logo
DATABASE RESOURCES PRICING ABOUT US

abcommerces.com Cross Site Scripting vulnerability

Description

Open Bug Bounty ID: OBB-1161213 Following coordinated and responsible vulnerability disclosure guidelines of the **[ISO 29147](<https://www.iso.org/standard/45170.html>)** standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence. Affected Website:| **[abcommerces.com](<https://www.abcommerces.com>) ** ---|--- Open Bug Bounty Program:| **Create your bounty program now**. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| **[XSS (Cross Site Scripting)](<https://www.owasp.org/index.php/Cross-site_Scripting_\(XSS\)>)** / CWE-79 CVSSv3 Score:| 6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N] Disclosure Standard:| Coordinated Disclosure based on **[ISO 29147](<https://www.iso.org/standard/45170.html>)** guidelines Discovered and Reported by:| **g0bl1nsec ** Remediation Guide:| **[OWASP XSS Prevention Cheat Sheet](<https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.md>)** Export Vulnerability Data:| Bugzilla Vulnerability Data JIRA Vulnerability Data [ Configuration ] Mantis Vulnerability Data Splunk Vulnerability Data XML Vulnerability Data [ XSD ] Vulnerable URL: ![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAAA3CAIAAABVZQ1/AAAACXBIWXMAAA7EAAAOxAGVKw4bAAAQF0lEQVR4nO2dfUxbVRvA70qBAuW73DFg8jFlhBBsFBEVE7MtGxJCOmSIBAfLCGMLm6QyFWYQycImgy3iJIuZBj+S+QdZCCEGCaJWgnOwprDKWGUIBTqcBWF2W+nK7vvHed+bvverty0XCnt+f/UcnvPc53nO6Xl6z20fNhEEgQEAAACAAIjW2gAAAABgwwI5BgAAABAKyDEAAACAUECOAQAAAIQCcgwAAAAgFJBjAAAAAKFw3xwTGxs7NDTE1gQ2PDDjgIvAEnIH3DTHXL9+/dGjR08//TRjE9jwwIwDLgJLyE2wk2MmJyf9/f0Z/7S4uHjq1Cm2pot0dHRkZ2ezNdcKjmgAK8uKzLhw8+WE5n/++efAgQNhYWGRkZHvvvvuw4cPhTCMjfW4dF20eTWXkN3dj9QzOTkZHBzsolXrC+fvYxYWFurr69maLuKeOQZYNTbejBcXF1ssFo1G09vb29/fX1NTs9YWbXBWZAlFR0cbjUa7Yiu7+20w3PGs7Pbt2zqd7pVXXmFsAhuejTfjDx48UKvVn332WWRk5Pbt28+ePdvW1rbWRrk7YrE4Pj7eubEruIS8vb1dV0L64opT6xReOebjjz+OjY0NDQ198803FxcXMQxbXFyMiYkxmUybNm368ssvbZtnz5719/c/c+bM5s2bg4ODi4qKHjx4gPQMDAy8/PLL/v7+kZGRr7322o0bNxgv19HRsXv3bk9PT0pz7969Z86cQZ1DQ0Pe3t7IGAzDDh06dPz4cW6Bp556ins4xYyBgYEXXnjBx8cnLCxs3759MzMzqP+jjz6iu7a8vFxVVbV582Y/P799+/bNzc2h/nv37h06dCgsLGzr1q0ffvjh8vIyumtuamqKjY318/N7/fXX5+bmjh8/HhYWFhoaeuDAgXv37qGx/CWXlpYOHjzo7+8fHR39wQcfkFc5depUWFjYli1bPv/8cw4j6cN5ThajQrrLDvliO+OMXjBay+EdffWyKXEoaA5p9vHxmZqa8vPzQzJjY2MRERFsQWZzkL4gV8RgNmZmZvbs2ePn57dt27Zz586hEx7K2ZHtyQ/PkH766ad79uwhNZw4caKoqIjRgMjIyGvXrpHN77//nttgWwHKHsIYZ3qg6Nba+ote03c2ymbIaCrpS2Rk5G+//eaER+sX+znGZDJpNJr+/v6rV