logo
DATABASE RESOURCES PRICING ABOUT US

live-sudoku.com Cross Site Scripting vulnerability

Description

Open Bug Bounty ID: OBB-1163964 Following coordinated and responsible vulnerability disclosure guidelines of the **[ISO 29147](<https://www.iso.org/standard/45170.html>)** standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence. Affected Website:| **[live-sudoku.com](<http://www.live-sudoku.com>) ** ---|--- Open Bug Bounty Program:| **Create your bounty program now**. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| **[XSS (Cross Site Scripting)](<https://www.owasp.org/index.php/Cross-site_Scripting_\(XSS\)>)** / CWE-79 CVSSv3 Score:| 6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N] Disclosure Standard:| Coordinated Disclosure based on **[ISO 29147](<https://www.iso.org/standard/45170.html>)** guidelines Discovered and Reported by:| **g0bl1nsec ** Remediation Guide:| **[OWASP XSS Prevention Cheat Sheet](<https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.md>)** Export Vulnerability Data:| Bugzilla Vulnerability Data JIRA Vulnerability Data [ Configuration ] Mantis Vulnerability Data Splunk Vulnerability Data XML Vulnerability Data [ XSD ] Vulnerable URL: ![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAAA3CAIAAABVZQ1/AAAACXBIWXMAAA7EAAAOxAGVKw4bAAAP8klEQVR4nO2df0xTVxvHr6VAhQvIr4qAKzgGhBjWMNaxDReDxjHSkMoYImMTI1EkyJoOmGXGMbKhUXCOGLIszMg0m1kWQogxbGFsq6TbEEmpFbFDBqUUtgEDVrHU4n3/uO97c3Nv7+1tafnh+3z+uufHPed8z3PufXpO4ekGDMMQAAAAAPAAvNUeAAAAAPDEAj4GAAAA8BTgYwAAAABPAT4GAAAA8BTgYwAAAABPAT4GAAAA8BRrwsfExsb29/czJYH1BZhvHQHGAjzN6vuY27dvP378+Nlnn7WbBNYXYL51BBgLWAEc+JjR0dGAgAC7RXNzc6dOnWJKcqe9vT07O5sp6WkoAln0riSjo6PBwcEspWthkHZZvvnYtSOrJJ/c6XIG8M8//xw8eDA8PDwqKuq999579OgRS2ueXgZuMRaXMTh8ORDtOLS+J+CiwuX3G+D6PmZ2drauro4pyZ3V9TEURCLR1NTUavX+BLC65lsZlrNIioqKrFarRqPp6upSq9UnT55cxSW3fGNxHLzLL4eVgYuKNS5hLbPKZ2UTExN6vX7nzp12k6uCr6/vKva+rlkL5lsZXFskDx8+7Ovr+/zzz6OiohISEs6dO/ftt9+63Bqfz4+Pj3fhRhx3GcstzwuhZZmiXAaees/Bycd8+umnsbGxoaGhb7311tzcHIIgc3NzMTExZrN5w4YNLS0t5OS5c+cCAgLOnj27efPm4ODgAwcOPHz4kKnl9vb2PXv2eHt7U5J79+49e/Ysntnf3+/r64v3iyDIkSNHnnnmGZbSyspK9tsrKyuZxkPsmvft2/fxxx8T+S+++GJLSwuCIIuLi4cOHQoICBCJRB988MHS0hJTUzdv3tyxY0dAQEBUVNTrr79+9+5d+rkc+VhgfHz81VdfDQgISEhI+Oqrr4j8Bw8eHDlyJDw8fOvWrR9++CGlxzt37oSGht64cQOxd+5n99hhaWlJqVRu3rzZ39//jTfemJ6eZuoIb7ChoSE2Ntbf33/fvn3T09OVlZXh4eGhoaEHDx588OABuWWyNZ2S75p21+SzNE7WGxwc/OabbxLLhgz5YIelPn2pbNy4cWxszN/fH68wNDQUGRlJGTbTVNCJioq6desWkfzuu+9YKtMrsBsLsbdO8KGeOnUqPDx8y5YtX3zxBf0Ikf7gU94VdodKaImKivrtt984