Open Bug Bounty ID: OBB-1164678
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:
      a. verified the vulnerability and confirmed its existence;
      b. notified the website operator about its existence.
Affected Website: |
collegetuitioncompare.com |
Open Bug Bounty Program: |
Create your bounty program now. It’s open and free. |
Vulnerable Application: |
Custom Code |
Vulnerability Type: |
XSS (Cross Site Scripting) / CWE-79 |
CVSSv3 Score: |
6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N] |
Disclosure Standard: |
Coordinated Disclosure based on ISO 29147 guidelines |
Discovered and Reported by: |
NUMAN |
Remediation Guide: |
OWASP XSS Prevention Cheat Sheet |
Export Vulnerability Data: |
Bugzilla Vulnerability Data |
JIRA Vulnerability Data [ Configuration ] |
|
Mantis Vulnerability Data |
|
Splunk Vulnerability Data |
|
XML Vulnerability Data [ XSD ] |
|
Vulnerable URL:
![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAAA3CAIAAABVZQ1/AAAACXBIWXMAAA7EAAAOxAGVKw4bAAATe0lEQVR4nO2df0wT5xvAT+RHKeVXLRUKKrBZDSOIyBg6li3TKEFCqiIa7BCVKDqmhKBjyBhjE40i25AQsmyGLcQR4wghxDBTzdYR5hBZxYZhRVYqHgQQRSsrWHrfP95839yud0cBC4jP56++d8/7vM/73HP3tO/1nltAURQBAAAAAHbAYbYNAAAAAOYtkGMAAAAAewE5BgAAALAXkGMAAAAAewE5BgAAALAXkGMAAAAAezF3c0xQUNCtW7e4mgAwi8zNaJybVgGvOHM0x9y+fdtisaxatYq1CQCzyNyMxrlpFQBMkGO6u7vd3d1Zdw0PD588eZKrOU3q6uoSEhK4mnMNupd4PDZlbPQtfWh6F3uY9Coz89FoyxHEVj169GjPnj0+Pj7+/v4ff/zx8+fPbdH5Ys/fSXHu3LmgoCA3N7e33nrr6tWrs2IDYEcoXvR6vUgksmUXj+QUiIqKunLlCldzrkGf+4v1w2R1mkwm1i54OzB9Zj4abQkAbFVCQkJycnJPT09HR0dMTExOTg5XF3pU2CNubaG0tDQ4OPjatWuDg4OXLl2SSCSNjY0zbwZgP+ZijiFJ0svLa2xsjLU5B5k7OWY6XQBbmJVonPBoYqtGRkYCAgKMRiPa3tzc/Prrr7+QIeyETCa7du0ablZUVMTHx8+8GYD9sOl+zDfffBMUFLRo0aIPPvhgeHiYIIjh4eHAwECj0bhgwYIffviB3iwpKXF3dz9z5szixYu9vb13797977//Ij03btx455133N3d/f39t23b9vfff7MOV1dXt3HjRicnJ0Zzy5YtZ86cQRtv3brl4uKCjCEI4sCBA0ePHuUXWL58OX93hhnj4+OffPLJ4sWL3dzctm/f/vDhQ4Ignj17duDAAR8fnyVLlnz++efj4+P8rhsdHd23b5+7u/uyZcs+++wzLN/b27t582Z3d/egoKCzZ896e3tzyTNczVji6O7uxn3xLp4urPYjgbNnzwYFBXl7e+/atQt7htUJrHroStzc3Hbs2PHw4cOjR4/6+PgsWrRoz549z549o9vJFSFr1651dXX18fHZvn37gwcPkPDJkyd9fHz8