cablechick.com.au Cross Site Scripting vulnerability

2020-05-21T19:37:00

Description

Open Bug Bounty ID: OBB-1167887 Following coordinated and responsible vulnerability disclosure guidelines of the **[ISO 29147](<https://www.iso.org/standard/45170.html>)** standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence. Affected Website:| **[cablechick.com.au](<https://www.cablechick.com.au>) ** ---|--- Open Bug Bounty Program:| **Create your bounty program now**. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| **[XSS (Cross Site Scripting)](<https://www.owasp.org/index.php/Cross-site_Scripting_\(XSS\)>)** / CWE-79 CVSSv3 Score:| 6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N] Disclosure Standard:| Coordinated Disclosure based on **[ISO 29147](<https://www.iso.org/standard/45170.html>)** guidelines Discovered and Reported by:| **g0bl1nsec ** Remediation Guide:| **[OWASP XSS Prevention Cheat Sheet](<https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.md>)** Export Vulnerability Data:| Bugzilla Vulnerability Data JIRA Vulnerability Data [ Configuration ] Mantis Vulnerability Data Splunk Vulnerability Data XML Vulnerability Data [ XSD ] Vulnerable URL: ![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAAA3CAIAAABVZQ1/AAAACXBIWXMAAA7EAAAOxAGVKw4bAAAOrUlEQVR4nO3db0wT5x8A8BMrVigipa0IOMAwJMSwxrGOZWgMmsWRhlSHbjNs1kgQDTLSIaPMbIxk6FBc5hayLMzofDFfLMQQYtjC2FYZccq6o1bEDg0UKN0CjLKKpRTv9+LJLve7fz1oD5F+P6/6XJ/nnu/3uef6cAc9VhAEgQEAAAAiCHvSAQAAAFi2YI0BAAAgFlhjAAAAiAXWGAAAAGKBNQYAAIBYYI0BAAAglqW7xqSkpPT09HAVwbIUmkc5NLMGIWKJrjG3b99+/Pjxc889x1oEy1JoHuXQzBqEDj9rzODgYFRUFOtbLpfr1KlTXMUAtbS05OfncxWXGq5R4hk9kXa44B6XAvIo//PPP4cOHVIqlQkJCe+9997s7OxihjHfMQxwzIMytwXG4PckJfczODgYExMTYFTzEqwUloKnIshFs/DrmMnJybq6Oq5igJ6uNWbRJCUljY2NPekoxEIeZb1e7/V6cRzv6Ojo6ur64IMPnnRoIgrK3BY4MYJ7kgbXMkiB9FQEuWiW4r2y0dFRm822Y8cO1mKIW7169ZMOQRTkUX706JHZbP7qq68SEhI2b9587ty577777klHx0cikaSlpS2sbRDndlAmBplLIEkt2HKd2yFO0Brz2WefpaSkxMbGvvXWWy6XC8Mwl8uVnJzsdrtXrFhx6dIlavHcuXNRUVFnzpxZv359TEzMwYMHHz16hPZz69atbdu2RUVFJSQkvPbaa3fv3mXtrqWl5ZVXXlm1ahWtuGfPnjNnzqCNPT09q1evRsFgGHbkyJETJ07wV3j22Wf5m9PCmJubMxqN69evj4yM3Ldv3/j4OErhpZdeWrNmjVKp3Ldv38jICFn/k08