KiLX4SiBGKddFcuRADDh2MeYzWaNRqNWq3t6ekwm0/HjxxEECQoKGhwcRFHUYrEUFhaSk3v37jWbzT09Pb29vb29vX19fWfOnGFqnOmgTCqVdnZ24pnXrl17/PhxR0cHnuzs7JTJZCylWVlZ7LdnZWU5VJ2Xl9fW1oZfT0xMaDQamUyGIEhtbe3CwoJWq+3o6FCpVJ999hlTC1KptKioyGAwdHd3p6enCwQC9h7LysoCAwMHBgauX79OfrmUl5ebTKa+vr6Ojo729vampiaiaG5uLicn5/Tp0zt27HCoiODMmTOdnZ2dnZ16vT4yMnJgYIClI9z63d3dGo3GZDIlJiZOTU1ptdpff/11ZGSkurqa3DLZmk7Jd0G7y/LZGzebzVqtFl/tBoOBIpAOS332pXLv3r2Kior6+nqOUxFOg3JjUVHRrl27yF6H4ObNm7t27SoqKiJnOjSW3XViNpsHBwd1Ot2lS5fS09Pps0F/8CnvCvahclREF8VdArsK90oAEARBMFZGRkYQBJmfn8eTarV627ZtRBGKouSaeBK/xWAw4Pmtra2pqan4tcFgiImJIW4xm80ois7MzNCTJpPJz8/PYrFgGCaRSBQKRUFBAd54YGCgwWBgKbVarey3W61W+rApyYWFBbwjDMOampqys7PxCmFhYWazGb/WaDQSicTuvM3MzPD5fHwALH1t2rQJv7bZbAKBgDxpeJHNZkNRdHh4GM9vb29PS0sj2snKyiotLeXSPhmhUNjX10fJZOoIQZDZ2Vk8s7u7m8fjLSws4Em1Wh0XF0e0QDafU/Kd0k5uxzX5DvUSq727u9vuaqcsdbv1MdalYjQat23bdvXqVUrLTFOB30KBoshsNtfV1YWEhOTl5en1ejxTr9fn5eWFhITU1dURg8E4GAuzt05wvcQDS58WpgefYhq7Q6XDVI0uirsEdhVulwBgGObYxzA9tyw+RiAQEPkDAwNCoRC/ttlsJpOJKGptbc3IyGBKisXirq6uycnJ6Ojo2dlZoVBos9mam5tzcnIclnKpwK4Cw7D8/PzGxkYMw3bv3n3lyhUMw2ZmZhAECfsfISEhuLQwEkRT+fn5YrFYoVDU19f/9NNP7JNpMpkok4YXmUwmHx8fIl+v10dERODtVFdX83i8ixcvcjEWwezsLJ/Pt9lslHyWjpgapCQp5uMu3yntRDtOyacbyFm9TD6GqT7TUsFJS0vDlxalEaap4M7MzIxMJuPz+XiSz+fLZDLiUwKBQ2PZXScUvfRpYXrw6TfSh8pREZMojhLYVXhIwv85/JXcM3l5eW3ZsoVIsv9FWVZWVmdn5/DwsFQqDQoKEovFKpWKOOliL+VSwSF5eXkXLlwoLCzs6elpbW1FEMRisfB4vN7eXj7/v/PG4/EQBNFoNPTbv/7661u3bul0OpPJpFAoXnrppYqKCqemi4WFhYXW1tarV6+WlZXl5OQEBQU5dbuXl5e7RkJAMd+akm/XQB6FaakgCDIxMaHVan/55RenGqQfjv3999+UnPv37588eVKlUtXW1uI5tbW19fX1paWltbW1Tz/9NFHTobE++ugjxDPrhGmo3KvZFbVmJQAe2ccgpP1mW1sbsd8kY7PZwsLCiMMKShLDMLVaLZFIsrOzr1+/jmFYU1NTeXl5REQEvhNiL+VSgV0FhmEWiyUkJOT8+fPkrQ+KovTdt0M0Gk10dPT8/DyPxyMfrTCdlbW1tbGflfH5/IGBAQzDpFJpWVkZXsrSPhmhUKjRaCiZ7IdyxOQw7WPo5uMu3ynteL/Lke+aXmf3MRjzUrHZbOSJYjkrI6YC43BWVlJSgqKoQqGYmpoi509NTcnlchRFS0pKiF4cGguzt04c7mOYHnzKjUxD5ajIriiOEthVuF0CgC3nrMxsNvP5fOIskkjidsrNzTUajTqdTiwW19TUEC0QZ6YqlWr79u1EPiWJIxQKhUIhfovRaAwMDBSLxRxLHVbA8+fn5/l8/uDgIL6npugtKCgIDAz85ptviJySkpK0tDT849KZM2dqa2vtztvAwEBmZmZXV9fU1JTBYCguLpZKpRiGSSSS4uLiyclJvV6fnp5OfiXJZDLypBFFxcXF2dnZBoNBp9OlpKQ0NjaSBzk4OCgQCLRaLZ5kaZ+Y+bq6OolEotVqjUZjWVmZSqXi0hHG6mMo5nNWPnftFBtxl0/HKb3kdcLRx7AsFfI3B5RGmKbCIYWFhSMjI0ylIyMjhYWF+DVHY9HXCRcfY/fBp7wr2IfKURFZFHcJGAcf40YJALYcH4NhWE1NjZ+f36VLl8jJhoYGFEVPnz4tFAo3bdr09ttvE98Sk1urqKiorq4mmqIkcQoKCnJzc4lkamoquQ57KXsF8kiOHz9OqKDobWtrQ1GUGD+GYRaLRS6XR0dH+/n5ZWVlMX0YtFqtNTU18fHxPj4+QqGwsLBwcnISw7ChoaGMjAwURZOSkhobG8mTaTQa9+zZg6JofHx8fX092ZcfPnw4LCwsOjq6pqaG/I7DKS8vf+WVV/BrpvYpH5arqqrCwsIEAoFMJiM+iDnsiMXHUMznrHzu2uk24iLfLs7qJdYJRx/DtFTo00huhGkq3AhHY9HXiUMfw/TgY7R3hXvhLgFz5GNWS8ITzAYMw9x7+DY6Orp9+/Z///2XvVpCQsKXX375wgsv2E0C6wsw3zrCQ8bi+OCvZZ4ACWuQFf3On8y9e/dYksD6Asy3jgBjASvJ6sdddor+/v6jR4+yVHj06NH+/fv//PNPjg1CbHMAAADPsc58TFFRUUxMDEsFb29vHx8fjn8mC7HNAQAAPIr7fYxIJHLjgSY5pPb09LRWq5XL5UTp4uLi/v37KXG55XI5EUiGHbcECYbA4ACAuPvBXxWeAAlrkLW+jyGH1DabzX5+fkSE1MXFxczMTJvNRrklJCTEbDZzadwtPgYCgwMAADCx1n0MC5OTk7t376ZHFeSIGwPRQ2BwAAAAu3D6HUx6sGt6fGxkGcHhuYfUJiMSid5//32n1JIjcrsQ29yucAgMDgAAwASn2P52A/XT42MvJzg8x5DaLkMPb+5abHO7wtnnCgKDAwDw/wv7v2gyBbumx8deTnB4jiG17YY+Zf/fY4whvLlrsc3tCmcKdgSBwQEAABzvYwQCwdatW/HrxMREg8GAX6MoSv6dwb/++stqtcbGxhI18XcuiqJEWNzo6OjAwMCNGzfiycjISOLbcqZelk9SUpLVah0eHlYqlcRPEH7//fcSiQQff3BwcG5ublpa2rvvvtvQ0PDzzz8jCDI3NzczM5OcnExvkCKcDEcV/v7+SqVyaGjIarUmJSUtXyMAAMDaZB1/58+R2tpalUpVWlp6//59IpMe27y5uTk5OdlqtSoUimPHjuH5Hg0Mjgfpg8DgAAA8wTj2MRaLZWxsDL/W6/VPPfWU3WpCodDHx+ePP/7Ak4ODg+z/LOlaLy6gVCr1er1QKBSLxXiMgKWlpWvXrlH+avm55547cOCAUqm8ePFiW1tbUFBQSEiIsyEAOKo4evSoWCyOiIjQ6/VKpdIlWQAAAOsATvsYhUIxPj5+586dmpoaqVRqt46Xl1d+fr5cLh8bG8NrFhQUODUUu72EhYVZLJbff/8dQRAej0f/bxg6NpuN+GEonNDQ0E8++USn0+H/N6NWqyMiIohjvbt377722ms//vjj9PT02NjYhQsXxGIxgiByufzw4cO3b98eHx8/duzYjRs33KICQRCz2azT6RoaGkJDQ7m0CQAAsE5x7GNQFE1NTU1JSUlPT09OTq6qqmKqef78+YiIiJSUlMzMzOzs7NLSUu7jYOrF39//xIkTYrG4paVFKBQiCEK8qZnQaDR2NxAikejy5csI7aAsLi4uLS2tpKQkMjIyNTXVYrE0NzcjCFJVVbVz586MjIy4uDij0cjlixMuKhAEuXz5skgk4jItAAAA6xoHsf1XJtg1917eeecdnU73ww8/MFVYXFxMTEw8ceLEoUOHmOpAbHMAAICVYdVi+7tGfX09+2+z+/r6Xrly5eWXX2apA7HNAQAAVoZ19ndl3t7ezz//PHsddgcDAAAArBjrzMcAAAAA6wj3/9YyAAAAAODAPgYAAADwFOBjAAAAAE8BPgYAAADwFOBjAAAAAE8BPgYAAADwFOBjAAAAAE8BPgYAAADwFOBjAAAAAE8BPgYAAADwFOBjAAAAAE8BPgYAAADwFOBjAAAAAE8BPgYAAADwFOBjAAAAAE8BPgYAAADwFP8B1BeOifFsYFIAAAAASUVORK5CYII=) --- **Screenshot:** ![live-sudoku.com vulnerability](/twimages/screen-1163964.jpg) **Mirror:** [Click here to view the mirror](<http://1163964.openbounty.org/mirror/>) ### Coordinated Disclosure Timeline Vulnerability Reported:| 17 May, 2020 16:29 GMT ---|--- Vulnerability Verified:| 17 May, 2020 16:42 GMT Website Operator Notified:| 17 May, 2020 16:42 GMT a. Using the ISO 29147 guidelines| ![](/images/done.png) ---|--- b. Using publicly available security contacts| ![](/images/done.png) c. Using Open Bug Bounty notification framework| ![](/images/done.png) d. Using security contacts provided by the researcher| ![](/images/done.png) Public Report Published [without any technical details]:| 17 May, 2020 16:42 GMT