Open Bug Bounty ID: OBB-1162388
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:
      a. verified the vulnerability and confirmed its existence;
      b. notified the website operator about its existence.
Affected Website: |
kimjoyfox.com |
Open Bug Bounty Program: |
Create your bounty program now. It’s open and free. |
Vulnerable Application: |
Custom Code |
Vulnerability Type: |
XSS (Cross Site Scripting) / CWE-79 |
CVSSv3 Score: |
6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N] |
Disclosure Standard: |
Coordinated Disclosure based on ISO 29147 guidelines |
Discovered and Reported by: |
Teamhash |
Remediation Guide: |
OWASP XSS Prevention Cheat Sheet |
Export Vulnerability Data: |
Bugzilla Vulnerability Data |
JIRA Vulnerability Data [ Configuration ] |
|
Mantis Vulnerability Data |
|
Splunk Vulnerability Data |
|
XML Vulnerability Data [ XSD ] |
|
Vulnerable URL:
![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAAAjCAIAAADNIk3yAAAACXBIWXMAAA7EAAAOxAGVKw4bAAALy0lEQVR4nO2cW0wT2RvAx1K1wjTLpa0I3Qho0AeixhhCTDWEh90NS0iDiAQr4iVKCCFKvC0m2EVT0RWS3UUfzGp0s4k8GGKID2qMGiReUStirRVrrQ00ESqYql0snv/DbE7mP3NmnKkdivL9nnrOnPOd73JmvjnnDExDCFEAAAAAoACqWCsAAAAAfLNAjgEAAACUAnIMAAAAoBSQYwAAAAClgBwDAAAAKAXkGAAAAEApJkWOyczMfPjwoVAREOIrctT4+PihQ4eePXsWk9EVdVRsTZsKED0Mbv9aiH2OefTo0adPnxYvXkwsAkJ8XY6Ki4v79OnTjh07Jn5opR0VQ9OmCEQPg9u/Fj6TY16+fKnVaomXRkdHDx48KFSUTmdnZ3FxMacoNK6IPkJE0IVh+/bts2bNOn36dAR9JwDstzdv3mzYsEGv16enp+/evfvjx4/ShWDnvHz5MikpSSldKYqiqF27dvl8vtu3b0tUKVpwJpgSSDRt6sDcO62trdEKJdHDiro96vNw6oJE8Xg8NE1LuSTSUpzc3NxLly5xiiLSQqGQ3CEi6DI0NKRSqex2ezgcltt3YsB+Ky4urqio8Pl8TqfTZDLt2bNHuhDsZ4/Hk5iYqJSuMokgXiJwJhigNOx7J7qhnEgifqABHGK8VzY4OOhyufLz84lFIjNnzpQ7SgRdgsFgfHz84sWL4+Li5PadALCjPnz4cP/+/ePHj6enpy9YsKC1tfXs2bPS5ajV6uzsbPaPyUAE8RJCyowCogv73oliKIGvFEk55vfff8/MzExJSVm3bt3o6ChFUaOjoxkZGcFgcNq0aadPn2YXmQXyb7/9Nnv27KSkpPXr13/48EFIcmdn5w8//DB9+nRikeHx48cpKSnXr1+n/n9vR6vVtrS0ZGZmJiQkrFmzZnh4eOfOnXq9PiUlZcOGDe/evWO6s9e8796927p1q16v//7773/99dfx8XGKoo4ePfrjjz/i4fbu3VteXs62TqjjixcvEhISHjx4QFHU8PBwUlLS1atX2ZqPj4//8ssvs2fPTkhIWL169fDwsJAa0s3hOGrWrFmvXr1KSEhg6vv7+9PS0iiKunv37ooVK7RabXp6+qpVq548eUL0f3p6+r1795gf7D2HixcvCoVMYgO5YIERhHhwcPDnn3/WarWZmZktLS3sTT/OjOK7hRnl4MGDer1+zpw5J06coIQDFxni4U5KSlq7di1zWzH8+++/mzZt0mq1c+fO3bdvH27PVpKoNnGWElsKQTRcRCzfhOHhYc6jgB1WvgnS57xEoj4zFZI5hRBf5ng8HoqiqqqqBgYG+vv7CwoKqqurmUtOp5Om6VAoxOwm4aLb7aYoqrS01Ov19vf35+TkWK1WIfmFhYX//PMPv4gXqiMjI9nZ2cePH8f64L0diqIsFovP53O5XCaTSafTMXoy7611dXWcLgihjRs3FhUVeb3evr6+pUuX/vHHHwghn8+n0Wjevn3LtMnJyTl37hzHOmJHhNCBAwdWrlyJEKqpqamoqOBYZ7PZli1b1tvb6/P56urqurq6hNSQbg7RbzgiaWlpd+7cQQgZDIa//vorEAi43e7W1la3240Q0vEQiktqampBQUFPTw//0p07dwoKClJTU4X6yoUjMIIQl5SUmM1mv9/f39+/aNEi9qYfx1F8tzCjVFZW+v3+CxcuOJ1OJBA46d7jIBTuyspKxhaTyVRTU4PbNzQ0lJeXu91uh8ORn5/f1tbGV5KoNnGWElsK2UI0XFws3wT2owDfekImSJ/zEhGZurJgPzeiJXNqIinH4OfvjRs3srKy8CXieQzTxev1MvUdHR3Lli1jfnu93oyMDNwlGAzSNB0IBPhFLK2wsJB9+3FGGRkZYeq7u7tVKtX79++xnvPnz+d0CYfDNE0zT1uEUGdnZ15eHvM7Ly/v7NmzuHEoFGJbJ9JxbGxs4cKFVqtVp9P5/X6O9wwGw/379zmVRGnSzeH7jcHn82VlZbW3tyOEAoGAWq3mb4X7eCABgsGgzWZLTk4uKytzuVxMpcvlKisrS05OttlswWBQqK90iALlhjgcDms0GuzPjo4OnGM4jiK6hRmF40xi4KR7j41IuPFt1d3djW8rhJBOp8PesNvtubm5fCX5NUKzlGigkC18w8XFEk1gR5CTY/gmSJzz0iFO3QhgKx8tmVMTeWf+7JNhkRyj0WhwvcPhMBgMzO9wODwwMIAvdXR0FBQUEIuMtIaGBpVKdfLkSeIoQooJ6TkwMDBjxgzcxuVy4Xfn5ubmqqoqhFBbW1tZWRlHvkhHhNDly5cpisIrG8zIyIhareZ/MkCUJt0cvt8Y8vLy2DqUl5cvWbKkvr7+yJEj165dQxERCATMZrNarWaKarXabDbjhwID8b1e4ss+UaDcEHP86XA4cDO+o/hu4R/tCgUuMuSGOxAIUBSFvZecnGwwGPhK8muEZqn0s2ui4RLFEu84To4RN0F8zsuFM3XZ8CcncbryFRaRCYigjurG22eIi4ubM2cOLhK/WsbF9+/fd3R0tLe319bWlpSUfPfdd8opVlJSYjKZKIo6f/58VVWVrL5+v1+lUvn9fuJVJT4Z4H+MOzg42Nvbe/PmTVxz5syZe/fu9fX1DQwM1NfXL1++/M8//9Tr9RxRr1+/Fhrl+fPnjY2NXV1dTU1NTE1TU9ORI0dqamqamprmzZvHVNrtdn5fYiUfosAowncU3y1Cf2DBD5ws70VMKBRSqVQ9PT1q9X/3pkqlGhsbi+4oIrZMzo9cZMGfumz4k1PKdBWXCYghnoIiW8dQrL2yc+fO4b0yNuFwWKfT4TU4p+jxeNRqtcPhQAgVFRXV1tbyR5G7jhHZ8kII5eTkXL58OTExkVn+S9wrGxkZSU1NbW9vT05OZrRlYzAY7HY733Di5olEcziOwpWcGjZ2u91oNCI5uz3V1dU0TdfX1w8NDbHrh4aGtm3bRtM0Ppb7QvgC5YaY2SvzeDxMPd4rIzqKDeMW4ms+MXDR3SsTMY2mac6GlZR1jMimFt9Akb0yjuESxU6edYzQ1P0SlJA5dYg8xwSDQbVajXcncZHJMaWlpT6fr6+vb8mSJewzf7wb3tXVlZOTg+s5Rfa4TqdTo9H09vaiL8sxCKHNmzcXFxfzj+4RQo2NjYsWLSoqKiIaLtSxpqaG2Vs7cOBAfn4+x0abzZabm8ucoNbW1uIzf7406eZwHMV3LELI4XD89NNPV65cGRoa8nq9mzdvxnZJxGKx4Kc2H4/HY7FYZAkUhy0wghCXlpaazWaPx9PX14fP/PmOIrqF+AgWClxkyA13dXV1Xl4es9g6fPhwU1OTlBxDHEiopRBEw6WInTw5RnzqygLfU1GUOQWJPMcghKxWa3x8/KlTp9jFlpYWmqabm5sNBkNiYmJlZSU+x2NL27FjR0NDAxbFKXLGraurYz7f+sIcEwwGt2zZotPpjEaj1Wplbz0z62VsC0c+sWNPTw9N08yKLRQKZWRk/P3335wF0K5du3Q6nUajMZvN+CWIL026ORxHEduPjY1Zrdbs7OwZM2YYDAaLxcL/HmHSEkGI/X5/UVERTdMZGRnNzc1MPd9RRLcQH8FCgYsMueEOhULbtm0zGo3x8fGFhYXMx29ScgxxlsrKMUTDpYidPDkmWsjyGyDCZ3JMBEiMTXZ29q1bt4SKE69PMBjUaDScz28mIco56tvA6XQy35iAowBgMjChZ/5snj59KlKceC5dumQymZT+n11fTswdNcmx2+1ZWVkUOAoAJgcxyzETw8ePH2/cuGE0GsWbjY6OtrW1lZeXT4xWQHTZv39/WlpacXGx2+1uaGhobGyMtUYAAPxH7P+3v6Js2bKltrbWZrOJN8NHRxOjFRBd8vPzjx07ZjQaLRZLXV3d+vXrY60RAAD/MQ0hFGsdAAAAgG+Tb3wdAwAAAMQQyDEAAACAUkCOAQAAAJQCcgwAAACgFJBjAAAAAKWAHAMAAAAoBeQYAAAAQCkgxwAAAABKATkGAAAAUArIMQAAAIBS/A+QSpANyAvSuAAAAABJRU5ErkJggg==)
Screenshot: ![kimjoyfox.com vulnerability](/twimages/screen-1162388.jpg)
Mirror: Click here to view the mirror
Coordinated Disclosure Timeline
Vulnerability Reported: |
16 May, 2020 07:34 GMT |
Vulnerability Verified: |
16 May, 2020 07:47 GMT |
Website Operator Notified: |
16 May, 2020 07:47 GMT |
a. Using the ISO 29147 guidelines |
![](/images/done.png) |
— |
— |
b. Using publicly available security contacts |
![](/images/done.png) |
c. Using Open Bug Bounty notification framework |
![](/images/done.png) |
d. Using security contacts provided by the researcher |
![](/images/done.png) |
Public Report Published |
|
[without any technical details]: |
16 May, 2020 07:47 GMT |
Vulnerability Fixed: |
13 June, 2020 14:51 GMT |
— |
— |