+YaZMNTMzc/jw4aioqKSkpA8//HBubo6nI9Zhp91P4GqI3LlzJzY29vr168xIWBs+fPjwyJEjSqVy48aNH330EQoP9djQ0JCSkhIZGfn666+Pj4+fOHFCqVTGxsYeOnTo4cOHzP2zjhIteNrdGPIor1mzZmhoKDIyEm3v7++Pj4/HuCcP66jyBHDq1CmlUrlhw4avv/56XoPPJSEh4ffffyeL33//PU9lWgXqVOdKkBkhMxHq2KLXzBOQds6yxknmkpCQ8Ntvvy0gI9YsREqBNTautqxHP5A5LzzIEOd/jXG73TiOd3V13bx50+FwVFVVYRgWHR3d19cnk8k8Hk9hYSG1uGfPHrfbffPmze7u7u7ubrPZXF9fj3al1Wr1er3dbu/s7MzJyZFKpaw9ct0o02q17e3taGNra+vjx4/b2tpQsb29PS8vj7+CTqfjb04Lo76+vr29vb293WazxcfH9/b2YhhmNpuLi4udTqfVak1MTCwtLSVHqfs/1JSpamtrp6enLRZLW1ubyWT68ssveTpiHXYhESIul2vv3r2nT5/etm2bwIZlZWUOh8NsNre1tbW0tDQ2NpKp4Tje2dmJ47jD4UhPTx8bG7NYLDdu3BgYGKiurmbun2uUeLDeMrp3715FRcXZs2cx7snDOqo8h6mvr89qtV68eDEnJ2cBg69koMWs1+t37txJXXVIt27d2rlzp16vZ82aK0GuCGmJULGegLRzlifOQDJizUKkFLhi4/r8YfYY4JwXGGSoI3gNDAxgGDY1NYWKXV1dmzZtIt+SyWTUmqiImtjtdrS9ubk5KyuLIIiJiQmJROLxeJi92O325ORk9NrtdstksomJCWbR4XBERESgPWg0GoPBcODAAdTj2rVrvV4vfwW73c7fnBaVSqUym808g9Pf3x8XF8eTMm2IFAqF2+1Gr3Ec12g0XB1xDTtth6wNUYW8vLxjx45xRc5s6PP5ZDLZgwcPULGlpSU7O5uMZHJyEm3v7OwMCwubnp4mA0tNTeUZItoo0SbMunXr0GvaQUeGh4c3bdp05coVgnfycI0qawAYhtF6ET74ZFQ0tO7cbnddXZ1cLt+/f7/NZkMbbTbb/v375XJ5XV0dGS01a54EuSKkJkIdW67ZSKvGGicr4RlxZSFSCqyx8ZyMtB4DnPPCgwxx/tcYrs8FnjVGKpWS23t7e1UqFXr9xhtvqNVqg8Fw9uzZn3/+mazj8/kcDgd63dzcnJubS75FK6rV6o6ODqfTmZiYODk5qVKpfD5fU1PT3r17hVTw25w0OTkpkUh8Ph9tu9ls3rVrV3x8vEKhkMvlaDS4UqYO0cTEBIZhiv/I5XJUh7UjrmGnbudpWF1dHRYWduHCBYINa0OHwxEeHk4WbTab34WBWfQ7Sly7oh1lJDs7+/z582SRdfJwjaqQAPjH0G+O/CYmJnQ6nUQiQUWJRKLT6ciPLdasWRMUEiHB+IDmOgGZDWlxBpgRaxZip0CLTcjJiAQ45+cbZMha1N/5f/vtt01NTZmZmV6v12AwHD9+HG1fuXLlhg0b0Gv+vyjLy8trb29vbW3VarXR0dFqtdpkMlHvdPFX8NucZuXKlbQtOp1u+/btJpMJx/Fr164Jz93j8YSFhXV3d+M4juO4xWLBcZynI4GYDaenp5ubm69cuVJVVcXzi4QF9yjEfEeJeaNsdHTUYrGQMwTjmDxcozqvAOY1FH7vlWEYdv/+/dLSUpPJVFtbi7bU1taaTKZjx47dv3+fK2uus2O+EQrHjFN4TdaMMN5zXIwUWGMDSwv/ErSw6xiMcgl59epV8hKSCsfxxMRE2kafz6dQKMirV1qRIIiuri6NRpOfn3/t2jWCIBobG8vKyuLi4sjLIP4KfptTqVQqHMepW/7++2/qT3w4jpM/0bCmTBsimUzGevON2ZGQ6xiuhhKJpLe3lyAIrVZbWlrK7I61Ic99g/lex3CN0tTUVFhYGHkPqrOzE21nHmW0kbaFijp5mKPKc5iYP10KH3zE772ykpISmUxmMBjGxsao28fGxsrLy2UyWUlJCVfWrAn6jZBgXARwnYDUalxxMgnMiCcLkVJgjU3gyUgEPOeFBxniFr7GuN1uiURC3p8li2joCwoKhoeHrVarWq2uqakhCKK3t3f37t0dHR1jY2