logo
DATABASE RESOURCES PRICING ABOUT US

hanshartung.de Cross Site Scripting vulnerability

Description

Open Bug Bounty ID: OBB-1161348 Following coordinated and responsible vulnerability disclosure guidelines of the **[ISO 29147](<https://www.iso.org/standard/45170.html>)** standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence. Affected Website:| **[hanshartung.de](<http://hanshartung.de>) ** ---|--- Open Bug Bounty Program:| **Create your bounty program now**. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| **[XSS (Cross Site Scripting)](<https://www.owasp.org/index.php/Cross-site_Scripting_\(XSS\)>)** / CWE-79 CVSSv3 Score:| 6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N] Disclosure Standard:| Coordinated Disclosure based on **[ISO 29147](<https://www.iso.org/standard/45170.html>)** guidelines Discovered and Reported by:| **g0bl1nsec ** Remediation Guide:| **[OWASP XSS Prevention Cheat Sheet](<https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.md>)** Export Vulnerability Data:| Bugzilla Vulnerability Data JIRA Vulnerability Data [ Configuration ] Mantis Vulnerability Data Splunk Vulnerability Data XML Vulnerability Data [ XSD ] Vulnerable URL: ![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAAAjCAIAAADNIk3yAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAHx0lEQVR4nO3bXUhT/x8H8KOzWLmTbfm4LDcZKCFmOWyFmXhRVkPswS5qYVBIhIWMkJIeJEFBMYqkvKhIL+ymupCIiEFRsgsz8/kZ6UynabqaDpuh839xfv/DYTvnuN/ayfnr/bra9+zz/Z7P97ODn+1sBi0tLREAAAAiCF7pBAAA4D8LPQYAAMSCHgMAAGJBjwEAALGgxwAAgFjQYwAAQCwB0WPUanV7ezvfEHyAGgJAIFj5HtPZ2elyubZv3845BB+ghgAQIJbpMRRFkSTJ+ZTdbq+oqOAbeq+xsTEnJ8dtKHBev/DL+j5v2TcURcnlcm8i3Ur6myf1+wsh9osLAIHD988xP378KC8v5xt6j7PH+JzVn+TzlsW2imoIAP9tK3yvbHx8fGBgIDMzk3MIPkANASBweNVj7t69q1arN23adPr0abvdThCE3W5XqVQOhyMoKKiuro49vH37NkmSVVVVUVFRcrk8Pz//58+ffCs3Njbu379/zZo1nEPP8xIE8fHjx927d69bty4iIiIvL89qtRL/v/1SXV2tVqvlcvmpU6fY8Xv37iVJcvPmzceOHevt7RXYl/D6FRUVERERMTExjx498twysyz7ppZAYuPj44cPHyZJUq1WV1dXc94Hs1qtBw4cIEkyISGhoaGBOT4/P3/27FmSJOPi4m7evLm4uMhZUs+9u92nYqe6uLh49erVqKio0NDQvLy86elp4UIJ5MDeO9+V4LmmcDwArEbL9xiHw9HW1mY2m5ubm8fGxq5cuUIQRFhYWF9fn0wmczqdBoOBPTxy5IjD4Whubm5paWlpaWltba2srORbXOBGGed5CYJobW0tKCj4+vVrV1dXbGxsYWEhE9/R0UHHWyyWkpIS+rherz9z5ozFYmlqakpPT5dKpT6v39fX19XV9eTJk/T0dLctCxeQM7HCwsK1a9cODQ2ZTKb6+nrOuYWFhRs2bOjp6Xn16hW7x9y6dWtubq6jo+P169fv37+vra3lrCHf3jlVVlaaTCaTyTQwMKBUKnt6eoQLJZADe++cVwLfmt5fOQCwOiwJ+vLlC0EQMzMz9NBsNsfHxzNPyWQydiQ9pKdYLBb6+IsXL7RaLf3YYrGoVCpmisPhkMlkNpvNcyhwXrahoaHo6GjP