/Py+//57Hq9O7fDZbjnx3+BkjWcu26ynhodmzI7L59anobVVrq6u9+/fd3NzQ9s7OztlMhmrTsbKKg6YlJSUTZs2Yc3Hjx/fvXs3Z3z/l19++QVPluGZHTt2nDhxAkuuXbsWXTdIkoyJicHb9+7dW1ZWZuNwwEvBxDnGaDRqNJqmpqbm5maSJHNycgiC8PT07OjoEIlEJpNJqVTSm1u2bDEajc3NzS0tLS0tLa2tradPn0aq4uPjU1NTDQZDY2NjTEyMQCBgHZHrZkx8fLxKpUIb6+vrLRZLQ0MDaqpUqri4OH4BhULB351hxunTp1UqlUql0ul0Mpmsvb2dIIjDhw+TJNna2trQ0FBXV1deXs7vvcLCwpGRkba2toaGBrVaXVFRgbZnZGQ4Ozt3dnaqVKoff/yRR57hav7hEDxduOw3Go1tbW3oKBsMhtzcXB4ncOlBodLY2KjRaEiSXLly5eDgYFtb2/Xr1/V6PdaJJFkjpLW1df/+/X19fVqtNiAgICMjAwl3dHRotdrKykp0PeLy6pQPn+2W04OTNZ65bGOdGuvsWC1nPQ1ZrcLcuXMnOzu7uLiY5zhaB8yJEyfUavXTp0+x5q1btxIE4WMFXcONGzfWr1+fmprK5ZmkpKTa2lq0t7e3V6PRKBQKo9EoEAjwt0mCIJycnJYtW2Z9NIGXGP6fOXq9niCIJ0+eoGZTU1NwcDDexbpWhroYDAa0vaamJjIykqKooaEhR0dH1hsDBoMhMDAQfTYajSKRaGhoyLpJkqRQKEQaoqKisrKykpOT0YgeHh5jY2P8AgaDgb87wyqpVNra2krfYjabRSJRV1cXatbV1UVHR1O8a2USiQQvXGg0mqioKKRHIBBgPTU1NV5eXjzyPPr1ej3uyyWGP/PYTz/KjY2N+ChbO4FLD1Ly+PFjrMTBwWFkZAQ1m5qa8KINV4Qw6Ozs9PX1RcI4Hni8xGBSh89Gy+nRyBXPttiGpoaHZszO2nKe05CyOmUQPT09wcHB1dXVPDq51rqjo6MvXbqEN6I59liBhHU6XVJSklgsLioqQhNn9czIyAg6BymKKi8vT0hIYAyanZ0tkUgkEgl9asA8wHHCJCQSifBvaplMNjQ0NGEXgUCwZMkS9HnlypUGg4EgCG9v78TExOjo6Pfff18mk0VGRr777rtYbVNTE/p85cqVqKgovP5Db/r5+cnl8qamppCQEJIk8/Pz5XL5+Pi4SqXasGGDk5MTv8CSJUv4u9OnMDw8PDQ0FBYWRt/Y398/NjYWFBSEp4ZOfi4ePXo0ODgYGBiImhaLxdHREemxWCx0PfzyLwoe++lHOSAgAB1lVifw6BGJRJ6enliJh4eHq6sraspkssHBQayBNUIIgvjrr7+OHTvW3t4+NjZmsVgsFgtSi+OBsM1Lkz18NlpOj0bWeOaxjXVq1rPj8jnPacg4ZRCJiYmZmZk7duzg0cmFQqGor6/ftm1bfX19XFyci4sLQRD+/v6swiEhIfHx8V1dXdiBrJ5xdXWNi4urra396KOPampq0C8eR0dHs9mMeuXl5WVmZvb09MTGxtpoJ/BS8CIvYRPy008/3bx5U6vVkiSZlZW1bt26c+fOEQSxcOFCPz8/JMP/r+W4uDiVStXV1RUfH+/p6RkeHq5Wq+krXfwCE3ZnsHDhwunM12QyOTg4tLS04AuNgwPf4uRk5WeGaTphUigUirS0tIqKCoFAwHW5sd1LL9xyRjRax3Nubi6XbbZMbWqWWy+U9fb2trW1/fHHH1PTuXXrVrRqV19fj5e/GItjBEEMDAwQBFFYWFhcXHzo0KHCwsLXXnsN7WI905OSksrKypRKZXNzc01NDUEQ6EfS8+fPnZycPD09PT09+/v7hUKh7XMHXgL4f+bYuDJDca+V1dbWsq6EaDSagIAAxkaz2SyRSPBqBqNJUVRTU1NUVFRCQsLly5cpiiovLz98+LCvry9JkrYITNidjlQq1Wg0DPMmu1YmEolY15oEAoFer0dN+loZqzxd55MnTxwcHOjrWi9krYzrKFs7gUsPjxLKKnJYI6S/v9/R0RF30Wg0Xl5erP93YvUSg6kdPh7LraORDo5