Open Bug Bounty ID: OBB-1166035
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:
      a. verified the vulnerability and confirmed its existence;
      b. notified the website operator about its existence.
Affected Website: |
berlin-apple-reparatur24.de |
Open Bug Bounty Program: |
Create your bounty program now. It’s open and free. |
Vulnerable Application: |
Custom Code |
Vulnerability Type: |
XSS (Cross Site Scripting) / CWE-79 |
CVSSv3 Score: |
6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N] |
Disclosure Standard: |
Coordinated Disclosure based on ISO 29147 guidelines |
Discovered and Reported by: |
geeknik |
Remediation Guide: |
OWASP XSS Prevention Cheat Sheet |
Export Vulnerability Data: |
Bugzilla Vulnerability Data |
JIRA Vulnerability Data [ Configuration ] |
|
Mantis Vulnerability Data |
|
Splunk Vulnerability Data |
|
XML Vulnerability Data [ XSD ] |
|
Vulnerable URL:
![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAAA3CAIAAABVZQ1/AAAACXBIWXMAAA7EAAAOxAGVKw4bAAAQxUlEQVR4nO2df0xT1/vHr7WyArfKj1J+GgoaMITAYghjC8ucEmWMkA6R/ZApc4QRwgwS4hATxhhBxsBszBm3uET5Q/nDOEaIYYRsS2OYQ8SOMVYJMOgqNFgQWJUfVu73j5vPyf3ee87tLbQU5vP6q+f03ue8n3tOeehp+76bGIahAAAAAMAFyNwtAAAAAPjPAjUGAAAAcBVQYwAAAABXATUGAAAAcBVQYwAAAABXATUGAAAAcBXrosZERET8/vvvpCYA2AXWDACsT9xfY/7444/l5eX4+HhsEwDsAmsGANYtdmrM2NiYUqnEPjU7O3vmzBlSUzqtra0ZGRm8psi4EuFGWH00ZynZWKx4Th88eHD48GF/f//Q0NATJ04sLi7yDnjttde++eYbu3HGxsZ8fX3tHoaW0MOHD997772AgIDQ0NCPPvroyZMnKxB/4sQJT0/Py5cvO3QWmmWJmp2LlDW24tkEgFXBiDI6OkrTtJSnRI4UJzExsaOjg9dccTSSnoWFhdVEc6KSDcSKlaemph47dmx8fHxoaGjv3r2lpaXcZw0Gg1qtfvz4sRQBPj4+dg9DSygjI+Odd94xmUwGgyE5ObmsrMxR5RaLRSaT6fV6m83m0InoWknU7HTsrvCNuw6BDY2b98omJiYGBwf37NmDbTqR5557zukxASyPHj365ZdfGhsbg4ODd+zYUVtb29LSwj2gsbExPz/f09PTKcOhNTM/P9/b2/vtt9+GhoZGR0efPXv22rVrjkazWq1eXl7x8fGbN2926ES5XB4VFcV9sMbACgfWJ5JqzJdffhkREeHv7//uu+/Ozs5SFDU7O6vRaKxW66ZNmy5fvsxtnj17VqlUfv7554GBgb6+vkePHp2fnydFbm1t3b9//5YtW7DNzz77TBhkcXHx/fffVyqV4eHhH3/88dOnT6n/7RWcOXMmICAgODj4u+++447C3cdQKpUNDQ0RERG+vr6HDx9m0yFx+/btF1980dPTMyAg4NChQ/fv30dBhAmS+nlg9QvBZiSSO3ZcoX5sWGyavCnm7cagHSFhQG9v7/n5eW9vb/bIpaUlDw8PdOLs7Gxzc3NRURHpmt+/f//AgQNKpTI6OvrKlSt2rxtaM56env/88w8ad2hoKCQkhM3u5ZdfViqVoaGhBw8e/Ouvv0hDT01NcVOmKOrRo0cffPBBQEDA9u3bP/nkE3ZQbGdoaOidO3fYB7/99hsb8McffySNJTwAq/Pp06enTp0KDAz09vY+dOjQ1NQUdgZ5K1y4GHizKa4KAJyI/RpjtVr1en1XV1d3d/f4+HhZWRlFUdu2bTMYDDRNLyws5OTkcJtvvPGG1Wrt7u7u6enp6enp7e2tq6sjBcd+GIPG7fkf3CBVVVWPHz/u6+trb2/X6XQXLlxAxxsMhv7+/kuXLiUnJ4uk09fXx6ZjNBrLy8tFcu/t7c3Pzzebzf39/WFhYegvIylBKYmT9GOl8jISyR07Lla/MCz2MN4Ui1wl8StfXV195MgR1Lx48WJ6enpgYCApWlFR0datWwcGBm7cuMGtMaTceUuI5d69e6WlpfX19RRFpaen5+bmGo3GmzdvJicnKxQK9pgAAf7+/ryUjx8/Pj4+3tvb297e3traev78eVInltzc3H379rG1h8ft27f37duXm5uLerA66+rqOjs7Ozs7BwcHQ0JCBgYG7F5w7GKQPpsA4GTEt9JGR0cpipqbm2ObXV1dkZGR6Cns5zHsKUajke2/fv16QkIC+9hoNGo0GnSK1WqlaXp6elrYFAmiUqmsViv7WK/XJyYmouNRKJ48njaUzs2bN1E6dhkaGgoKChLRJtLPvVBY/UKEGYnnjr1WQv3YsNg0GcI1RE32UwfxgJWVlSkpKdzPNiIjI/V6PelDC5vNplAouLmgw7C585YQi8lkioyMbG5uZhhmenpaLpdjP6swCeClabPZaJoeGRlhm62trUlJSdhObO6svJqaGj8/v+zs7MHBQbZzcHAwOzvbz8+vpqYGZUTSqVare3t7uT3YCy7l1QefxwBuQW63CNE0jTZJQkJCpqen7Z6iUCi2b9/OPt61a5fRaESnd3V1ocM6OjoSExPRl3B4TWyQhw8fWiwWjUbD9i8vL8vlcqRTyvd5uOmEhYVx0wkICECPHzx4QFHU3bt3T548OTAwsLS0tLy8vLy8LJ4gqR8hol84Oi8jkXNJ42L1Cy8UKU2JkK78Dz/80NTU1N3djT7b+P777zUaTXx8/NjYGDbU5OQkRVHcXMRz560ZlqysrOLi4jfffJOiKF9f36ysrKSkpL1794aEhCQkJLzyyivsYaGhoeJ5TU5OLi0tRUREIDGjo6PYTlIEb2/vU6dOFRQUHDt2LCYmhv2eW0xMTHp6+sjIyLZt29CRWJ2zs7PT09NxcXG8sOJL3e4iBIC1xH6NcSKbN28ODg5GTZGNMhILCwsymaynpwf9eZXJnPa1Bb1ez+vRarV5eXkXLlxQKBQmkyk1NXWVQ4joF44u/VwSEvU7PU2Kov7888+CgoL29nZ/f3/U2djYWFJSsoJopNyFa2ZiYqKvr+/XX39FPVevXr1z505/f//4+HhJSclLL7301VdfUf+/qLOwpd25DA8PV1RU6HS6qqoqtqeqqqq+vr6wsLCqqmrHjh0iOqurqymKcvTbBwCwvhB/m0PaIcE+hX233tLSgt26sdlsKpUK7TnwmiJBaJrm7R4IxTDkvTJSOkImJyflcjlq6vV67u6QUJtIP3dQrH4h2J0NUu7YcbH6hWFJafI0zM3NyWQy7jYjuhpCndPT0zt37rxy5Qqvn6IoPz8/lUrl5+cnk8lUKpVKpeIewNsra2lpQWKEufPWDOrk9XDR6/VhYWHs4zXYKysoKKBpuqSkxGKxcPstFktxcTFN0wUFBeI61Wq1Xq/nPoW94FJefbBXBriFldcYq9Uql8vRLjNqsqs8KyvLZDL19/c///zzlZWVKALacdbpdLGxsaif1xQJUlBQkJSUxP67V1dXV1VVJdTJMMzc3JxcLjcYDDabbWU1hmEYtVp9/vz5mZmZwcFBrVbLrTFCbaR+rhKSfrtXXjx30rUS6seGxabJCKY4MTExLy/PbDYPDg4mJyeTaozNZktJSTl+/PgCB/Yp9Nf81q1bW7duRX/ZuZ9DaLVabi5IjDB33ppBcKMNDAykpqb+9NNPFovFaDTm5eWlp6djLzj2sufl5WVkZBiNxv7+/t27dzc2NpI6seTk5IyOjoqMlZOTI66zpqYmMTGxr6/PZDIVFRXpdDopNQa7GHizCQBrw8prDMMwlZWVXl5ely5d4jYbGhpomq6trVWr1T4+PkeOHEG/tuNGKy0tLS8vR6F4TfbIuro6YZCFhYXi4uKwsDAvL6+0tDT2P0rsC6+srIyVt+Iao9PpEhISFApFUFBQSUkJ96+qMEFSP1cJSb/dK283d+y4Qv3YsNg0WbhTzP6gkqbpmJiYxsZGUo0Rfj4hvMgib4hNJtP+/ftpmo6Kiqqvr0eHCXPnrRlhZIZhlpaWKisro6KiPDw81Gp1Tk6O2WzGXnCsGKvVmp+fr1KpwsLCKisr2f8SsJ2rhKTTZrOdPHlSpVIpFAqtVmuxWOzWGNJiYAQvWABYAzYxDOPczbexsbHY2Nh///1X/LDo6OimpqYXXngB21zPkBKUmPia6fnPs4HWzJrxzC4GYN2ypp/5c7l3755IEwDsAmsGANY/bvaSAVf/dYjbZ8HtAgAAcBburDHg6r8OcfssuF0AAABOxPk1Jjw8XOJ28Ap+H7N6Vu+0zyYojCM9cYlINGN37rjcWVhcXHz77bdFLpcrblvglGWwTrzu197w3+mLEABWiTvfx7ilxmwgZmZmampq1nhQNAuLi4upqak2m03k4PDwcIvF4iIBq0GKMLdcXgB41nBbjVkzV39AOtxZMJvNKSkprK2kCM61lHfiMlgPXvduN/wHALdjv8YILcex7uJCE3LxsCKu/ljvdBEHe6Hru10Pf+FdA0je9RRFTUxMvP7660qlMiIioqGhgbvpgb37gIh+YXySVJ4Z+9dff33gwAF0+unTp48ePcq7pMJxsTMlkg53FsLDw0+fPi0+idyksNb0Dpnb8wSssde9dKl///23t7f33bt3KYqampry9fX9+eefsadgDf8B4JnCfo3BWo4L3cWxJuRC+3QUVmSjjOSdTnKwx7q+i3j4k+4aQKKoqMjDw2NoaKizs7OpqcluHOne7yiOUCrPjF2r1ep0OrTV3trampmZyYuDHVc4U6R0hJPiENh14pC5PU/AGnvdS5caERFRXl5eXFxMUVRFRUVaWtqrr75Kia52AHh2Ef+JJtZyHOsuLjQhZwiWUIyoqz/JD8oht38RD3+JDvzo5+KsgxbSg9zmSXFE9It445Okck9JSkq6du0a6udNCnZc4UyR0hFOClYDD/QsyZpeurk9T8Dae907JHVpaWnXrl2VlZUqlQoZB5BWOwA8y9j5DSbJGp3nLk4yISfZp4u4+ot4pzvk9i/i4e+Q+fnk5OTy8jJXj3gch7zfWUSkctFqtW1tbQcPHmxra0tLS+N93kAalzdTIulgffIlQlon0s3teQLW3uveIalbtmw5d+5cSkpKY2Mjut+a3ZsFAMAziP29sqtXr168eDEuLm5paamkpOTDDz8kHSk0ISftHjjxG2XI9V2v1+v1+r6+Prsm+RuUzMzMGzduUBTV1tYm3ChbPav8QhdpnQwPD7Nmjlxze51OV1hYODw8LCKAFNB1XvfSpVIUZTabZTKZ2WxGPbBXBgAYHHrXw1qOk7x7eSbkDGH3QNzVX+Jembjbv/gtCbBxSN717OYScs8l7ZWhOCT9Er3xRcwiGYaJjY3t7Oz08fFBcRCkvTKhKTI2HaxPPlaDlGeRNb10c3uSAF5A13ndO+TDPzMzExQU1Nzc7OfnNzAwwHbCXhkACLFTY7CW49hXtdCEnBRT3NWfIXinO+T2b7fGYONgvesZhsnKytJqtaOjo/39/XFxceIO/yT9pPjS757AMExFRUVcXBzXnZ77iYVwXOxMYdMh+eQLI3BHRM+SrOmlm9vzBKy91710qQzDFBYWZmdnMwxTXV29Z88e0lkAANipMVjLceyrWmhCToop7urPELzTRUzLha7vdt8cYO8agPWuZxjGbDanp6fTNK3RaGpra7m1ARuH5P0uxRtf/O4J7DYgato1osfOFDYdrE8+Vh626aiFvhCegPXsdd/T00PTNPveaGFhQaPRNDU1ORQBAJ4dHNsrcwpRUVG3bt0iNUmsk7v4GQwGtVrtrtGtVqtCoeB9h2o1oHQkzgIPJ07KygTYZZ0sGwB4ZnGDt/+GdvXX6/WRkZHuGr2joyM5OdmJzlcoHbfPgtsFAADgCtx2/5gNxKeffhoSEpKRkTEyMlJeXl5RUeEWGbOzs+fOnXvrrbdWGcdZ6Tx58qSrqyssLGyVegAA+C/j7jdSUnHjpodOp9u9e7eHh8fOnTu/+OILt2hgGMbDwyMzM1P4s0RHcVY6ubm5fn5+169fX6UelwJ7ZQDgXpx/r2UAAAAAYHHzfTABAACA/zBQYwAAAABXATUGAAAAcBVQYwAAAABXATUGAAAAcBVQYwAAAABXATUGAAAAcBVQYwAAAABXATUGAAAAcBVQYwAAAABXATUGAAAAcBVQYwAAAABXATUGAAAAcBVQYwAAAABXATUGAAAAcBX/B2W1aidZ9hphAAAAAElFTkSuQmCC)
Screenshot: ![berlin-apple-reparatur24.de vulnerability](/twimages/screen-1166035.jpg)
Mirror: Click here to view the mirror
Coordinated Disclosure Timeline
Vulnerability Reported: |
19 May, 2020 16:00 GMT |
Vulnerability Verified: |
19 May, 2020 16:13 GMT |
Website Operator Notified: |
19 May, 2020 16:13 GMT |
a. Using the ISO 29147 guidelines |
![](/images/done.png) |
— |
— |
b. Using publicly available security contacts |
![](/images/done.png) |
c. Using Open Bug Bounty notification framework |
![](/images/done.png) |
d. Using security contacts provided by the researcher |
![](/images/done.png) |
Public Report Published |
|
[without any technical details]: |
19 May, 2020 16:13 GMT |