+KamJjreZrOFhIQ4nU7v9yWwPpOq55bdSrFx40bOEzGJLSwsSKXS4eFhpkrMFAYdw64kExMeHu5wOOjHbW1taWlpnjXk3LtAqpGRka2trd4Xii8Ht7meVwLfmgJXDgCsUiHLNiGZTMbcXVEqlTabbdkpUql0y5Yt9OPExESLxcJMN5vNTNibN2/S0tKYezVuQ77zfv78ubi4uKen59evXy6Xy+VyecbHxsbS8XK5/Pjx4zqdLisrS6lUarXaffv2+by+lz/rcsOZ2OTkpMvlUqvVTJU8J05OThIEwa4k/eD79+9TU1MqlYoeulyukJB/Xkd2DQX27slut9tstuTkZOH8mUIJ5MDGdyXwFZ8vHgBWqeV7jB9JJJKYmBhm6NsvynJzc8+dO1dbWyuVSkdHR7Ozs4Xjnz59+unTp66urrGxMaPRuGfPnnv37vlx/T/P6XQGBwe3tLQwf9aDg/+55+lWQ8+9X758WWBliUTy+zkAADBE6TFOp3NkZIR+QzowMLB161bPmMXFxZcvX964cYNzyOfbt29jY2PXr1+nh1NTU97kk5qampqaShDEoUOH9Hq9QI/xbX2FQjE3Nzc7O0u/Nx8dHV12SmRkZHBwMEVRcXFxBEH09fVxxhAEwa4kfTwmJmb9+vU2m23Hjh3seM4auu29vLycM9WwsDCFQtHe3u7lf27y5eDGmyvhd+IBIMD5/t4zPDzc6XQODg5yDo1Go9Vq7e7uLi0t1ev1zKz5+Xn6gdlsjo6OZm4WuQ35REREKBSKBw8e2O32wcHB0tJS4fje3t6DBw++fft2enp6ZGSkpqYmJSXFX+szWyZJUqvVGo3GiYmJwcFB5htsARKJRK/XFxUVURRFV4l5iimRRCLJzs5mV5KJMRgMFy5c6O7uHh8fr6qqKisrIzxqyLl3gVSLiooKCgo6OzutVuvFixc/fPggvAXOHNj50/iuBD7/Nh4AApnvPSY0NPTatWspKSl1dXXs4fPnz2UymVar3blzZ3p6enJycnFxMT2Foqjw8HD6sc//evns2bPHjx9HR0dnZGTEx8cLB2s0Gp1Od/78efoLCafT+fDhQ3+tz65AQ0PD8PCwRqPJzc09ceKENxupqalZWFhISkrS6/UnT56kD7JLRMfMzMwkJiYePXrUYDAwx+/cuaPT6bKzszUazbt37+in3GrIt3e+VIuLizMzM7OysjQazejo6LZt24Tz58zBLX++K4HPv40HgAAXtLS05N8VKYpKSkqanZ0VDktISKivr9+1axfn8G/T39+fkZExMTHxO4sEWg29vBJ8jgeAwPdHv/Nn6+/vFxj+bdra2pb9TLasv7yGABCAVqzHQFlZmVKpzMnJGR4eLikpWfb3DgAAqw5+b7piMjMz79+/HxsbazAYLl26lJ+fv9IZAQD4mf+/jwEAAKDhcwwAAIgFPQYAAMSCHgMAAGJBjwEAALGgxwAAgFjQYwAAQCzoMQAAIBb0GAAAEAt6DAAAiAU9BgAAxPI/D+iKG+g1NkoAAAAASUVORK5CYII=) --- HTTP POST data: ![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAAAjCAIAAADNIk3yAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAHW0lEQVR4nO3cb0gTfxwH8Fm3ObYTdG3TmOGs2CNZEhZBBTHCJEQGlSUMs5CyqDGGBdWT5YMZtAp6vKBA6EmI7FFBRIyI/jNNzIbKHGst2MaEs6bN7vfg4Dh2d9s5PZ3+3q9Hu+99v3efz/XlPtv3K1XQNK0AAACQwZb1DgAAADYt1BgAAJALagwAAMgFNQYAAOSCGgMAAHJBjQEAALmUV41pbGwcHR1d7yhALqOjo5cuXSrQ4e/fv11dXb9+/ZJyNcwWgPJXRjXm69ev//7927Nnz3oHAnLp6ekxm80FOiiVSpVK1d/fX/RSmC0AG8Jq1pjZ2dmqqqqShwcCgY6OjrWJYW5ubnBwUMp1Zmdna2pqVhjVsqxWCuWAG2QqlRobG3O5XOzZhYWFrq6uvGRdLtfLly+LXrmsZgsAiCmj3zGr8tZoaGhIJpNFu2UyGa/Xu8J7yWQTpMDiBklRlEajqaysZA4XFhba2tpyuVzeEJ1OR1FU0StjtgBsCKtZYwiCsFgspY39+fNnOBw+cuTIysNg32IrweaykqRKtioplLlEInH06FGfz1fC2HKbLQAgpniN+fHjx7Fjx7Ra7a5dux48eFBg4chkMn3+/Jn5/OLFi6JX5vYJBAKtra1KpVKhUHz8+PHw4cNVVVUmk+nEiRPfvn1j+iwtLd24caO2tlar1Z46dSqVSjFrHYODgwaDYfv27Y8ePeKufjCf7969W1tbW1NTc/bs2T9//igUirm5ObPZTFFURUXFkydPBENlczGZTO/fv5eYFLeDYBYypSAYm9hY/h0VCsX8/PzFixcNBsOOHTtu3769tLTE9rx3715jY6NWqz19+nQqlbp27ZrBYNi2bdu5c+fm5+eXFSRXQ0PDrVu3Cj9PsWe7jrNF8FEDgCi6GLvdfvLkyWg0OjU1ZbVaq6urmXY9D3dUXV2dzWb79OmT4DU/fPhgs9nq6urYluPHjw8NDTGfjUaj3+9Pp9MzMzP379+fmZlh2r1eb0tLy9jYWCwWczqdwWAwEokoFIru7u5EIvH8+fPJyclIJEKSJNOfOcsG39TU5PF4mFOTk5MkSWaz2VwuVzhUiUnxMxLMQqYUBGMTG8u/I03T58+fb29vj0aj4+Pje/fuffjwIdvT4XDEYrFwOHzo0CG9Xt/T0xOPx5mfEU6nU3qQ3Ly4QeY18lvKarYUngYAkKdIjcnlcmq1OhqNMofDw8NsjYnxcAdSFOX1enU6XWdnZzgcZtvD4XBnZ6dOp/N6vRRFsZ1Jkkyn0zRNp9NpgiCy2Sw/GKPR+OXLF24L815gBrIteW8NbvAtLS38bmKh8gn2FMxILAuZUhCMTWws/465XI4kSfbtHAgEDhw4wPbMZDJM+5s3b7Zs2fL792/m8O3bt7t375YeZAk1pgxni+CjBgAxRWpMPB5Xq9Xs4cTEBFtjpEin03a7nSAItoUgCLvdzr62GMPDwzabjT08c+ZMc3Oz2+32+XyvX79mGjOZDEEQzBdJVuE3VCQSyQveaDSKDeSHKjEpwYwEs5A7hbzYxMbyB8bjcZVKxR6Gw2HmR0Nez0gkwv3XZw8lBllCjSnb2UIvZ8IA/J+Vvudv4MnrMD09feXKlWAwODAwwDYODAwEg8HLly9PT0+zjXl/I/T06VO/32+1WhcXF91u99WrV9lTW7duLTngAgRDldhTMCOFeBYypSAY20ZXnrNFsRkfNYBcCpegvLWykZERiWtlfX19JEm63e5kMpl3zWQy6XK5SJLs6+tjbqHX69mFmjyhUKi+vp75bDQaQ6EQ92zRb6YKzurHyMiI4OpHgVDziPXMy6hAFjKlIBib2Fj+HQuslUn8HSMlyNL2Y8ptttDLmTAAIHXPPxaLjY+PNzc3S1wrczgckUikQIdIJOJwOGiaDgaDTU1NbPvExERbW9urV6+SyWQ0Gu3t7W1vb2dOeb3e/fv3M7u4zLdIKW8NbvDsLi5FUQRBMIvpRUOVmBSbUYEsZEpBMDaxsYLv+t7e3o6ODv6ev/QaUzTIaDTKXYziJ8uYmpriz7HymS2CjxoAxBSvMbFYrLW1VaPR7Ny50+fzLWs/Ror+/v6bN2+yh4uLix6Px2KxqFQqo9HocDgSiQRzKpfLXb9+Xa/Xq9Vqu92eTCaLvjVIkrxz547RaKyuru7u7mb3q2ma9ng8Go3m8ePHq5tO4SzWMgWxsYI1hqKoCxcu6PX6+vp6j8fD7GRIrzFSgsxms2q1Om+TnB/Ms2fPrFar2IPdlLMFYBMrXmO48t4yq8Jisbx79251r8kQfJluLCtJYc3Sl34jp9PJ3a7ny2azZrPZ7/eLdcBsAdhYiLXd/RHw/fv39Q4B1ojP5wuFQgU6VFZWDg0NHTx4UKwDZgvAxlJG/18ZbHpKpXLfvn2F+xQoMACw4aDGAACAXCpoml7vGAAAYHPC7xgAAJALagwAAMgFNQYAAOSCGgMAAHJBjQEAALmgxgAAgFxQYwAAQC6oMQAAIBfUGAAAkAtqDAAAyOU/w0mT1hVMMR0AAAAASUVORK5CYII=) --- **Screenshot:** ![hanshartung.de vulnerability](/twimages/screen-1161348.jpg) **Mirror:** [Click here to view the mirror](<http://1161348.openbounty.org/mirror/>) ### Coordinated Disclosure Timeline Vulnerability Reported:| 14 May, 2020 13:20 GMT ---|--- Vulnerability Verified:| 14 May, 2020 13:33 GMT Website Operator Notified:| 14 May, 2020 13:33 GMT a. Using the ISO 29147 guidelines| ![](/images/done.png) ---|--- b. Using publicly available security contacts| ![](/images/done.png) c. Using Open Bug Bounty notification framework| ![](/images/done.png) d. Using security contacts provided by the researcher| ![](/images/done.png) Public Report Published [without any technical details]:| 14 May, 2020 13:33 GMT