x8bGut1unrQks5OcUHKZXC5Xamrq6dOnRWxFEpWL+ELrdLqOjg6hIthd4xLAm4um6bq6Oq1WW1xc3NfXh+r7+vqKi4u1Wm1dXR0SWM6WEYqHVUTO/uVteZKoQrAthRqJ+DPJyCJbRqYWgNKESwYhtVqN7kATExPHx8clu6hUqoceeoh9nZGR4XQ6UffW1lbU7MKFCzk5OejHJ9xidHR0UVHR5s2bt2zZkpiYmJ2d/cwzz9y7d8/j8aSkpLDtZ2dnw8PDkZC8H7Hwakh9sROJqNDZ2bl///7u7m6/3z87Ozs7O0sSgNSShHAESUjCI0ZHR2dnZw0GA1JEZDrecvBkQz6QlJTE+sDo6ChFUVwrsS9ElikiIuL48ePbtm37/PPP4+PjhRORzE5yQlJ7lqKiooqKildeeYVkKxFRZS601+sdHx/PysoSsRhXYL1eL9SaS1RUVE1NTWlp6dtvv52ZmYl+EZeZmVlYWDg4OLhu3TrUWHLLkMQTKsJF3KqSospsKdSI5M8iRhbZMjK1AJRGOsbMI6tXr96wYQMqiv9q+bvvvrt69ardbr9z505lZeUTTzxRW1sbFhbW3t6O3gjCwuT+ZsHn85H6CieqqqoijWM0Gvfs2XPixAmVSuVyufLz8+feci4Ihf/iiy9CG2q+fjUuYmqKotxud1hYmNvtnvtE4oyMjHR1df3xxx+oJiiPCmr5Vq9eLVMq4eHY3bt3eTUDAwMHDhywWq0WiwVVWiyWhoaGsrIyi8Xy8MMPs5WSW+bQoUNBiRcsWFFltsRqJOLPymkBKIv4bY7wQAydh8g8Kzt79iz2oCkQCMTGxqJjHF6Rh81mS0pKYhhGrVZjb/x5N7/Y22FsX+xEJBVGR0fDw8O5jdHRE286UkuGfFYmooJ4S57w3Br2OMvhcLBF7lkZbxCe/UVmRD7AOys7e/Ys0pFk6omJiYSEhNOnT2u12u7ubt5VktlJAoh7WiAQILkTI+VR8heaYRidTmez2XiKkHaN5FlZaWmpWq2urKz0eDy8Sx6Pp6KiQq1Wl5aWMrK3jFA8rCJy9i+vl4ioMpXiaURSAauF5JaRqQWgNKHHGJqmw8PD0ekqKrKrW1RU5HK57Hb7pk2bzGYzGgEdtlqt1o0bN6J6XrG7uzs/P/+XX37xeDxOp3PPnj2FhYUMw5SWlm7evJn9mFNfX2+xWIRCYmtIfbETiaig0+mampomJib6+vqMRqP4W4+wJc9QMmMM19TcepKVuCfaRUVFRqPR4XDY7fasrCySwDz7y4kxDMMYjUaulVA91tQMw5SVlRUXFzMMc+jQoby8PLaS+xgQ1uziMYbkaTw7BOVRpOXDLnRdXV1OTk5XV5fL5SovL7darSIWk8RkMqHPBFgcDofJZGJkbxmheFhFeDEGa1XelpcUVaZSSCOSClgt5MQYOVoAShN6jGEYxmw2R0ZGnjp1iltsbGxUq9VHjhzR6XTr169/8803JycnhaNVVVXV1taioXhFv99vNpvT0tLWrFmj0+lMJhP7FbHP56uoqEhKSoqMjCwoKGA/xMmMMdi+2InY7lgVrFZrdna2SqVKSEiorKwUeevBthQaiiQwrwaZmlsvIjzq6Ha7CwsL1Wp1SkrKkSNHSALz7C8zxrhcru3bt6vV6rS0tIaGBlSPNXV7e7tarWY/Wvp8vpSUlObmZuFEQrOLxBjSMjECXw3Ko4Ja6EAgsH///tjYWJVKZTQaPR7PXGKMfGRuGaF4WEV4t9ckq/K2/PxCUgGrhZxb/wXRAuAhEWNCQOataFpa2p9//kkqLizL9W66p6dHp9NhLy0G+wdr9uW6TDJRaMmWh1WXhxbLg//0O38uvb29IkVACWw2W2pqKvYS2H/JAUsGLAkWPu8yj2vXrr3zzjsiDaanp1999dW///5b5oArPO35wYMHT548effu3cuXL9fW1paWli60RAAArCAWXYwpKSlBzytgiYiIWLNmjcjPi7lA2vO8vLympqakpCSTyfTuu+/u2rVroSUCAGAFsYphmPkaa2hoaOPGjf/++29Qvbxeb1NTU01NDUVRY2NjOp1ucnIS5babmpoqKSn54YcfuMN2dnYWFBSMjIxIDv7JJ5+43e6QHxlhkaMXVwsAAACAZeHvYyYmJurq6tjXNE1HRkZyA0x+fn4gEOB10Wq1NE3LGXxenitMTk72eDzibbhaAAAAACwLH2NEcLvd27ZtYxMahsBiS3sOAACw0pCOMdi83NjM5zyEWdOF6bjFU20nJyd/+OGHQemzmNOeAwAArDSkYww2Lzcp8zkXbNZ0XjrueUy1vUTTngMAACxnJJ+gkczgzc18zn3uSZg1HZsaXTIZl+Qz8Es67TkAAMAyRvo+hs3L3d/f7/f7MzMz2crOzs7nnntOr9fHxcXl5OT4fD5eL5Q1nf0jpi1btrBv0CFksJckMzPT7/cPDg7W1NSgfz/Epj1///33Gxsbf/31V4qcMFxcyKDSnvOMBgAAsNKQ9Z3/wMAAm4cO5eU2Go1PP/201Wq12Wznz58XdkEJ3m02m81m6+rqstls8yk4B4vFYrVay8rKBgYGUKUw7fnXX3+dlZXl9/srKyv37dvH1iua9pxnNAAAgBWH5J2OMC+3zMznwqzpkkdhoZ2VMUs57TkAAMAyRvo+hqZpu93e2NgYExPD1sTFxWm12i+//NLr9d66dctsNrP1Wq3W5/P19vbOzMxQFGUymcrKym7cuDEyMnL06NGDBw9ix4+NjfX5fLdu3aIoKiwsTPg0jJBAIID+VIolJibm008/tdvt7HMzra2tCQkJ6P8fb968+cILL1y8eHFsbOz27dvHjx/ftGkTRVEVFRV79+69fv368PDwvn37fvvtN8mpKYqqrKwcHh6+ceOG2WwuLCwUaoE1GgAAwEoktNBESlxfXV2NkmYLs6aTkqGiVNs+n0+lUvG+JBf2OnPmTFZWloh4yy/tOQAAwFJkPnPJzAvvvfee3W7/+eefSQ2mpqYyMjI++uij3bt3k9qkp6c3Nzc/9thj8ytbaMlyAAAAViyLLsZMT0/bbLZHH31UpM3vv//+5JNP/mciISDGAAAABMWiizGLGYgxAAAAQbGo85UBAAAASxq4jwEAAACUAu5jAAAAAKWAGAMAAAAoBcQYAAAAQCkgxgAAAABKATEGAAAAUAqIMQAAAIBSQIwBAAAAlAJiDAAAAKAUEGMAAAAApYAYAwAAACgFxBgAAABAKSDGAAAAAEoBMQYAAABQCogxAAAAgFJAjAEAAACU4n97Iu/qYlF7qAAAAABJRU5ErkJggg==) --- **Screenshot:** ![serresparatiritis.gr vulnerability](/twimages/screen-1161017.jpg) **Mirror:** [Click here to view the mirror](<http://1161017.openbounty.org/mirror/>) ### Coordinated Disclosure Timeline Vulnerability Reported:| 14 May, 2020 12:33 GMT ---|--- Vulnerability Verified:| 14 May, 2020 12:44 GMT Website Operator Notified:| 14 May, 2020 12:44 GMT a. Using the ISO 29147 guidelines| ![](/images/done.png) ---|--- b. Using publicly available security contacts| ![](/images/done.png) c. Using Open Bug Bounty notification framework| ![](/images/done.png) d. Using security contacts provided by the researcher| ![](/images/done.png) Public Report Published [without any technical details]:| 14 May, 2020 12:44 GMT