Open Bug Bounty ID: OBB-1166378
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:
      a. verified the vulnerability and confirmed its existence;
      b. notified the website operator about its existence.
Affected Website: |
jr-miller.com |
Open Bug Bounty Program: |
Create your bounty program now. Itβs open and free. |
Vulnerable Application: |
Custom Code |
Vulnerability Type: |
XSS (Cross Site Scripting) / CWE-79 |
CVSSv3 Score: |
6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N] |
Disclosure Standard: |
Coordinated Disclosure based on ISO 29147 guidelines |
Discovered and Reported by: |
g0bl1nsec |
Remediation Guide: |
OWASP XSS Prevention Cheat Sheet |
Export Vulnerability Data: |
Bugzilla Vulnerability Data |
JIRA Vulnerability Data [ Configuration ] |
|
Mantis Vulnerability Data |
|
Splunk Vulnerability Data |
|
XML Vulnerability Data [ XSD ] |
|
Vulnerable URL:
![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAAA3CAIAAABVZQ1/AAAACXBIWXMAAA7EAAAOxAGVKw4bAAAMnUlEQVR4nO3df0gb5x8H8LRGTU1srU2uqclQy+pGKV3YnDjWjbFKV0Qk3fpjLW5LWbF2dCLBbrUbm/MPO6wtrH+EMRw49oXtj1JGKMVBkBEkdK0LMQtO07TYzKVuRJd01zbGtPf94+A47i531yQXo7xff4w8l+ee+3ye59GPd9FuDUVRKgAAAAWsXe4AAABg1UKNAQAApaDGAACAUlBjAABAKagxAACgFNQYAABQSuHWmNra2omJiXRNyKfCmfzCiQTETUxMnDhxQqTD0tLS4cOH//77b5kDYulXqAKtMb///vvjx4+fe+45wSbkU+FMfuFEApJsNltNTY1Ih+Li4pKSku7ubjmjYelXLokac+fOnfLycsG34vH42bNn0zWz5HQ6W1tb0zXzQyT37MfkDK7EtXKFPfn//vvv0aNHDQaDyWT6+OOPl5aW5I+TfY7ZbwOZMUhuZvY6bty4MZuQMiAni4y/HjNeJvYV5+fn/X5/V1cX8+7i4uLhw4c5I3d1dblcLjmD523pIecyv4+JxWL9/f3pmlkqhBpTXV0djUYLf0ylsSffZrMlk0mfzzc6OurxeD777LPliiQzMuc/t5s55+Rkkf8U2FckSbKsrKy0tJRuLi4u7t27N5VKcU6prKwkSVLO4Hlbesi5QnxWdvfu3WAw+Nprrwk284n5IinwMZXDnvyHDx96vd5vvvnGZDI988wzFy5cuHTpkvyh1Gp1XV1dTiLJRk7mn8kly6QytrJ20dzcXFNT0+DgYGanF9TSw5OSVWO++uqr2traTZs2vfPOO/F4XKVSxePxmpoakiTXrFnz3XffsZsXLlwoLy8/d+7c5s2bN27c+N577z18+JAe58aNG6+88kp5ebnJZHrrrbf++OMPwcs5nc49e/YUFxdzmvv27Tt37hx9cGJiorS0lA5GpVIdP3781KlT4h22bdsmfjonDPrmmv7v2bNnDQbDli1bvv32W8GY6W7nz5+vra3VarWHDh2an58/deqUwWDYtGnT0aNH79+/r5J9w764uPj++++Xl5dXV1d//vnnjx49kgzj0aNHPT09mzdv1mq1Bw4cmJ+fp4/fv3//+PHjBoPhqaee+uKLL5ihJEPlr8W6dev+/PNPrVZLvxUKhaqqqlSyl9VkMv32229M8+effxafBE4HdiSCV+TPAH/S2PNPv+ZvVM7eFgyVycVkMv36668yM2L3kZkCE6dgFtmkQMfw0ksvrVu3zmAwHDhw4K+//uL34W9FwZD4V2Srrq7+5JNPJCeHP0u0vC09KEG6xpAk6fP5PB7P9evXI5HI6dOnVSrVhg0bpqamdDpdIpFoa2tjN/ft20eS5PXr18fHx8fHx71e78DAAD1US0uLzWYLh8NjY2O7du3SaDSCV0z3oKylpYV5envlypXHjx+PjIzQTZfL1dzcLN7BarWKny4yA1NTU4FAYHh4eNeuXeITNTY25vP5IpHIs88+G41G/X7/tWvXZmZmzpw5Iz7PbH19fQ8ePPD7/SMjI263++uvv5YMY2BgwOVyuVyuYDBYVVU1OTlJH+/s7IxEIl6vd2RkxOl0OhyOJwo13TOK6enp7u5u+idTwWU18HBGsNlsu3fvZlcdxo0bN3bv3m2z2dgH2ZEIXlFwBsQnTXCjcva2eKgyM+InJT8F8SyyScHr9ba3t8/NzQUCAbPZfPLkSX7YgluRHxL/iplZ3qUHRVCiZmZmVCrVvXv36KbH49m6dSvzlk6nY/ekm/Qp4XCYPn758uX6+nqKohYWFtRqdSKR4F8lHA7X1NTQr0mS1Ol0CwsL/GYkEikrK6NHaGhosNvtR44coa+4fv36ZDIp3iEcDoufzs9dp9PR6TDxiE9ULBajm2NjY2vXrn3w4AEzb08//TRnlgRnj6bX60mSpF/7fL6GhgbJMAiC8Hq9nIOpVEqn092+fZtuOp3OxsZGmaFSvLVgzM7Obt269ccff6TSL+ssD6cDSZL9/f2VlZUHDx4MBoP0wWAwePDgwcrKyv7+fmYGOJGkuyJ/BviTxp7ndBuV4i2HYKh86brxk5KfgngWOUwhFAoZjUb+ifytKBgSxZtb9iDpDrKPFMjSQ85J1xjOt8KKiop0bzH7XqPRMMcnJycJgqBfv/322xaLxW63Dw4O/vLLL0yfVCoViUTo15cvX3799deZtzhNi8UyOjo6NzdnNptjsRhBEKlUamho6M0335TTQfJ0fu6CXy16FsmJYjfl1JiFhQWVSsWMX1lZSRCEYBiMWCymVqtTqRTneCQSKSkpYZrBYNBoNMoMleJNPqOxsfHixYtMM92yyrGwsGC1WtVqNd1Uq9VWq5WpfwxOJPwrCs6A+Dc1kY0qONucUGVmlC4pmSmIZ5FlCl6vt6mpqaqqit5mnC1KpdmK6QbPssYUyNJDzuX1M/8ffvhhaGho586dyWTSbrd/+OGH9PGioqItW7bQr8V/o6y5udnlcl25cqWlpWXDhg0Wi8XtdrOfdIl3kDxdJh9LNhMiKJFIrF27dnx8nB7f7/fLvEpRUVFuIxF8UHb37l2/38+snSrNsko+K1OpVLdu3Tp58qTb7e7r66OP9PX1ud3uDz744NatWyKRiGykXOQtgB+q/G6CSRVCClar9dVXX3W73T6f7+rVq/xTMt6KGSjYpYdsiZegzO5jVKz70J9++knwPtTn85nNZs7BVCql1+uZZzucJkVRHo+noaGhtbX16tWrFEU5HI7Ozk6j0cjcBol3kDydn7v4DYSciaKe8D6GoiidTse/9xcPgyAIn8/HOZjuWZmcUPmTz4zJP8hgllXyWVlHR4dOp7Pb7dFolH08Go12dXXpdLqOjg7mioKRcK7InwHJH2bTbVTOielClZmRYFIyUxDPIpsU/vnnH/bNls/n49/HUEJbUTAkKuv7GKowlh5yLvMaQ5KkWq1mnu0yTXr99u/fPzs7GwgELBZLb28vRVGTk5N79+4dHR2NRqPhcPjYsWMtLS3MyPQzVrfbvWPHDuYgp0kjCIIgCLr/7Ozs+vXrLRaL/A7i77If9SpaY+7du6dWq6empuh7fE6zo6OjsbExEAhEIpGBgYG+vj7BMNjR9vf3NzQ0+P3+2dlZ+sdV+vixY8daW1vD4XAgEHj++ecvXrwoM1TByedfV3xZRbS1tc3MzKR7d2Zmpq2tjX7NiSTdFfkzIOcbDX+jUry9LR6qzIzYSclPgZJRYzJOgSAIh8MRi8WCwaDVaqXXXXIrCobEuWI4HGY/jOKEzQiFQuy9x5klajmWHnIu8xpDUVRvb29ZWdnw8DC7ef78eZ1O9+WXXxIEUVFR8e6779KfJyeTyd7e3rq6upKSEoIg2tra5ubmOFfp7u4+c+YMMz6nSTty5Mj+/fuZZn19PaePeAeRdwXvLRSqMRRFnT59mj177GYikejq6jKbzWVlZc3Nzbdv35b8GTCVSn300Ud6vV6j0VitVubHVZIk29vb9Xq92Wzu7e1NpVIyQxWcfH5/kWXNFU4k6a7InwHJbzSCG5XG2du5JT8FSqrGZJOC2+2ur6/XaDRGo9FutzPLKr4VBUPiXDGRSGg0Gs4vF/DPunTp0s6dO0UmalmWHnJLosZkQOY3ZUF1dXXXrl1L18yzbBJZBZZ38tkUimQVrG8hp9DZ2Sn4CyOMRCJRU1MzNDQk0gdLvwqo8/8JkIjp6WmRJuRT4Ux+4UQC8g0ODor/gkBpaen//ve/l19+WaQPln4VKMR/S6YQLC0teTwes9m83IEArEjFxcUvvviieB/xAgOrQ2HdxxSO9vZ2p9M5NDS03IEAAKxgayiKEu8Rj8cdDkdPT09+AgIAgFVDusbcuXNnx44d//33X34CAgCAVQOfxwAAgFIk7mPi8XhFRQX9enh42Gg0vvHGG3kJDAAAVjzpZ2XT09P19fXRaFStVpvN5u3btw8MDLzwwgv5iQ8AAFYu6Wdl9P+hobS0tKioKBQKNTU17dmz59ChQzdv3lQ+PAAAWMGe7PMYrVbb09MTCoWSyeT27dsVigkAAFaHJ/7MX+Y/cg4AAPBkNebEiRMWi8VoNAaDQfzFDAAAiJP+O3+9Xp9IJG7evLlt2zaSJAOBQHV1dR4iAwCAlU66xmi12k8//dRisTgcju+//z4PMQEAwOog/bvLAAAAmcHf+QMAgFJQYwAAQCmoMQAAoBTUGAAAUApqDAAAKAU1BgAAlIIaAwAASkGNAQAApaDGAACAUlBjAABAKagxAACgFNQYAABQCmoMAAAoBTUGAACUghoDAABKQY0BAACloMYAAIBSUGMAAEApqDEAAKCU/wN+VGeB/8OEbwAAAABJRU5ErkJggg==)
Screenshot: ![jr-miller.com vulnerability](/twimages/screen-1166378.jpg)
Mirror: Click here to view the mirror
Coordinated Disclosure Timeline
Vulnerability Reported: |
19 May, 2020 19:48 GMT |
Vulnerability Verified: |
19 May, 2020 19:59 GMT |
Website Operator Notified: |
19 May, 2020 19:59 GMT |
a. Using the ISO 29147 guidelines |
![](/images/done.png) |
β |
β |
b. Using publicly available security contacts |
![](/images/done.png) |
c. Using Open Bug Bounty notification framework |
![](/images/done.png) |
d. Using security contacts provided by the researcher |
![](/images/done.png) |
Public Report Published |
|
[without any technical details]: |
19 May, 2020 19:59 GMT |