logo
DATABASE RESOURCES PRICING ABOUT US

mbs.adventistas.org Cross Site Scripting vulnerability

Description

Open Bug Bounty ID: OBB-1163420 Following coordinated and responsible vulnerability disclosure guidelines of the **[ISO 29147](<https://www.iso.org/standard/45170.html>)** standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence. Affected Website:| **[mbs.adventistas.org](<http://mbs.adventistas.org>) ** ---|--- Open Bug Bounty Program:| **Create your bounty program now**. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| **[XSS (Cross Site Scripting)](<https://www.owasp.org/index.php/Cross-site_Scripting_\(XSS\)>)** / CWE-79 CVSSv3 Score:| 6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N] Disclosure Standard:| Coordinated Disclosure based on **[ISO 29147](<https://www.iso.org/standard/45170.html>)** guidelines Discovered and Reported by:| **g0bl1nsec ** Remediation Guide:| **[OWASP XSS Prevention Cheat Sheet](<https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.md>)** Export Vulnerability Data:| Bugzilla Vulnerability Data JIRA Vulnerability Data [ Configuration ] Mantis Vulnerability Data Splunk Vulnerability Data XML Vulnerability Data [ XSD ] Vulnerable URL: ![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAAA3CAIAAABVZQ1/AAAACXBIWXMAAA7EAAAOxAGVKw4bAAAPa0lEQVR4nO2dfUxb1RvH71hhHb3dRikdAyYvEjCEYDMRWURDGJlzEtJMxphW6JRMWBxpcKJFo4gZmwhM50KMYcvmFjWGLIQYo4ZMrYQ4QNKxyrB2TSlvVaEDvNsKK97fHzee381966Wl0G3P56+e03PP+T7Pc26fe8+9HNaQJIkBAAAAQAAIWW0BAAAAwD0L5BgAAAAgUECOAQAAAAIF5BgAAAAgUECOAQAAAAIF5BgAAAAgUARFjklMTLxy5QpfEQgegiE0waAheGQAYrhy5UplZSXft3fu3Nm/f/+ff/65kpLuH1Y/x1y9evXff/99+OGHOYtA8BAMoQkGDcEjAxCJTqdLSEjg+zY0NDQsLOzIkSMrqOg+wkuOGRkZkcvlnF/Nzs4eO3aMryiezs7OwsJCvqLP8paFkZGRiIiIZewQeUmMcp9dGiCo0ATa52I0YBh248aNAwcOREVFxcbGvv7663fu3FlSP35asaRZ6qcGr9MA9bPs09Ury2WCn/0Ljzg9PT04OKjX69G38/Pz+/fvp/es1+u7urp8GAjwiu/3MTMzMw0NDXxF8fiTY+46kJfi4+OnpqZENg4SgiE0SINOp1tYWDCZTJcuXerp6Xn77bdXRYY/iJkDWPBNAzpBawJ9RIIgwsPD161bRxXn5+d37drl8Xjo7RUKBUEQK6nw/mGV18omJyctFktubi5n8d4GTfq7gmAIDdJw+/btgYGBTz/9NDY2NjU1taWlpb29fUldSSSSlJQUP2X4djidZZkDyBZ/jPKZu2saYxjmdDrz8/ObmppWW8j9gqgc89FHHyUmJkZGRr7wwguzs7MYhs3OziYkJBAEsWbNmnPnztGLLS0tcrn8gw8+2Lx5c0RERFlZ2e3bt/l67uzs3LlzZ2hoKKNI3SM3NzcnJibKZLJ9+/ZNT0+/9tprUVFRkZGRBw4cuHnzJurk/fffZ4/V19f3xBNPyOXy2NjYZ5999tq1a4yh+/r6tm/fvn79+qioqL17946Pj1P14+PjTz31lFwuT01N/fzzz6nKffv2HT16FB27ffv2c+fOYRg2Pz//0ksvyeXy+Pj4d955Z3Fxka48IiLi+eefpzzGcBrlJboYhlqGhwUEe7X05s2bL7/8clRU1NatW999993FxUXsv1WIY8eORUVFbdmy5fTp0xiGTU5OPvPMM3K5PDExsbm5mb7wwogU2+eMZQ36ug2nwsXFRYPBsHnzZplMtnfv3unpaeG40DWsX79+dHRUJpNR9VarNSYmBsVOJpM9+OCDJ06cEFg4io2N/fXXX1Hxu+++42vJbkB3BZ/z2daxHU73GPWZfdawpwFbKrIlNjb28uXLPlgkMkCBMwETjDuCfbphXDOZPSKd+Pj4N998U9g5wHJCCmK32zEM0+l0ExMTVqs1Ly+voqKC+mp4eBjHcbfb7fF46EWbzYZhWFFRkcPhsFqt6enpdXV1fP3v3r37woUL7CI1rlarHRsbs1gsOTk5SqWSkkFdQlZVVaFmnGOpVKq2tjaXy2Wz2VpaWmw2G2PoTz755MyZMzMzM06nU6/XazQaql6j0dA73LRpE0mS7e3tmZmZVIOJiQmpVDozM0OSZG1tbUlJic1mGxoays3NPXXqFCWptLSUkpqTk3Po0CE0KN1LOI6jek61DA/zCfZq6YsvvlhQUOBwOMxm87Zt206ePIlcV1pa6nQ6v/322+HhYZIk9+zZo9FonE6n1WrNyMigbOcMDdvndrudbpHdbkeHcypsaGjIzMwcHBwcGxurqqoyGo3CcWHPFuTSmJiY3t5eRuzo+pUsGJ1ER0fn5eX19/eTLHp7e/Py8qKjozll8DmfbR3b4XSPCcxkxjQQkOqzRSIDFFATOOPOmFTs043kmcn0ERmdILWM6cpuAywLonLM3NwcVezp6UlKSkJfcQaJOsThcFD1Fy9eRL/ODocjISEBHUIQBI7jLpeLXaQ6oX7HSZLs7u4OCQm5desWkpGcnCwwlsvlkkgkbrdbpBesVit1ynk8HqlUSu+Q+p26devWhg0bqPrW1tbCwkKqgVKpJAiC+mwymbKyshge6+7uRh5jeAl5j0+twLxHgr1a6vF4cBxHv32dnZ3Z2dnkf65Dzke2o5bIdpIrNGyf8+UYPoUqlWpgYIBPNsNMkjVbKMbGxpKSkr788kuSP3ZUMwaMgQiCaGhoUCgUxcXFFouFqrRYLMXFxQqFoqGhAUWZLkPA+Wzr2A5n/0BznjUMx3JKZSPeIvEBWjETUNwZB7JPN05VbGGQY1YR7zmG7+JUIMdIpVJUPzQ0pFKpqM8ej2diYgJ9dfHixby8PM6iwLj0osBYJSUlarW6urq6qanpxx9/ZJs2MDCQn58fExOjVCoVCgXVIXWPQu8QjVtSUkLdAeTn51OXsS6XC8MwdGmsUChUKpVX5ewcw6eW0YZTsFdLJyYmwsLCUNFisXCeveyWdNsZoeH0uYDhbIUzMzMSiYS6qmXAZyZjtlBkZ2dTQSEFYycSl8ul0WgkEglVlEgkGo0GXehwyuB0Pqd1bIczfgf5ZjLnzx9Dqj8WcVqx8iZwxp1xKcY+3fg6hxwTPKzoM/+1a9du2bIFFQP6RtkXX3zR1taWkZGxsLBQXV19+PBhRgONRvPkk08ajUaTyfTNN9947bC4uLijo+PGjRu9vb2UTrfbHRIS0t/fbzKZTCbT4OCgyWQKkFoBwWKO9RM/Q8OncO3atezGfGayNUxOTg4ODoqxN4oFu83169dfeeUVo9FYX19P1dTX1xuNxkOHDl2/fp1PhoDzOa1bFthSRTbjtAhbYoACZILX83EZTzdgRRFOQb7dx2C0W+aOjg50y0zH4/EolUq0MsMoir+PETOWyWSKi4uj1/z111/0a0CTyUR1yFhv6ejoQOO63W6FQvHhhx/u2bMHHYjjOHs9wYf7GE619DZ8gr1aKrBWxhBA2W6326kiWmtih4bT53NzcyEhIfRFQmGFKpXKZDIxvhWIC10DEkyvEYid17WyiooKHMerq6unpqbo9VNTU3q9Hsdx6jEkpwy2aZzWeb0J4JvJjAP5pPpmkYAVK2kCX9wZB7JPN05VbGFwH7OK+J5jCIKQSCRoORUV0aO/sbExs9msVqvpz/zRsq/RaExPT0f1jOKScgx7rKGhoV27dl26dGlqasrhcJSXlxcUFNBHJ0lSpVK1trbOzMxYLBaNRoP6p54bow7p4z733HMbNmz46quvUE1FRUV2drbZbJ6YmGhsbKyvrxdWTvcSasanluFhTsFiLC0vLy8sLGQ/82efVEVFRRqNxm63m81m9MycHRq++GZlZZWXlzudTuplB2GFDQ0NWVlZ1CNl6pJWwEyGBgTjKYJA7ITRarUoubKx2+1arZYtg880TuvE/EBzepUxDYSlLtUiAStW2ATOuM/NzUkkkuHhYWrVjn26kTwzmT6iw+GgL+KxlZMkabVal7qyCojE9xxDkmRdXV14ePjZs2fpxebmZhzHjx8/rlKpNm3aVFpaip7V03s7cuRIbW0t6opRFJ9jcBxvbGxkjLWwsFBXV5eSkhIWFqZSqbRardPpZPRpNBozMzOlUml0dHR1dTX9mnfnzp04jqekpDQ1NdHH7ejowHEcmUOSpNvt1uv1cXFx4eHhu3fvttlswsoZXqJqONWyPcwpWIylBEEcPHhQqVTGxcXV1dVRpyvnmel0OgsKCnAcT0hIOH78ODUEZ2jYPidJknrzEMfxtLS0kydPCigkSdLj8dTU1CiVSqlUqtFo0CUtp5kMDXy+pWIXHh6elJTEiN2ywJAhEDi2dV5/oPnOGpJ1oi0v4gMUUBP4zsc33ngDHcg+3UiemUwf0e12S6VSxssFjKPa29szMjKW6DlAFF5yjA+IvOtMSUn55Zdf+IrAqjM8PEw9Uw2G0PiggZ2BVkWGSO6BtZpgNqGqqor9wgjC7XYnJCS0tbWtpKT7B8nKPv35P7///rtAEVh1TCZTUlISFhyhCQYNWNDIAJZKU1OTwAsC69atu3DhwuOPP76Sku4f/H2vDHY4v5d47733Tp8+/ffff1++fLm2traiomK1FQHAMhAaGvroo48KNIAEEzj8yjGww/k9Rm5ubmtra1xcnFarraqqKisrW21FAADc3awhSdLng48ePep0Oj/++GN/FIyMjKSnp//zzz8CbWZnZ1tbWw0Ggz8DAQAAACuMX/cxK7bDeTBvbw4AAADw4XuOCbYdzgEAAIBgY2k5Zkk7nHNu3i6wPbife4MDAAAAwYbYHNPX17djxw6dTodq6AtlBQUFOp3O4XB0d3fn5ORIpVIMwxobG7u6urq6uiwWS0xMzNDQENWYIIjh4WGz2Xz27NmcnBz6KARB9Pb29vf39/f3DwwMNDY2Yhi2ceNGtFO3VqvFMEyn0+3YsYP+/z8AAACAYMTrX9D4vMM55+btAtuDL+Pe4AAAAEAw4P0+Ji0tbWFhwWazGQwG9J8Hv//++6ysLOr/DEZERBQVFWVnZ7/66qvNzc0//fQThmGzs7MulysjI4PdIY7jfP+gUCqVbt26lfr80EMPORwOzmYymcxgMFit1oWFhbS0NK8mAAAAAKuC9xzjzw7nq769OQAAALCKeM8xBoPBYrGoVCq1Wl1ZWYlh2OLi4tdff814a/mRRx4pKyszGAxnzpzp6OjYuHGjQqFY6hYAbrd7dHSU+myxWB544AHOZpWVlWq1Ojo62mKxwB/NAAAABC2invlHRkaeOHHCbDYTBIFhWE9PT3R0dGJiIvXttWvXnn766R9++GF6enp0dPTUqVNqtRrDML1ef/DgwatXr46Pjx8+fPjnn38WM1Z1dfX4+Phvv/1WV1dXUFBAVSqVSrfb/ccff1BFgiDMZnNzc3NkZORSDQYAAABWjCW8uxwfH3/+/HmMtVCWnJycnZ1dUVERExOTmZnpdrvb2towDKupqcnNzc3Ly0tOTh4bGxPz4ATH8czMzG3btuXk5GRkZNTU1FD1MpnsrbfeUqvV1LvL58+fj4+PX5KdAAAAwMrjy14yqampn3322WOPPba8UsRsKgMAAADcRfiytz/scA4AAACIwd+9/QEAAACAD8gxAAAAQKDwa29/AAAAABAA7mMAAACAQAE5BgAAAAgUkGMAAACAQAE5BgAAAAgUkGMAAACAQAE5BgAAAAgUkGMAAACAQAE5BgAAAAgUkGMAAACAQAE5BgAAAAgUkGMAAACAQAE5BgAAAAgUkGMAAACAQAE5BgAAAAgUkGMAAACAQPE/ZdF39LKaYGAAAAAASUVORK5CYII=) --- **Screenshot:** ![mbs.adventistas.org vulnerability](/twimages/screen-1163420.jpg) **Mirror:** [Click here to view the mirror](<http://1163420.openbounty.org/mirror/>) ### Coordinated Disclosure Timeline Vulnerability Reported:| 17 May, 2020 11:31 GMT ---|--- Vulnerability Verified:| 17 May, 2020 11:43 GMT Website Operator Notified:| 17 May, 2020 11:43 GMT a. Using the ISO 29147 guidelines| ![](/images/done.png) ---|--- b. Using publicly available security contacts| ![](/images/done.png) c. Using Open Bug Bounty notification framework| ![](/images/done.png) d. Using security contacts provided by the researcher| ![](/images/done.png) Public Report Published [without any technical details]:| 17 May, 2020 11:43 GMT