N2u72oqEir1ZJ7RvdwTSbTli1byI20IqJSqVQqFao/PDy8du1atVotvAL/u9RbyXV1dRqNxmKxDA8Pox+UUPPGxsbJyUmbzabT6aizjZny1NSURCLp6+tDNwpKSkqys7OtVqvD4aivr6+treXqSOAaw9+wr69PKpVaLBaBqRUVFeXn59vtdqvVunXrVnSfSvgaQ90/6ygRBKHRaIqKipxOp81my8nJQdtZjzJthzyTh3VUuQ4T88wXPvgCFRYWDgwMcL07MDBQWFjIzJonQb8REmwf0MzZSPz/Ocsf5wIy4slCpBRYY+Nqy3r0A5nzwoMMcQtfYwiCqKmpiYiIuHjxIrXY0NAgk8lOnz6tUqnWrVv39ttvo1+Xeb3empqatLS08PBwlUpVWFjodDppvVRUVFRXV5P7pxWRAwcOFBQUkMWsrCxaHf4KPO/SkvX5fJWVlQqFQiqV6nQ69IOSyWTKysqSSqVxcXEGg4H64VVfX09LmSCIqqoqcog8Hk95eXliYmJEREReXh71co3WkcA1xm/DsrKy7du3C0zN7XYXFxcrFIrExMSamhq0Lgo/36jVWEeJIIj+/v7c3FyZTJaRkXH+/Hm0nfUo0zrimTyso8pzmGgdCR/84KJlzZOg3wgJxgc06wmI0M7Z4OLKYjFT4GrLevQDn/NPZJyfLn7WmAUI5DoxLS3txo0bXEWwLIXmURYv62VwoyaQFBYt/WUwzotDsni/+RHg3r17PEWwLIXmUQ7NrEEI8v93ZT09PUePHuV6d3Z29s033/zrr78E9gePMQcAgNDhf43R6/XJyclc765atSo8PLyiokJIZ/AYcwAACCkrCILgeXt8fFylUk1PT5OPq5uZmdHr9a2trf/++y/a8scff+Tl5Y2Ojvrt7OOPP3Y6nZ9//nkgEQ8ODm7ZsoXsnYvL5WpsbDQajYH0BQAAIBB+rmPcbndERAR1gdm9e7fP56PWkcvlbrdbSGfwGHMAAAgp8/uev9Pp3LVrF3pG4XwttceYAwAAENv81pikpKT3339feP2l/BhzAAAAYhPreWVP6WPMAQAABBP/12dYv2fE9aQy5Kl+jDkAAIAgCv51TEZGhtfrffDggdFoJP+b4Q8//KDRaND/PYyJiSkoKMjOzn733XcbGhp++eUXVMflck1MTGRmZtJ2KJPJqP8wkUYqlW7cuBG9Tk9Pt9vtzDqRkZFGo7G/v9/r9WZkZASeIwAAACGCv8Y87Y8xBwAAECzBX2OMRqPNZlOpVGq1Gj0gYG5urrW1lfZXy88///zBgweNRuOFCxeuXr2KYVh0dLRcLp/vUwA8Hs/Q0BB6bbPZnnnmGWado0ePqtXquLg4m80G35gBAIBF42eNCQsLo30bhsnn80kk//fcs9jY2E8//dRqtaLvzXR1dcXFxaWkpKB37969++qrr/7000/j4+NDQ0NffPGFWq1Gb5WXlxcXF9++fXtkZOT48ePXr18XkoPBYBgZGblz505NTY1Wq0UbFQqFx+P5888/MQxzu91Wq7WhoSE2NlbIDgEAAASFnzVGpVJhGIY+qbngOM569ZCUlHT58mWMcaMsNTU1Ozu7pKQkPj4+KyvL4/E0NTWhtyorK3fs2JGbm5uamjo8PCzkdycymSwrK2vr1q05OTmZmZmVlZVoe2Rk5MmTJ9Vq9aVLly5fvpyUlOR3VwAAAILLz7NkMAx75513rFbrjz/+yPruzMxMenr6yZMnDx8+zLWHzZs3f/PNNy+++GJAkbIR+FwZAAAAT4T/NWZ2dhbH8RdeeIGrwq+//vryyy8HOzBBYI0BAIClzP8as5TBGgMAAEuZWN/zBwAAAJ7u6xgAAABLGVzHAAAAEAusMQAAAMQCawwAAACxwBoDAABALLDGAAAAEAusMQAAAMQCawwAAACxwBoDAABALLDGAAAAEAusMQAAAMQCawwAAACxwBoDAABALLDGAAAAEAusMQAAAMQCawwAAACx/A+4mnkYz/exSAAAAABJRU5ErkJggg==) --- **Screenshot:** ![cablechick.com.au vulnerability](/twimages/screen-1167887.jpg) **Mirror:** [Click here to view the