68aDIb33nsPw7DAwMDR0VGpVGo2mwsLC22be/fuNZlMV69eHRwcHBwcVKvVDQ0NSFVWVlZxcbFer+/r60tPT5dIJIxXZDsoy8rK6unpQZ2dnZ2PHj3q6upCzZ6enszMTG4BhULBPZxihlqtLi0tnZ2d1Wq1UVFR5eXlKBqD/8PWtYaGhp6enp6eHp1OFxERMTIygvqPHTtmMBjUanVXV1dHR0dLSwsZ0r6+Po1GYzAYEhISjEbj8PDwlStXJiYmqqurKcG3K1lXV3f//v3h4eGuri6VSnXhwgU0dnR0VKvVtra2pqencxjJOJzPZDEqZHTZIa9tFwDdC0Zr2YxhXL0cSvgHzVHNJDdv3qysrGxsbGQLMpsGtgXposFslJeXBwQEjI6Odnd3t7a2cgvzD6lCoVCpVP/++y851zk5ORiGhdGg6C8uLt65c6dt1iEZGBjYuXNncXEx2UPZQxjjzLZgKPG0hXFno2yG3KY67dE6huBkYmICw7C7d++iZn9/f1xcHPknqVRqK4maaIher0f9ly9fTklJIQhifn5eLBabzWb6VfR6fUxMDHptMpmkUun8/Dy9aTAYfH19kYbU1FSlUllQUICuGBAQYLFYuAX0ej33cI44jI2NhYeHs7lGEASO42q1mjLKarVKpdLx8XHU7OjoSEtLQ0oWFhZQZ19fn0gkun//PhnhJ5980jb4fCRlMpnJZEKvNRpNamoqGkuGkcNIxuEck8WtkNFlh3yxnXFGL+jWshnDsXoZlfAPmqOaSaanp+Pi4r799luC/R3BrQFhuyBdNJgRq9UqkUhsl3pQUBDB9K5H/WxmM1qYlpbW1tZGakMRmKZBMclkMtXX14eEhOTl5el0OtSp0+ny8vJCQkLq6+vJq1P2ELY4sy0YW2tt/eV4+1PCwmgqHf4erWvs5xi2JcWRYyQSCdk/MjKC4zh6nZ+fL5fLlUplY2PjTz/9RMpYrVaDwYBeX758eceOHeSfKE25XN7b2zs7OxsVFbWwsIDjuNVqvXjxYk5ODh8Bu8NtUavVu3btioiIkMlkISEhQUFBbK4tLCyIxWKr1UrRYDAYvLy8yKZOp0P7AltI7UaYUXJ+fh7DMNn/CAkJwXGcMpbDSMbhBPtkcStkdJm/L8T/zzjdCzZrGY1huyibEv5Bc1QzSVpaWnNzM9mkB5lDA+OCdNFgNgwGA2Wpc+cY/iElCOL06dPFxcUEQZw/fz4vL4/DDDrz8/MKhUIsFqOmWCxWKBTkZxcEZdMgmOLMZ8EQtBzDtrMxukkx1RWP1jViAW+RaFy6dOnatWtardZgMCiVyhdffPGTTz7BMMzDw2PLli1IhvsbZZmZmT09PePj41lZWYGBgXK5XKVS2Z50cQvYHW6LQqEoKSm5cOGCRCKZnp7OyMjg9s7Dw8O18DiJ2WwWiUSDg4Ni8X9nUyQSWSwWRmG6kYzDMfbJsqvQRbi/DsRmrUPGcCuhw99Hbs23b98eHh7+9ddfyR56kKurq9k08F+Qq78UHQppTk4OOobq7Owkj4Poh2N///03pefWrVs1NTUqlaqurg711NXVNTY2HjlypK6ubtu2baiTvoTocT558iQmZKDopvIUY/RofcOdgpy7j8Fs7ijb29vJO0pbNBpNVFQUpdNqtcpkMvKkhdIkCKK/vz81NTU7O/u7774jCKKlpeXYsWPh4eHkbRC3gN3hJHfu3LH9AKLRaNDHRjbXcBzXaDR0dxjPylb2PoYgCKlUSr/rp3+wYjSScTgFxsliVMhxVsbHF8qMM3rBZi3dGI6LMirhHzRHNSOsVqvtYqZABplRA9uCdN1gNlNtz8ra29uR/N27d0UiEXnm1tfX50RICYJISkrq6ekJCgoiVdk9KysrK5NKpUql0mg02vYbjcaKigqpVFpWVkYwbRoUyDjbXTAE7T6G7e1PGchmqnMerXeczzEmk0ksFpPHiGQTzURubu709LRWq5XL5bW1tQRBjIyMZGRk9Pb2Go1GvV5fUlKSlZVFakanpSqVKikpieykNBE4juM4Tp7hBgQEyOVy/gLcf7U9tMVxvKWlZWFhQafTKRQKMsfQXSMIor6+PjU1dXh4eHp6ury8XKVSof6SkpLs7Gy9Xq/Vap955pnm5mYhckxZWVlaWhr6mNbQ0FBXV8f43mYzkj6cY7JsQ8SokO4yf18oM87oBd1aNmM4LsqohH/QHNVMYhs9tiCzaWBckK4bzIZCobBd6qR8ampqSUnJ7OysTqdLT093IqQEQdTU1CQnJ9vuAHYpLCycmJhg++vExERhYSHBtGmwxdnugiGYcgzj25+yGXKb6qhH6x3ncwxBELW1tb6+vq2trbbNpqYmqVR6+vRpHMeDgoL279+PHu1aLJba2tr4+HgvLy8cxwsLC2dnZylXqaysrK6uJvVTmoiCgoLc3FyymZKSQpHhFuD4K8VZlUqVkpIikUjCw8OVSiX5lm5oaKC4RhCE1Wp95513ZDKZRCJRKBTkBxOTyVRaWiqTyaKiompra61WqxA5xmw2V1RUREVF+fr6ZmZmjo+PM7632YykD2ebLIpaRoV0l/n7QplxRi/o1rIZw3FRRiX8g+aoZkav2YLMpoFtQbpoMBvT09O7d+/29fWNi4trbGwk5cfGxnbs2CGVShMTE5ubm50IKUEQGo0GwzBy61hB6JsGW5ztLhiClmMYdzYEZTMESOzkGCdgW1V8iI+Pv3LlClsT2PDAjLsnfHKSQ5hMJolEQvm+2Yog3BJyZWd7nFnVZ/52uXnzJkcT2PDAjD8mdHd3p6enC1G5C5aQu+GOtWTcn6GhocOHD3MIPHz48I033vjrr7/4aIMK5MBaQf/lI4L8jaQQLC4uom8tC3cJwH1wr/uY9UJxcXF+fj6HgKenp5eXV2Vl5ddff82tCiqQA2sIei5CR9AizTiOZ2Vl7d+/X7hLAG6EcMdwPI8vUclS4cxYEWyNNBqNIpHI9gtCZrM5Pz+f4qxarUY/P+Tm5MmT5eXlLpq3kUINAMBGQsCzso1UFtvWSJPJ5OvrS1ZjXVpaysjIsFqtlCEhISEmk8muZqhADgDABkbY5zErUhbbzZmdnd21axcqcego7laBHAAAYGWxn2PWvCw221jGwuauFJbnb6Qt0dHRJ06c4B9xtgrkbLX0VzPUAAAAK4v9HOMOZbHZ/lkA/YouFpbnaaRzcFcgZ6ulv+YVyAEAAJyH+3GNO5TFZhtLv6KLheV5Gsn4gJ37F8J2K5Bz1NJf8wrkAAAATmPnPiY4ODg3NzctLe3tt99uamr6+eefMQxbXFycn59PTk6mCEulUo4fVUkkkq1bt6LXCQkJer2eUczPz6+qqmpsbMxisSQmJnKPpVzxzp07FoslNjaWlEQbLpIMDAxEr6OiogICAnx8fFAzIiKCfGDO00hHSUxMtFgs4+PjVVVV5D9D7O7uTk1NRfYzxhlbi1ADAACsIPbPyi5dunTx4sXk5GSLxaJUKo8ePYr6BS2LjUrUcZfFXkfU1dWpVKojR47cunWL7KR8o4wtzhiEGgCAdQuv75U9++yzRUVFVVVVX3zxRXt7e2BgYEhIiKM/TTebzVNTU+i1Tqd74oknGMUOHz4sl8vDw8N1Ol1VVZVDY3Ec9/Ly+vPPP1FzdHQ0JiZGCCMdpaqqSqfT4Tgul8tRgYDl5eXOzk7Kt5YpccYwbPVDDQAAsILYyTE3btx49dVXf/zxx7m5uampqfPnz8vlcgzDKioqSktLr1+/PjMzc/To0V9++YXPxZRK5czMzO+//15bW5uVlYU6ZTKZ2Wz+448/UNNkMmm12qamptDQULtjKXh4eOTn51dUVExNTSHJgoICPoY5ZKRIJKL/GoaO1Wol/18ThmGhoaHnzp3TarXoRzP9/f3h4eHksR5bnLG1CDUAAMCKwf24xh3KYrONZXz27kpheZ5Gms1miURCeUhON6atrS05OZktsJQK5Bz/+AAqkAMAsH7ZRBDEKmSyycnJpKQk5wrtuTJWoAu99dZbWq32hx9+YBNYWlpKSEh4//33Dx48yCiwffv2r7766vnnn3feXBZWLVwAAAB2gZqYztDY2MhWTBDh7e39zTffvPTSS2wCUIEcAIDHAajt7wyenp7PPfcctwxHggEAAHhMgBwDAAAACMUqPY8BAAAAHkPgPgYAAAAQCsgxAAAAgFBAjgEAAACEAnIMAAAAIBSQYwAAAAChgBwDAAAACAXkGAAAAEAoIMcAAAAAQgE5BgAAABAKyDEAAACAUECOAQAAAIQCcgwAAAAgFJBjAAAAAKGAHAMAAAAIBeQYAAAAQCj+A2ySqMsxVjsAAAAAAElFTkSuQmCC) --- **Mirror:** [Click here to view the mirror](<http://1161213.openbounty.org/mirror/>) ### Coordinated Disclosure Timeline Vulnerability Reported:| 14 May, 2020 12:58 GMT ---|--- Vulnerability Verified:| 14 May, 2020 13:06 GMT Website Operator Notified:| 14 May, 2020 13:06 GMT a. Using the ISO 29147 guidelines| ![](/images/done.png) ---|--- b. Using publicly available security contacts| ![](/images/done.png) c. Using Open Bug Bounty notification framework| ![](/images/done.png) d. Using security contacts provided by the researcher| ![](/images/done.png) Public Report Published [without any technical details]:| 14 May, 2020 13:06 GMT