nVttYp2Y9NJflPBayWmU2mxlbbNFJb4aGhqpUKi8vLxxpXGtlFEUNDg5mZmaKRKL09HQez5hMJrFY/PXXX2/duhXvlclkv/76K24WFxfHxsZaKwFeXqaeY4xGo6Ojo06nYzTRFSQxMbGnp0er1YaHhxcUFFAU1d7eHhsbi/4IbzAY0tLS6H9SRKu3arU6NDQUb2Q0EVKpVCqV4jViDw+P8PBw2wX499IXkYuKiqKiotra2np6ejIyMtRqNUVRaWlpCQkJBoNBq9VGRESUlpZSFPXkyRNHR8eOjg6z2Uz/TFFUenp6dHQ0+kJ3+vTpwsJCpDwxMVGhUOj1eq1WGxYWhr3KKs9wdVRUVFpaWl9fn06ni4mJYc0x9C707az28xxlView6plsjrGOEHR0ysvLHz9+rNPpFAoFV47h8urUDp+NljOikSueuWyznpr10FyW81jIeo5QVk9ETaiTEWP5+flhYWGT+huxXq9XKpU8nqEoKjk52cPD4+LFi7gXfj6mv7+/qqpKLBY3NTXZPigw95l6jqEoqqCgQCgUVlZW0ptnz54ViUSnTp2SSqVeXl4pKSno9unY2FhBQYFcLnd2dpZKpUqlsq+vjzFKdnZ2bm4u1s9oIpKTkxMTE3EzMjKSIcMvwLOXMVmz2Xzs2DGJRCIQCBQKxeDgIEVRRqNx//79EokkICCgoKAAJRKKonJycrAr6J9NJlNmZmZAQIBQKIyLi8PfLvv6+uLj40UiUWBg4KlTp7BXueTpru7s7Hz//fdFIlFISEhpaSnXL0vchZF7rO3n/5ps7QRWPZPKMawRQlGUWq2OjIwUCAS+vr5ZWVlcOYbVS1M+fDZazohGrnjmOoLWU7MemstyHgtZzxHGFGzRSf03xjQaDUEQ+NSeFDxnem1trUgkwocbUVpaGhgY6OzsHBERQX9WBpgfTJBjpsB0HuaSy+XXr1/nas5XOjo6pFLpbFsxc7ykz4fOzWi0k1XoX8WM/6oBwBSY0Xv+E3Lnzh2e5nxFo9EEBwfPthXABMzNaLSTVVeuXImJiWH8Vw0ApsDs/21pXnLr1q2DBw9y7X3+/HlYWNhXX301MDDw559/5ubmpqenz6R5AMDD8PBwWVlZUlLSbBsCzAcgx9iF1NRU/JCENU5OTjKZ7MsvvwwICFAqlYcPH7a9XAcA2Bt8n2y2DQHmAy9HjqFX5Zqb0EujP3z4sK2tLTMzky7w9OlTPz8/vLJx8uRJZ2fn0dHRu3fvHjlyhEvtb7/9tnr1ajc3t7Vr196+fXuylkxfjJXu7u4F/2fhwoVBQUFffPEFvWjYwMCAk5PT77//ztp92bJluFQJMAcZHR39+eef0aOXADBNXo4cM/d5/PhxUVER+mw0GoVCIeMULS0tVSqVK1asQE2xWGw0GidUu3PnzoKCAvTI3t69eydryfTFuEBPz5lMJqPRWFtbW19fT9dWXV0tEokuXLgwZf0AAMwPIMfMBE+fPq2urs7Pz59sR7PZHBkZ6e3tHRkZOTY2Zg/bpoyLi4uLi4urq+uqVatKSkqqq6vxrgsXLpSVldXW1nK9IAsAgFeEiXMMfxV3Rin4SelB21lrnhME8eDBg02bNrm7u69YsYL/GzFXrXjWwunTqe7ONRCjlr61hWVlZdnZ2TyvMsRF0RkcOnQoLi7uww8/zM3NtXaCdQV1a0tY3WstZku1fB4EAgEuPHXv3r2enp5du3ZFRERcvnx5UnoAAJhnTJxjuKq4s5aCn6wegrvmeUZGhoeHR3t7++XLl+mXV9Ya41y14q0Lp0+zujvrQPzl9589e1ZSUlJYWOjv73/8+HHWy3dqaur69etv3rzJ2I5qn1RWVjY0NLzxxhuMvdYV1K0tYXWvtRhrRXr+cu6YgYGBvLw8hUKBmlVVVcnJyQRBKJVKWC4DgFcd/sdneKq4s5aCp7gfXWYtFcUA1zxHFb3o5d/xc8vWdZO4asVbF06fZnV3nqL0PCXLiouL0ZPVnZ2doaGhrPVLjEZjUVGRWCxOSkrC9Ty+++67sLCwvr6+9957DxVx6uzsxE9rctWW53nCEbvXWoy1Ij1XiSrkB1SJXSwWCwSC9PR0bIlcLtdqtRRFjYyMSKVSHCcAALyCTJBjSJJ0dnbGTZ1Oh17pwV97w/oax6oHfW5tbd2wYYNMJkMXLKSKJEmBQIDl29vbGbUx6Oj1eoYwuhBbW8Jlho3VRLgGonhzjFwux2mprq4O5z9rLw0NDSkUClw8Eb/zgyRJiURSVFR0/fp1enW1nTt3hoeHZ2VlFRcX48KCDM2s7mWIoULxkv8jFov56w7o9XqhUIiyDkmSuKAORVHNzc0RERG4mZKSMrV6JAAAzA9m/zn/SdU8J9hqjLe0tNjNuuny6NGjrq4u/K4UuVxOkiSr5L179/Lz89VqdWFhIUEQAwMDQ0NDq1evJgjCz8+vsrJSoVC0tLTQX0zL9a4EOtOpls9Vzh0JsL5QpKqqqr29HXc0mUwkScLTPwDwyjJBjpFKpc7Ozv/88w96s1NHRwfPo4VT0DMwMECS5KefforE8MugpFIpQRD3799HV2edTodVoWp9dMxms8lkogsvXbrUTtOxcSCMUCi0WCz0EVm7HDx4sKqqav/+/TqdbtGiRQRBiMViR0fHu3fvLl++nCCIzZs3792799tvv9VqtfSOa9asWbNmDUEQ6FXTjBzD5V4Gfn5+QqEQpzSMtav5GR8fv3jxolqtRu+QJwjCYrGEhYX19vbi9wMBAPBqMeEvnSlUcccPT2DMZjNrWXWKo+Y5RVEKhYJe/p1/rYxgqxXPuh41neruPEXp6aXRDQYDfUlNoVDExsbq9fq2traQkJDz589TFNXZ2UkfQqlU4tfJYA4dOrRu3TqtVjs4OFhZWSmRSHx9ffPy8tBergrqjCLtXO5liHFVpOdyOOstn4aGhpCQEMbGxMTEkpISHm0AAMxjJs4xU6jibp3JKioquKris9Y8pyiqp6dn48aNIpFILpcXFxfz5xjWWvGsl8LpVHfnKUpP0Uqjm0wmgUCAL9+Dg4PJyclisXjp0qWnTp1CGy9duhQWFsbveZPJlJOTExgYKBAIIiIiqqqqurq6hEIhehUKTwV1epF2LvcyxLgq0vM43Hp7SkrKsWPHGBvPnz9Pv0MDAMArxQKKomb0d5Md6O7uDg0NnYHyJLYPdOTIEa1We/XqVda9o6OjK1euzMvL27dv34u2EQAAYA4x+/f85yXFxcU8NzNcXFyqqqrefvvtmTQJAABg5oFaMnbBycnpzTff5BGABAMAwKsA5BgAAADAXsyH+zEAAADA3AR+xwAAAAD2AnIMAAAAYC8gxwAAAAD2AnIMAAAAYC8gxwAAAAD2AnIMAAAAYC8gxwAAAAD2AnIMAAAAYC8gxwAAAAD2AnIMAAAAYC8gxwAAAAD2AnIMAAAAYC8gxwAAAAD2AnIMAAAAYC8gxwAAAAD24n8twU7ZvpzHKwAAAABJRU5ErkJggg==)
Screenshot: ![collegetuitioncompare.com vulnerability](/twimages/screen-1164678.jpg)
Mirror: Click here to view the mirror
Coordinated Disclosure Timeline
Vulnerability Reported: |
18 May, 2020 10:19 GMT |
Vulnerability Verified: |
18 May, 2020 10:34 GMT |
Website Operator Notified: |
18 May, 2020 10:34 GMT |
a. Using the ISO 29147 guidelines |
![](/images/done.png) |
— |
— |
b. Using publicly available security contacts |
![](/images/done.png) |
c. Using Open Bug Bounty notification framework |
![](/images/done.png) |
d. Using security contacts provided by the researcher |
![](/images/done.png) |
Public Report Published |
|
[without any technical details]: |
18 May, 2020 10:34 GMT |