mirror](<http://1167887.openbounty.org/mirror/>) ### Coordinated Disclosure Timeline Vulnerability Reported:| 21 May, 2020 19:37 GMT ---|--- Vulnerability Verified:| 21 May, 2020 19:46 GMT Website Operator Notified:| 21 May, 2020 19:46 GMT a. Using the ISO 29147 guidelines| ![](/images/done.png) ---|--- b. Using publicly available security contacts| ![](/images/done.png) c. Using Open Bug Bounty notification framework| ![](/images/done.png) d. Using security contacts provided by the researcher| ![](/images/done.png) Public Report Published [without any technical details]:| 21 May, 2020 19:46 GMT

{"id": "OBB:1167887", "type": "openbugbounty", "bulletinFamily": "bugbounty", "title": "cablechick.com.au Cross Site Scripting vulnerability ", "description": " \n\n\nOpen Bug Bounty ID: OBB-1167887\n\nFollowing coordinated and responsible vulnerability disclosure guidelines of the **[ISO 29147](<https://www.iso.org/standard/45170.html>)** standard, Open Bug Bounty has: \n\n&nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; \n&nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence.\n\nAffected Website:| **[cablechick.com.au](<https://www.cablechick.com.au>) ** \n---|--- \nOpen Bug Bounty Program:| **Create your bounty program now**. It's open and free. \nVulnerable Application:| Custom Code \nVulnerability Type:| **[XSS (Cross Site Scripting)](<https://www.owasp.org/index.php/Cross-site_Scripting_\\(XSS\\)>)** / CWE-79 \nCVSSv3 Score:| 6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N] \nDisclosure Standard:| Coordinated Disclosure based on **[ISO 29147](<https://www.iso.org/standard/45170.html>)** guidelines \nDiscovered and Reported by:| **g0bl1nsec ** \nRemediation Guide:| **[OWASP XSS Prevention Cheat Sheet](<https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.md>)** \nExport Vulnerability Data:| Bugzilla Vulnerability Data \nJIRA Vulnerability Data [ Configuration ] \nMantis Vulnerability Data \nSplunk Vulnerability Data \nXML Vulnerability Data [ XSD ] \n \nVulnerable