Open Bug Bounty ID: OBB-1161056
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:
      a. verified the vulnerability and confirmed its existence;
      b. notified the website operator about its existence.
Affected Website: |
controls-group.com |
Open Bug Bounty Program: |
Create your bounty program now. It’s open and free. |
Vulnerable Application: |
Custom Code |
Vulnerability Type: |
XSS (Cross Site Scripting) / CWE-79 |
CVSSv3 Score: |
6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N] |
Disclosure Standard: |
Coordinated Disclosure based on ISO 29147 guidelines |
Discovered and Reported by: |
ChaitanyaM43 |
Remediation Guide: |
OWASP XSS Prevention Cheat Sheet |
Export Vulnerability Data: |
Bugzilla Vulnerability Data |
JIRA Vulnerability Data [ Configuration ] |
|
Mantis Vulnerability Data |
|
Splunk Vulnerability Data |
|
XML Vulnerability Data [ XSD ] |
|
Vulnerable URL:
![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAABLCAIAAAAphcDFAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAU5ElEQVR4nO2df0xT1/vH7xClYEERqPxSwW1oHEFmCEOHzjijhDWkIipjbOJk6hhDZtA5NIzhpkbRbLoRsmiCzjizGEIIMcx0ZkHDnDJWWceAEIIdFpSC4ioWrNzPHyffm/u995zT25bbFnhef/Xcnvvcc57nuX24h/Z9XmBZlgEAAAAAGfBy9wAAAACASQvUGAAAAEAuoMYAAAAAcgE1BgAAAJALqDEAAACAXECNAQAAAOTCc2tMdHT0nTt3SE1gqiFTAkBeAYCseGiN+euvv8bGxpYuXYptAlMNmRIA8goA5MZGjbl7966/vz/2raGhoSNHjpCaTlJbW5uWlkZqTiAccwvF7VMTmRLA9XnlCZEVjGFc7lzH5vXw4cNt27aFhIRERER8+umnz549c3IYduHKWNy9ezcwMNA11/I0HH+OefTo0eHDh0lNJ5k0NWZ83TJlmTQ1xgNxY4rm5OSMjo7qdLpr1641NjaWlJS4ZRiArHjiWllvb29HR8fq1auxTWCqIVMCQF65l6dPnzY3N3///fcRERGLFi06efLk5cuX3T0oYPyRVGO++eab6OjooKCgd999d2hoiGGYoaGhqKgos9n8wgsvnDt3jt88efKkv7//8ePH586dGxgYuHXr1qdPnyI7t2/fXrlypb+/f0RExMaNG//55x/s5Wpra9etWzd9+nRBc8OGDcePH0cH79y54+PjgwbDMMzOnTv37t1L7/Dyyy/TTxcM4/nz55999tncuXNnzpy5adOmgYEBhmGePHmyc+fOkJCQefPmffHFF8+fP2f+76H7xIkT0dHRgYGB77zzDtZLqNuRI0dCQkLCwsLOnj1LMihAot8Yhunt7X3rrbf8/f2jo6NPnDiBHs8lXlewdMB/ukdvYWNKd5cUj82cOXPLli0DAwN79+4NCQkJCgratm3bkydPsPkwMjKyfft2f3//BQsWfP7559ywxc6nOERsFuth8bW4cCxfvtzX1zckJGTTpk337t0jOZnkE/ENhQVrkzIqwRQoAeUQpCjJFYIhkTIBOy/SKb6+vv/+++/MmTNRt87OzvDwcOdjgXWa87GgG8Em+b1799avX+/v779o0aKLFy9yRkhzmazYrjFms1mn0zU2Nt66dctoNO7fv59hmFmzZrW1tSmVSovFkp2dzW9u2LDBbDbfunWrqampqampubn52LFjyJRarc7JyTEYDDdu3EhOTlYoFNgrkhbK1Gq1VqtFB+vq6sbGxurr61FTq9WmpqbSO2g0GvrpgmEcO3ZMq9VqtdqOjo7w8PDW1laGYQoKCoxGY3Nzc319fW1tbUVFBeellpYW5CWDwVBcXCz2EurW1tam1+urqqqSk5MpBvlI9BvDMPn5+TNmzOjs7NRqtefPn+cH0YHr8iHFlO4uusd0Ot2NGzd0Op3RaFy8eLHJZGppabl582Z3dzdyIIKfD2VlZcPDwy0tLfX19Q0NDZWVlSTn0x0iMIv1MPZaDMM0Nzfv2LGjr69Pr9dHRkbm5+eTnIz1CfaGorhdYJM0KulJwkecojbtkDKBMi+bydPe3l5UVFReXj4usRA7bVxiQTLCEJI8Pz8/ICCgtbX1ypUr/BpDmsukhaXS3d3NMMzjx49Rs7GxceHChdxbSqWS3xM10SkGgwEdr66uTkhIYFl2cHDQ29vbYrGIr2IwGKKiotBrs9msVCoHBwfFTaPR6OfnhywkJibu2bMnKysLXTEgIGB0dJTewWAw0E8XjEqlUjU3N/OPWK1WpVLZ1dWFmrW1tUlJSWIv3bhxA+sl1I2bGt0gdxbFbwKsVqtCoeCsVVdXz549W/p1xQFFp7PkmNLdZdNjjx494jzm5eU1PDyMmo2NjS+99BJ6LciH4OBgs9mMXut0usTERIrzSQ4RmCV5WHwtVkRnZ2doaCjWyVifUG4oMVib2FFhp0AKKOnOpbhCMCRxJtA/KOjJ09PTs3DhwkuXLlEGID0WWKexTseCZIQlJDnKPf6sudyTMpfJhLfNIqRUKrkn7vDw8MHBQZunKBSKefPmodeLFy82GAwMwwQGBmZkZCQlJa1ZsyY8PDwhIeGNN97gzDY2NqLXV69eTUxM5B7q+c2wsLCYmJjGxsYlS5YYjcaSkpKYmJjnz59rtdq1a9dOnz6d3mHevHn00/lTGBoaGhwcjIuL4x988ODB6OhodHQ0NzWUpgIvRUZGkrykVCr56xUUgxwkv4WEhHB9+vv7kbWxsTG+NWeuKwAbUw6su+gXUiqVs2bNQq8jIyMDAgJ8fX1RMzw83GQyodf8BHj48KHJZIqKikJvjY2NeXt7M2TnUxzCN4v1MOlaDMP8+eef+/bta21tHR0dHRsbGxsbwzqZ5BPSDSUOqNgmaVSUm8supNghZQLlg4KePBkZGYWFhVu2bCENwN5YCJzG2B8LLHYl+YMHDxiG4c8avaDMZbLi0un9+OOPf/zxh16vNxqNe/bsWbFixenTpxmGmTZtWlhYGOpD/0ZZamqqVqvt6upSq9WzZs2Kj49vaGjgr3TRO9g8XcC0adNkcoVdYP2m0+ncPS4hcriLnwAWi8XLy6upqYm7Lb28vEZHR500y+A8XFxcLL4WeqHRaHJzcysrKxUKRU9PT0pKCuVC0n0iJaBYD5CmUFRUJPHSfEg3qUz09va2tLT89ttvlAG4PhbyGaFEcNJCf8yhr59IWSurqakRr6uwLKvT6SIjIwUHrVZrcHAw99QpaLIs29jYmJiYmJaWduXKFZZlKyoqCgoKQkNDjUajlA42T+ejUql0Op1geDaXtiheEnSTbtCm3zhrCoWiu7sbNflrZVKu+/jxYy8vL/6iE2mtDBtTsbukT5DvMX5TnABKpVK84kEyRXKI2CwfzsPia7Es++DBA29vb35nkpOxPqFPXADWJnZU2CmQAkpZK8PaEQwJmwnSF1oFyWO1WkmBYB2KBWk6TsaCZISVtlZWU1PDGZcSwcmE4zXGbDZ7e3t3dHQImiilMjIyenp69Hp9fHx8aWkpy7Ktra0pKSnXrl0zmUwGgyE3N1etVnOW0QpsQ0NDbGwsd1DQRKhUKpVKhfr39PQEBATEx8dL70B/l78QfPjw4cTExJaWlp6envz8/IaGBpZlc3Nz09LSDAaDXq9ftmzZqVOnpHsJm/1Yg48fP/b29m5ra7NarXS/CcjIyNBoNN3d3Xq9Pi4ujvLxh71uYmJibm5uX19fR0dHcnKy4GNCHFO+x7DucsBj/KY4AXbt2pWUlIT+yD127FhZWRndFNYhArMkD4uvhfqrVKqKiopHjx51dHRoNBqKk8U+cb7GYEdFmgI2oPzsYv9/ilKSDQWalAk2aww2efiWxysWpBrjZCxIRtBxbJJrNBr+rDnjpLlMVhyvMSzLlpaW+vn5VVVV8ZsnTpxQKpVHjx5VqVSzZ89+77330P9yR0dHS0tLY2JiZsyYoVKpsrOz+/r6BFcpKioqLi7m7AuaiKysrIyMDK6ZkJAg6EPvQHlXMFmr1bpv377g4GCFQqHRaEwmE8uyZrN5x44dwcHBkZGRpaWl6C6V6CVs9mMNsiy7f/9+dBbFb2L6+vrUarVSqYyKijp69Cjl4w973c7OzjVr1iiVyiVLlpw6dUrwNCaOKd8y1l2OeYxrihPAYrEUFhZGRkb6+fmlpqZ2dXXRTWEdIjBL8rD4Wqh/Q0NDQkKCQqEIDQ3ds2cPxclinzhfY7CjIk2BFFAuu1CTS1GSHf4qhc1MYEU1BnsK1gPOx4JUY5yMBckIOo5N8p6ennXr1imVypiYmPLycs44aS6TFRs1xgEoj942iYmJuXnzJqkJ2EVbW5tKpRoXU87E1BnGNwE4h0BeOYwDmeCu5AE8BM/6SkN7ezulCdiFTqdbuHChu0fhFOObAJxDIK8AwGV46FcaprLi+p07dz788ENKh2fPnr399tv3798Xv3Xo0KGzZ8/29/f//vvvxcXFu3btkm2YEwNwCGAvIQT+++8/dw9tQuJZzzGIKa64npOTk5mZSekwffr0GTNmFBUV/fDDD4K3Vq9eXVhYmJeXN3/+/IKCgq1bt8o50gkAOASwF9KXyN0umD1RcfdiHYYvv/wyPz/f3rPGcdlXyn//xnEASPgWvTaZTF5eXvxv2lgslszMTIHl5uZm9PNyMb/++mt8fLyfn19SUlJLS4sD4xkXxjEcfP84iWORHa/T7TJeWFioUCi4f8tjmbix9th/0rgyxFikxH1i4YlrZVNNcZ0vrm42m/38/Hx8fFBzZGQkJSXFarUKTpkzZ47ZbMZay8zMLC0tRb9He//99+UbtsuYgvsjDAwMnDp16ubNm0hDjMTki/UUR2LcJxYeV2NAcZ1PX1/f2rVrkVagRKxWa0JCQmBgYEJCgmO/gQfcDvpTY+nSpfRflUOsJxkS4z6xGIca8/PPP6MXWFHuLVu2fPXVV1zn5cuXnzt3TqLiul1C+mKwp2OF2RmyEDcWkhE+WAVvsfC4WFydz4IFCw4cOEAfjIC8vLzU1NSPPvqouLhYPBHPFLGnDA8rPo+VcyelBCmyEmXh7UoMktNInscaHxgY4E+ZcrM4EGtSuF0fa46///47KCjo+vXrpOF9991369ev5/ofOHBg69atNnf6YMgbWMgRYpK3Kekn6C+Iu3QHeji2a4z4+xXcW7dv337zzTdzcnJQEyvKvXnz5pqaGtSht7dXp9NpNBqJiut2CemLwZ5OEmYnCXFjp08ywoek4C0QHheLqzsJkrWoqqqqr69/5ZVXBO96rIg9aXhi/5Dk3Cny/tjISpSFtysxKE7Deh5rPCgoiD9lys3iQKxJ4XZ9rBFDQ0Pp6elHjx5duXIlaXgajaahoYH7WldtbW16errNnT4YwieATCEmeZtkXNxfEHeJDpwA2PyPTY8IlmU7Ojo2b948Z86cw4cPI51qkij38PAw0tVnWbaioiItLU2i4rq9QvriX+ljT+fDCbNThLix08caEQwAq+CNFR6na5phD/KP8HdGOHPmTFxcXF9f3+rVq1NSUtDwuF9ieqyIPX14lP8P8+XcKfL+2MiS7Ag2QXA4MVie07BToxjnpky5WRyLNSsh3C6INTfB1NTUvLw8m8NLSkq6fPkyd6LFYrG50wdpAws5QkzyNsm4A6k+cbH93eWIiAjxwSVLlqjV6q6uLk6enaQK7uvrm5qaWlNT8/HHH1dXV+fk5EhUXHdSSJ90OlYMnCTETZo+Sd2dg6LgLRYedxL+zgjFxcX19fVz5869ePFiXFzckSNHUDjQux4iYk9CokA9Sc6dJO/PECIrRRbe3sQgmcVOjWKcPwDSzeJArBlyZro41ogDBw7U19efOXOGO0Iankajqaur27hxY11dXWpqqo+Pj82dPnp7e7GfAHKEmORtkvHx2othQmC7xvAXxxD9/f1lZWXl5eV5eXllZWUvvvgiOk5SBd+8efO3336bnZ1969at6upq0heiGJd8o8wuMXCGMH2bRlyp4M3tjNDf3z84OPjqq68yDBMWFlZVVaXRaJqamritABmPF06XIixvbwRJOGkHmxgUs1jPOzZyxtFYnz59mpSZro/18PBwdXX1pUuX8vPz09PT0V+rpOGlp6ejqdXV1XGL8/Zu1WEvdoXY3j0RXLyHgjux+aRDemA0mUyFhYVKpXLXrl3is/iq4BaLZc6cOV9//XV6ejorWXHdXll4KWtlJGF2ihC3ePoS1d2xCt42l8IcWCvjT1mhUHBK2CzL7tixg2EYvV7P4vAcEXv68PimpMi5i+X9xZGVKAtvV2KQzJKmRjEuWCvD3iyOxZrFhdv1se7u7vb29m5tbWVZVq1W838PR5K+j42N1Wq1s2fP5i/KUbbqkLLZKytPiDlvU4xj+0/KtTJnf4PZ3d2dnZ3N2pLuz8rKCggI+Omnn1BTiuI6a6csvECxnHQ6VpidJQtxY8EaEQwAq+BNkkDmxNUNBoNCoRA7WXBWZ2cn/59Y3C+28vLyVqxYodfrTSZTVVVVcHBwaGjowYMH0bseK2JPH55gFwmbcu6Ca5EiK1EW3q7EIDmNNDWScf5IsDcL62isWUK4XRxr/iltbW0KhYL7DSkpG0tKSuLi4gQbW9C36hB/AsgUYoq3scZJ/aHG0KBL0NfU1CiVSk7TW4riOmu/LLxAsRx7OlaYnSULcWMhGeEPAKvgTcohTlzdYrEI/j7FnnX58uW4uDjxuxaLZf/+/VFRUQqFYtmyZRcuXOjq6vLz80MbXXisiD2CkkL8XSRsyrkLrkWKrERZeLsSg+Q00tRIxvkjwd4srKOxZgnhdnGsBacUFBSsWrWKMjyWZZHEi+AH8PSNPMSfADKFmOJtrHGbeyhMJl5gWda9i3Xt7e2rVq26f//+okWLzp8//9prr7l3PG5n9+7der3+l19+IXUYGRlZvHjxwYMHt2/fzjDM3bt3Y2NjQbBvKsDdLO4eiBt48uRJcHCw0Wgc36/MAHLjfk1MUFwXUF5eTt/a3cfH58KFC6+//jp3hPsvKDC5mQT7NTjM1atXk5OTocBMONzzHHPo0KHw8PC0tLSurq6srKySkhIQxHWYkZERb2/vCSQ+If66DqKrqwukbcVM6JtlvGKNfqqZmZn5wQcfjNPQABfhnhpz/fr1wsJCvV4/f/78/Pz83bt3u34MgLvASu8w5J8jTHEm9M0yXrH28fFRq9UXL17k5GKBiYKkGvPJJ59UVlZWVlZOoD+gAAAAALdju8YMDAwg9YjY2NgJtCADAAAAuB3b//Pn5KZdMBoAAABgMmFD4GSyyk0DAAAALsD2Wll7e3tCQoLJZJpYX14CAAAA3I7ttTK0EQJ8nQMAAACwF4/baxkAAACYNECNAQAAAOQCagwAAAAgF1BjAAAAALmAGgMAAADIhfu1/QEAAIDJCjzHAAAAAHIBNQYAAACQC6gxAAAAgFxAjQEAAADkAmoMAAAAIBdQYwAAAAC5gBoDAAAAyAXUGAAAAEAuoMYAAAAAcgE1BgAAAJALqDEAAACAXECNAQAAAOQCagwAAAAgF1BjAAAAALmAGgMAAADIBdQYAAAAQC6gxgAAAAByATUGAAAAkAuoMQAAAIBcQI0BAAAA5AJqDAAAACAXUGMAAAAAuYAaAwAAAMgF1BgAAABALv4HLJfrHNqkdaIAAAAASUVORK5CYII=)
Screenshot: ![controls-group.com vulnerability](/twimages/screen-1161056.jpg)
Mirror: Click here to view the mirror
Coordinated Disclosure Timeline
Vulnerability Reported: |
14 May, 2020 12:38 GMT |
Vulnerability Verified: |
14 May, 2020 12:54 GMT |
Website Operator Notified: |
14 May, 2020 12:54 GMT |
a. Using the ISO 29147 guidelines |
![](/images/done.png) |
— |
— |
b. Using publicly available security contacts |
![](/images/done.png) |
c. Using Open Bug Bounty notification framework |
![](/images/done.png) |
d. Using security contacts provided by the researcher |
![](/images/done.png) |
Public Report Published |
|
[without any technical details]: |
14 May, 2020 12:54 GMT |