Open Bug Bounty ID: OBB-1161163
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:
      a. verified the vulnerability and confirmed its existence;
      b. notified the website operator about its existence.
Affected Website: |
northerngames.org |
Open Bug Bounty Program: |
Create your bounty program now. It’s open and free. |
Vulnerable Application: |
Custom Code |
Vulnerability Type: |
XSS (Cross Site Scripting) / CWE-79 |
CVSSv3 Score: |
6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N] |
Disclosure Standard: |
Coordinated Disclosure based on ISO 29147 guidelines |
Discovered and Reported by: |
g0bl1nsec |
Remediation Guide: |
OWASP XSS Prevention Cheat Sheet |
Export Vulnerability Data: |
Bugzilla Vulnerability Data |
JIRA Vulnerability Data [ Configuration ] |
|
Mantis Vulnerability Data |
|
Splunk Vulnerability Data |
|
XML Vulnerability Data [ XSD ] |
|
Vulnerable URL:
![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAAA3CAIAAABVZQ1/AAAACXBIWXMAAA7EAAAOxAGVKw4bAAAN40lEQVR4nO3db0wT5x8A8NMVqHCIQFsR6ijEMbMY1hhGWMYWomYxrCF1Qzcdm5gZxAVJ0yATtmwdS9AgmGwvyLKwxP1JtheGLMQYljRk6Qhxwpqjdgy7akothS2FUXdqwer9Xlx+Ty7357mjf7To9/Oqz/W5577fe57jy12xrmMYhgAAAACSYP2jDgAAAMBjC2oMAACAZIEaAwAAIFmgxgAAAEgWqDEAAACSBWoMAACAZEndGlNSUjI5OSnVBE+C1Jn01IkE4E1OTh4/fhzT4d69ewcPHvz7778VDghTH6cUrTFXr1598ODB888/L9oET4LUmfTUiQTIamxsNBgMmA5paWnp6eltbW1KRoOpj59MjZmZmcnOzhZ9KxwOnz59WqoZp6Ghobq6OqnmWsE9J5gzCURxJ/3ff/89cuSIVqstKir64IMP7t27p3yc+M98/MtPYQyyFxEaZ2ZmJjc3N56QYqAki5h/DsQ8TdwjLiwsuFwui8WC3l1eXj548CBvZIvFYrfblQy+Rn/ypJTY72OWlpa6u7ulmnF6PGpMYs/Jk4Y76Y2NjSsrKxRFjYyMjI2Nffzxx48qktgUFxeHQiHZbim+YJRk8fBT4B6RpunMzMyMjAy2uby8vHfv3mg0ytslLy+Ppmklg6/RnzwpJRWflc3NzXk8npqaGtEmeBJwJ/3u3btOp/Orr74qKip69tlnz507d+HCBeVDqVSqsrKyhEQSD/SDLx4olziTillCsnho5ufn9+zZ09vbG9vu8JMnIRTVmM8//7ykpCQ/P/+dd94Jh8MEQYTDYYPBQNP0unXrvvnmG27z3Llz2dnZZ8+e3bx5c25u7uHDh+/evcuOMz4+/vLLL2dnZxcVFb3xxht//vmn6OGGhoZeffXVtLQ0XnPfvn1nz55lN05OTmZkZLDBEARx7NixkydP4js888wz+N25MbB37n19fSUlJbm5uW+//TbqfPv27WPHjmm12q1bt3766af3799H/U+fPq3Vards2fL111/zTpHUmSQIYnl5+b333svOzi4uLv7kk0+kBsSENDc399prr2VnZ5eUlPT19aGnKOPj4y+++OKGDRu0Wu3+/ftnZ2d5qWVlZb355psLCwsnT57UarX5+flHjhy5ffs2JjAlkyg8RcJ0MGHz1sCGDRtu3ryZlZXFvuX1egsLC5Uvp6Kiot9//x01f/75Z9FuUh24kYge8f79+x0dHZs3b87Kytq/f//CwoLU3HGXlvACES4YYagol6Kiot9++01hRtw+ClMgpFdgnCkQEsuSR+FFIXqVIcXFxR9++KHsyRGeJZbs1AMl5GsMTdMURY2NjV25ciUYDJ46dYogiJycnOnpaZIkI5FIQ0MDt7lv3z6apq9cuTIxMTExMeF0Ont6etihTCZTY2Oj3+8fHR2trq5Wq9WiR5R6UGYymdBT1IsXLz548GB4eJht2u322tpafAez2YzfXZi4y+ViE/f7/Z2dnez21tbWYDDodDqHh4eHhob6+/tR/+npabfbff78+erqat4pkjqTBEF0dXXduXPH5XINDw87HI4vv/xSdEBMSC0tLenp6V6v1263f/vttygFp9PZ1NQ0Pz/vdrv1en1LSwt3TkdHRymKCgaD27dvD4VCLpfr8uXLPp8PDSsamJJJFD1FwnSkwhauAeTatWttbW3sb6aikWgFeCM0Njbu3r2bW3WQ8fHx3bt3NzY2SkUiesSenh673W632z0eT2Fh4dTUlGiyXKIXiHDBYEJVmJEwKeUp4LOIJwWpZcml8KIQHjE2sU09UITB8vl8BEHcunWLbY6NjZWWlqK3SJLk9mSb7C5+v5/dPjg4WFFRwTDM4uKiSqWKRCLCo/j9foPBwL6maZokycXFRWEzGAxmZmayI1RWVlqt1kOHDrFH3Lhx48rKCr6D3+/H745JfHR0lE08Go2SJHnjxg12+9DQUFVVFeqPwhaeIsyZ1Gg0NE2zrymKqqysFB0QE5JarUYhDQ4Obtq0SXiSvV5vQUEBGmdpaQmNs379+jt37qDAtm3bJhUYZhIR0VMkTAcTNm8NIIFAoLS09Mcff2Skl1NAgNeBpunu7u68vLwDBw54PB52o8fjOXDgQF5eXnd3N0qZF4nUEXU6ndPp5G4RnTveShBeIIzgmhINVUiqmzAp5Sngs0hgCtxlyd1R4UXBCM4tdxCpjdwt8Uw9UEK+xvAKCfpBgKkxarUabZ+amtLpdOzrt956y2g0Wq3W3t7eX375BfWJRqPBYJB9PTg4uGvXLvQWr2k0GkdGRubn5/V6/dLSkk6ni0ajAwMDr7/+upIOsrvLJh4MBtPT09F2j8cjeoUIB5EacHFxkSAIzf/l5eWxpwt/YWBCmpqaQnPkdDr37NlTWFjIjsxux8ypksCkJhERPUXCdDBh8yYdqaqq+uKLL1BTNhKMxcVFs9msUqnYpkqlMpvNqO4ivEiER1xaWlKpVNFolLsXfu4wF4joKuKFqjAjqaQUpoDPIs4UZJel8ouCibvGxDz1QKGH+pn/Dz/8MDAwUF5evrKyYrVaT5w4wW5/6qmntmzZwr7G/0VZbW2t3W6/ePGiyWTKyckxGo0Oh4P7pAvfQXb3hy8Siaxfv35iYoKiKIqiXC4XRVGJGtxsNr/yyisOh4OiqEuXLiUkMKlJTCDRB2Vzc3Mul4t7ONFIZJ+VEQRx/fr1lpYWh8PR1dXFbunq6nI4HO+///7169cxkWAWcCLyFiEMVXk30aRSIQXZZZnUi4InzqkH8vAlKLb7GIJzH/3TTz+h+2guiqL0ej1vYzQa1Wg06PkJr8kwzNjYWGVlZV1d3aVLlxiG6e/vb21tLSgoQLdB+A6yu8smjnlWFtt9DMMwJEmKPqlQeB/DPnTy+XzsdvTQ6Z9//uH+VktR1KruY6QC45KaRNFnZbx0pMIWTjrqL9wojET2WVlzczNJklarNRQKcbeHQiGLxUKSZHNzMzqiaCS8I+p0OoqiuG/J3sdIXSC8HaVCVZiRaFIKU8BnEU8KCpelwouCifs+holj6oESsdcYmqZVKhV6xoqa7Pqrr68PBAJut9toNNpsNoZhpqam9u7dOzIyEgqF/H7/0aNHTSYTGpl91ulwOHbs2IE28posnU6n0+nY/oFAYOPGjUajUXkH/LvokSsm8aNHj9bV1fn9frfbvXPnTvbpjeji5p4izIDNzc1VVVVutzsYDPb09HR1dYkOiBmhvr7ebDb7fD63211eXo6263S6/v7+paUlj8djNptXW2OEgWEmkfu0WniKRM+PaNiiky48BH45YTQ0NKDCJuTz+RoaGtjXvEikjtjd3V1ZWelyuQKBAPsLu5IaI7xAGME1hQ9VYUbcpJSnwCioMTGnILosb926pVKppqen2ad2Ci8K3hH9fj/3IR4vbMTr9Qo/s4xh6oESsdcYhmFsNltmZub58+e5zb6+PpIkz5w5o9PpNm3a9O6777KfJ6+srNhstrKysvT0dJ1O19DQMD8/zztKW1tbZ2cnGp/XZB06dKi+vh41KyoqeH3wHTDvKrztoGm6qalJo9Ho9XqbzcZeEqKrn3uKMANGIhGLxaLX6zMzM2tra9nfnlZVY+bn500mE0mSBoPhzJkzaLvD4aioqFCr1QUFBVardbU1RhiY1CQKP+nlnSLR8yMatuikC+PELKdE4UUidcRoNNre3q7RaNRqtdlsDoVCsjVG9AJh8a6pxFKeAiNXY+JJQXRZMgxz6tQptKPCi4J3xEgkolareX9cINzrwoUL5eXlmBOlcOqBEjI1JgZS60CJsrKyy5cvSzWBEtPT0+gD2DUEhZ06k56kSOK5QFJEKqfQ2toq+gcjSCQSMRgMAwMDmD6pswgfA6pH8ymQhGvXrmGaQAmKokpLSx91FKuGwk6dSU+dSIByvb29+D8QyMjI+P7771966SVMH5j6BEqtGgNi89lnnxUWFtbV1d24caOzs/Mhf51XzNZo2CCVpaWlvfDCC/g++AIDEisVv68MrFZNTU1/f79er29oaGhtbT18+PCjjkiRNRo2AEC5dQzDxD/KzMzMjh07/vvvP0yfcDjc39/f0dER/+EAAACsCYmpMQRBLC8v47+TVUkdAgAA8DhJ2LOytfWl3wAAAB4C+Rqzqq8uj/NLvwEAADxO5GvMar+6PLHfWw4AAGANk/0XNKv66nJfor+3HAAAwNolcx8TDocXFxfLy8t520mS5P6vhVxqtXrr1q3s6+3bt/v9ftFuWVlZHR0dXq93ZWXlueeeW0VVBAAAsEYo+sw/Sd/7rfB7ywEAAKxRMjUmJycnLy9vcnJS+YiRSOTmzZvsa4/H8/TTT4t2O378uNFoLCgo8Hg88I9mAADgsSR/H2OxWJqamq5evTo7O3vixIlff/1Vdher1To7O/vHH3/YbDaTycRu1Gg0kUjkr7/+Yps0Tbvd7r6+vvz8/HgSAAAAkLLka0x7e3tNTc2uXbu2bdsWCARkPzshSbKiomLnzp3V1dXl5eXt7e3s9qysrI8++shoNLJ/u/zdd98VFxfHnwAAAICUlbB/58+Cf8wPAAAAge/EBAAAkCxQYwAAACQL1BgAAADJkuDPYwAAAAAE7mMAAAAkC9QYAAAAyQI1BgAAQLJAjQEAAJAsUGMAAAAkC9QYAAAAyQI1BgAAQLJAjQEAAJAsUGMAAAAkC9QYAAAAyQI1BgAAQLJAjQEAAJAsUGMAAAAkC9QYAAAAyQI1BgAAQLL8D2oeHaeEBsJcAAAAAElFTkSuQmCC)
Screenshot: ![northerngames.org vulnerability](/twimages/screen-1161163.jpg)
Mirror: Click here to view the mirror
Coordinated Disclosure Timeline
Vulnerability Reported: |
14 May, 2020 12:52 GMT |
Vulnerability Verified: |
14 May, 2020 13:00 GMT |
Website Operator Notified: |
14 May, 2020 13:00 GMT |
a. Using the ISO 29147 guidelines |
![](/images/done.png) |
— |
— |
b. Using publicly available security contacts |
![](/images/done.png) |
c. Using Open Bug Bounty notification framework |
![](/images/done.png) |
d. Using security contacts provided by the researcher |
![](/images/done.png) |
Public Report Published |
|
[without any technical details]: |
14 May, 2020 13:00 GMT |