URL:\n\n![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAAA3CAIAAABVZQ1/AAAACXBIWXMAAA7EAAAOxAGVKw4bAAAOrUlEQVR4nO3db0wT5x8A8BMrVigipa0IOMAwJMSwxrGOZWgMmsWRhlSHbjNs1kgQDTLSIaPMbIxk6FBc5hayLMzofDFfLMQQYtjC2FYZccq6o1bEDg0UKN0CjLKKpRTv9+LJLve7fz1oD5F+P6/6XJ/nnu/3uef6cAc9VhAEgQEAAAAiCHvSAQAAAFi2YI0BAAAgFlhjAAAAiAXWGAAAAGKBNQYAAIBYYI0BAAAglqW7xqSkpPT09HAVwbIUmkc5NLMGIWKJrjG3b99+/Pjxc889x1oEy1JoHuXQzBqEDj9rzODgYFRUFOtbLpfr1KlTXMUAtbS05OfncxWXGq5R4hk9kXa44B6XAvIo//PPP4cOHVIqlQkJCe+9997s7OxihjHfMQxwzIMytwXG4PckJfczODgYExMTYFTzEqwUloKnIshFs/DrmMnJybq6Oq5igJ6uNWbRJCUljY2NPekoxEIeZb1e7/V6cRzv6Ojo6ur64IMPnnRoIgrK3BY4MYJ7kgbXMkiB9FQEuWiW4r2y0dFRm822Y8cO1mKIW7169ZMOQRTkUX706JHZbP7qq68SEhI2b9587ty577777klHx0cikaSlpS2sbRDndlAmBplLIEkt2HKd2yFO0Brz2WefpaSkxMbGvvXWWy6XC8Mwl8uVnJzsdrtXrFhx6dIlavHcuXNRUVFnzpxZv359TEzMwYMHHz16hPZz69atbdu2RUVFJSQkvPbaa3fv3mXtrqWl5ZVXXlm1ahWtuGfPnjNnzqCNPT09q1evRsFgGHbkyJETJ07wV3j22Wf5m9PCmJubMxqN69evj4yM3Ldv3/j4OErhpZdeWrNmjVKp3Ldv38jICFn/k08+YaZMNTMzc/jw4aioqKSkpA8//HBubo6nI9Zhp91P4GqI3LlzJzY29vr168xIWBs+fPjwyJEjSqVy48aNH330EQoP9djQ0JCSkhIZGfn666+Pj4+fOHFCqVTGxsYeOnTo4cOHzP2zjhIteNrdGPIor1mzZmhoKDIyEm3v7++Pj4/HuCcP66jyBHDq1CmlUrlhw4avv/56XoPPJSEh4ffffyeL33//PU9lWgXqVOdKkBkhMxHq2KLXzBOQds6yxknmkpCQ8Ntvvy0gI9YsREqBNTautqxHP5A5LzzIEOd/jXG73TiOd3V13bx50+FwVFVVYRgWHR3d19cnk8k8Hk9hYSG1uGfPHrfbffPmze7u7u7ubrPZXF9fj3al1Wr1er3dbu/s7MzJyZFKpaw9ct0o02q17e3taGNra+vjx4/b2tpQsb29PS8vj7+CTqfjb04Lo76+vr29vb293WazxcfH9/b2YhhmNpuLi4udTqfVak1MTCwtLSVHqfs/1JSpamtrp6enLRZLW1ubyWT68ssveTpiHXYhESIul2vv3r2nT5/etm2bwIZlZWUOh8NsNre1tbW0tDQ2NpKp4Tje2dmJ47jD4UhPTx8bG7NYLDdu3BgYGKiurmbun2uUeLDeMrp3715FRcXZs2cx7snDOqo8h6mvr89qtV68eDEnJ2cBg69koMWs1+t37txJXXVIt27d2rlzp16vZ82aK0GuCGmJULGegLRzlifOQDJizUKkFLhi4/r8YfYY4JwXGGSoI3gNDAxgGDY1NYWKXV1dmzZtIt+SyWTUmqiImtjtdrS9ubk5KyuLIIiJiQmJROLxeJi92O325ORk9NrtdstksomJCWbR4XBERESgPWg0GoPBcODAAdTj2rVrvV4vfwW73c7fnBaVSqUym808g9Pf3x8XF8eTMm2IFAqF2+1Gr3Ec12g0XB1xDTtth6wNUYW8vLxjx45xRc5s6PP5ZDLZgwcPULGlpSU7O5uMZHJyEm3v7OwMCwubnp4mA0tNTeUZItoo0SbMunXr0GvaQUeGh4c3bdp05coVgnfycI0qawAYhtF6ET74ZFQ0tO7cbnddXZ1cLt+/f7/NZkMbbTbb/v375XJ5XV0dGS01a54EuSKkJkIdW67ZSKvGGicr4RlxZSFSCqyx8ZyMtB4DnPPCgwxx/tcYrs8FnjVGKpWS23t7e1UqFXr9xhtvqNVqg8Fw9uzZn3/+mazj8/kcDgd63dzcnJubS75FK6rV6o6ODqfTmZiYODk5qVKpfD5fU1PT3r17hVTw25w0OTkpkUh8Ph9tu9ls3rVrV3x8vEKhkMvlaDS4UqYO0cTEBIZhiv/I5XJUh7UjrmGnbudpWF1dHRYWduHCBYINa0OHwxEeHk4WbTab34WBWfQ7Sly7oh1lJDs7+/z582SRdfJwjaqQAPjH0G+O/CYmJnQ6nUQiQUWJRKLT6ciPLdasWRMUEiHB+IDmOgGZDWlxBpgRaxZip0CLTcjJiAQ45+cbZMha1N/5f/vtt01NTZmZmV6v12AwHD9+HG1fuXLlhg0b0Gv+vyjLy8trb29vbW3VarXR0dFqtdpkMlHvdPFX8NucZuXKlbQtOp1u+/btJpMJx/Fr164Jz93j8YSFhXV3d+M4juO4xWLBcZynI4GYDaenp5ubm69cuVJVVcXzi4QF9yjEfEeJeaNsdHTUYrGQMwTjmDxcozqvAOY1FH7vlWEYdv/+/dLSUpPJVFtbi7bU1taaTKZjx47dv3+fK2uus2O+EQrHjFN4TdaMMN5zXIwUWGMDSwv/ErSw6xiMcgl59epV8hKSCsfxxMRE2kafz6dQKMirV1qRIIiuri6NRpOfn3/t2jWCIBobG8vKyuLi4sjLIP4KfptTqVQqHMepW/7++2/qT3w4jpM/0bCmTBsimUzGevON2ZGQ6xiuhhKJpLe3lyAIrVZbWlrK7I61Ic99g/lex3CN0tTUVFhYGHkPqrOzE21nHmW0kbaFijp5mKPKc5iYP10KH3zE772ykpISmUxmMBjGxsao28fGxsrLy2UyWUlJCVfWrAn6jZBgXARwnYDUalxxMgnMiCcLkVJgjU3gyUgEPOeFBxniFr7GuN1uiURC3p8li2joCwoKhoeHrVarWq2uqakhCKK3t3f37t0dHR1jY2N2u72oqEir1ZJ7RvdwTSbTli1byI20IqJSqVQqFao/PDy8du1atVotvAL/u9RbyXV1dRqNxmKxDA8Pox+UUPPGxsbJyUmbzabT6aizjZny1NSURCLp6+tDNwpKSkqys7OtVqvD4aivr6+treXqSOAaw9+wr69PKpVaLBaBqRUVFeXn59vtdqvVunXrVnSfSvgaQ90/6ygRBKHRaIqKipxOp81my8nJQdtZjzJthzyTh3VUuQ4T88wXPvgCFRYWDgwMcL07MDBQWFjIzJonQb8REmwf0MzZSPz/Ocsf5wIy4slCpBRYY+Nqy3r0A5nzwoMMcQtfYwiCqKmpiYiIuHjxIrXY0NAgk8lOnz6tUqnWrVv39ttvo1+Xeb3empqatLS08PBwlUpVWFjodDppvVRUVFRXV5P7pxWRAwcOFBQUkMWsrCxaHf4KPO/SkvX5fJWVlQqFQiqV6nQ69IOSyWTKysqSSqVxcXEGg4H64VVfX09LmSCIqqoqcog8Hk95eXliYmJEREReXh71co3WkcA1xm/DsrKy7du3C0zN7XYXFxcrFIrExMSamhq0Lgo/36jVWEeJIIj+/v7c3FyZTJaRkXH+/Hm0nfUo0zrimTyso8pzmGgdCR/84KJlzZOg3wgJxgc06wmI0M7Z4OLKYjFT4GrLevQDn/NPZJyfLn7WmAUI5DoxLS3txo0bXEWwLIXmURYv62VwoyaQFBYt/WUwzotDsni/+RHg3r17PEWwLIXmUQ7NrEEI8v93ZT09PUePHuV6d3Z29s033/zrr78E9gePMQcAgNDhf43R6/XJyclc765atSo8PLyiokJIZ/AYcwAACCkrCILgeXt8fFylUk1PT5OPq5uZmdHr9a2trf/++y/a8scff+Tl5Y2Ojvrt7OOPP3Y6nZ9//nkgEQ8ODm7ZsoXsnYvL5WpsbDQajYH0BQAAIBB+rmPcbndERAR1gdm9e7fP56PWkcvlbrdbSGfwGHMAAAgp8/uev9Pp3LVrF3pG4XwttceYAwAAENv81pikpKT3339feP2l/BhzAAAAYhPreWVP6WPMAQAABBP/12dYv2fE9aQy5Kl+jDkAAIAgCv51TEZGhtfrffDggdFoJP+b4Q8//KDRaND/PYyJiSkoKMjOzn733XcbGhp++eUXVMflck1MTGRmZtJ2KJPJqP8wkUYqlW7cuBG9Tk9Pt9vtzDqRkZFGo7G/v9/r9WZkZASeIwAAACGCv8Y87Y8xBwAAECzBX2OMRqPNZlOpVGq1Gj0gYG5urrW1lfZXy88///zBgweNRuOFCxeuXr2KYVh0dLRcLp/vUwA8Hs/Q0BB6bbPZnnnmGWado0ePqtXquLg4m80G35gBAIBF42eNCQsLo30bhsnn80kk//fcs9jY2E8//dRqtaLvzXR1dcXFxaWkpKB37969++qrr/7000/j4+NDQ0NffPGFWq1Gb5WXlxcXF9++fXtkZOT48ePXr18XkoPBYBgZGblz505NTY1Wq0UbFQqFx+P5888/MQxzu91Wq7WhoSE2NlbIDgEAAASFnzVGpVJhGIY+qbngOM569ZCUlHT58mWMcaMsNTU1Ozu7pKQkPj4+KyvL4/E0NTWhtyorK3fs2JGbm5uamjo8PCzkdycymSwrK2vr1q05OTmZmZmVlZVoe2Rk5MmTJ9Vq9aVLly5fvpyUlOR3VwAAAILLz7NkMAx75513rFbrjz/+yPruzMxMenr6yZMnDx8+zLWHzZs3f/PNNy+++GJAkbIR+FwZAAAAT4T/NWZ2dhbH8RdeeIGrwq+//vryyy8HOzBBYI0BAIClzP8as5TBGgMAAEuZWN/zBwAAAJ7u6xgAAABLGVzHAAAAEAusMQAAAMQCawwAAACxwBoDAABALLDGAAAAEAusMQAAAMQCawwAAACxwBoDAABALLDGAAAAEAusMQAAAMQCawwAAACxwBoDAABALLDGAAAAEAusMQAAAMQCawwAAACx/A+4mnkYz/exSAAAAABJRU5ErkJggg==) \n--- \n \n**Screenshot:** ![cablechick.com.au vulnerability](/twimages/screen-1167887.jpg)\n\n**Mirror:** [Click here to view the mirror](<http://1167887.openbounty.org/mirror/>)\n\n### Coordinated Disclosure Timeline\n\nVulnerability Reported:| 21 May, 2020 19:37 GMT \n---|--- \nVulnerability Verified:| 21 May, 2020 19:46 GMT \nWebsite Operator Notified:| 21 May, 2020 19:46 GMT \na. Using the ISO 29147 guidelines| ![](/images/done.png) \n---|--- \nb. Using publicly available security contacts| ![](/images/done.png) \nc. Using Open Bug Bounty notification framework| ![](/images/done.png) \nd. Using security contacts provided by the researcher| ![](/images/done.png) \nPublic Report Published \n[without any technical details]:| 21 May, 2020 19:46 GMT\n", "published": "2020-05-21T19:37:00", "modified": "2020-08-19T19:37:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://www.openbugbounty.org/reports/1167887/", "reporter": "g0bl1nsec", "references": [], "cvelist": [], "lastseen": "2020-08-20T01:04:08", "viewCount": 8, "enchantments": {"dependencies": {}, "score": {"value": 0.6, "vector": "NONE"}, "backreferences": {}, "exploitation": null, "vulnersScore": 0.6}, "openbugbounty": {"patchStatus": "unpatched", "mirror": "http://1167887.openbounty.org/mirror/"}, "immutableFields": [], "cvss2": {}, "cvss3": {}, "_state": {"dependencies": 1645526904, "score": 1684000741, "epss": 1678948511}, "_internal": {"score_hash": "5d83ac9a978138f081a23a1f7e00c661"}}