logo
DATABASE RESOURCES PRICING ABOUT US

louisianabaptists.org Cross Site Scripting vulnerability OBB-1167928

Description

Following coordinated and responsible vulnerability disclosure guidelines of the **[ISO 29147](<https://www.iso.org/standard/45170.html>)** standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence. Affected Website:| **[louisianabaptists.org](<https://louisianabaptists.org>) ** ---|--- Open Bug Bounty Program:| **Create your bounty program now**. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| **[XSS (Cross Site Scripting)](<https://www.owasp.org/index.php/Cross-site_Scripting_\(XSS\)>)** / CWE-79 CVSSv3 Score:| 6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N] Disclosure Standard:| Coordinated Disclosure based on **[ISO 29147](<https://www.iso.org/standard/45170.html>)** guidelines Discovered and Reported by:| **g0bl1nsec ** Remediation Guide:| **[OWASP XSS Prevention Cheat Sheet](<https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.md>)** Export Vulnerability Data:| Bugzilla Vulnerability Data JIRA Vulnerability Data [ Configuration ] Mantis Vulnerability Data Splunk Vulnerability Data XML Vulnerability Data [ XSD ] Vulnerable URL: ![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAAA3CAIAAABVZQ1/AAAACXBIWXMAAA7EAAAOxAGVKw4bAAAQBUlEQVR4nO2df0wb5RvAb1BYgeM3dF3byY8YRghBoogsohJmzMSGkMkAEQfbyGTLwAbnXNFERGUTB+qyEGO2ZZolmoUQQoyZy9RYCdkYYscqq7WrpUCpWH7abaUr3PePN7nc9371Wih02/P56967597neZ/nvT699717bwNBEBgAAAAA+IGg9TYAAAAAeGCBHAMAAAD4C8gxAAAAgL+AHAMAAAD4C8gxAAAAgL+AHAMAAAD4i8DNMSkpKdevX+cqAoFJAIYpAE162IAQPMwEaI65cePG8vLyY489xloEApMADFMAmvSwASF4yPGQY0ZHRyMjI1kPzc/PHzt2jKu4Qnp7e4uLi2lFHmM84vHclVTu7wqpvhVS7erGQji0qK0BHr2xNiZRHT47O7tnz57ExES5XP7222/fu3dvLbX7gxX25FUJwap0e7KS0dHR2NjYFZoECIXgxWw24zgu5BCPpA/k5uZeunSJVlyhCqfTuUIBr1hFh9Cq8mjn6sZCOLSorQEeW7o2JlHNKC4urqysHB8f1+v1+fn5R48eXUvtAVj/aoVg5d2eFDCbzTExMSs3CRBCII6VTU5OGgyGgoIC1qLPbNy4cYUCAUJg2rlaYVpF1t6ku3fvDg0Nffnll3K5fOvWrR0dHV1dXWum3U+IRKK0tDTfzl3FEKy825MNWUmLAG8RlGM+//zzlJSU+Pj41157bX5+HsOw+fn55ORkh8OxYcOGr776ilrs6OiIjIz85JNPNm3aFBsbW11dfffuXVTPtWvXnnnmmcjISLlc/vLLL9+8eZNVXW9v7wsvvBASEsJaJLl9+/brr7+emJi4ZcuW999/f2lpCWPcU5M3xbT9TEuYAtu2bQsLC0tMTNy1a9fExAQSaG9vT0lJiY2NffXVV5EruOTR/o8//pjVD0xhVD/TbzRXU+1k9SdNXojbmZ5EWo4dO5aYmLh58+YzZ84gycnJyZdeeikyMjIlJaW9vZ064EANE6vGxcXFffv2RUZGJiUlvffeeyhePK6maV9aWlKr1Zs2bYqIiNi1a9f09DRP/2SaxKq9vLz8o48+IuW3bduGPMYU5ok+1eEXLlwYGxuLiIhAh4xGo0wmQ9vMOoVrJ7sH0wBauFnr5OlvzBAzkcvlv/32G9r+4YcfuMRYBTz2CtawMm2jDnMJuUxYTSUbIpfLr169KrBFwErhv80xm80YhtXU1FitVqPRWFhYWFdXhw7p9Xocx51Op9vtphZNJhOGYaWlpRaLxWg0ZmZmNjc3o1MkEsnp06dnZmZMJlNHR4fJZGJVWlRUdP78eWaRdi+8d+9epVJpsVh0Ot3jjz9+8uRJpgx5U0zbz7SEJvDFF1+cPXt2bm7OZrOpVKqSkhLkit27d1utVoPBkJ+ff/DgQY/yrH5gCpOuZpWnuppqJ5c/aaHx6HamJ8nG2my2ixcv6vV6JLlz586SkhKbzWY0GrOysqgDDtSosWpsamqqqKgwmUwjIyMFBQWnTp3y6Gqq9tbW1pycnOHh4fHx8YaGBo1Gw98/aSaxau/q6srJyUECVqtVLBbPzc2xCvNHn+ZwcqdMJhsYGOAyQLh2sqWsBlC1s9bJ099oTk5gQOsqUqm0sLBwcHCQYDAwMFBYWCiVSqk7PfYKnrBSbaMOcwm5TPhNFdgiYFUQlGMWFhZQsb+/PzU1lTzEOh+DTrFYLGh/d3c36vQzMzMikYh1UNVisSQnJ6Nth8OB4/jMzAyzSNXodrtxHCd/Lnt7e/Py8litYuYYVkt4BnONRqNUKqW5oq+vj3QFjzzTD6zCPH6j2UZu8/jTY2OpsHoSGUNGgZQUi8WkZHd3N5ljqGHi0piQkOBwONC2VqvNzc3l8gardolEMjQ0xGwpV/+kdSRW7Xfu3ImKikI+7+zsLC4u5hLmjz6z84yPj6empn777bc8zReundlSqgFU7Vx10jxMVkhz8jgD2ukOh6O1tTUuLq6srMxgMKCdBoOhrKwsLi6utbWVtJwQ1it4wkq1zePPC8GIAqupTASKAT4j8nijg+M4OTgjk8lmZmY8niIWi7ds2YK209PTLRYLhmGxsbGlpaV5eXmFhYUymSwnJ+e5554jq+3v70fbly5dys3NJQdhaEWSqakpl8uVkpJCakGdTwg8lpD8/vvvR44cGRkZcblcy8vLy8vLNFcoFAqqK1jlWf3AJcwj73MrhIhxeRLHcZrbp6amlpeXqZLkIWqYWDXOzs7a7fbk5GQkv7y8LBKJ+F1N1T4/Pz8zM5OVlcVsIFf/pJrEpT0sLKyoqKinp6e+vr67u7umpoZHmCf6TEpLS1UqVXl5OSqy1umVdoEGsNbJ1d+YIZbL5TyNwjAsIiJCrVbX1dXt3bs3IyMDPTWXkZGhVCpNJlN0dDRV2GOv4A8r16NfAi8TVlN9FgN8Zk3n/L/55pvTp09nZWW5XK7Gxsb6+nq0Pzg4ePPmzWib9anlNbOEpKSk5Nlnn9VoNFqt9vvvv/dYoVfy3lbucyu8ElsJtDAxNTqdzqCgoMHBQa1Wq9Vqh4eHtVotEhbujeDgYN9M4tFeVlbW09MzOzs7MDCA5HmEBTI5OTk8PEz1M1ed/tDOrFO4hxMZMGVu3bp16NAhjUbT0tKC9rS0tGg0moMHD966dYsq6bFXoP1ehdUrmKauRAzwEf7bHK6hJ9ZDrDezPT09rGNEWq1WoVDQdrrd7oSEBHI0hlYUMla2sLAQFBREHVJgnY9hWkIVmJqaEolEVIGYmBgeV3DJs/qBVZjfb6xjZTz+9NhY6h6usTJmDWiszGw2oyI5VkYLE5dGHMeZoyJCXI2QSCRarZa2kysoTJNYtRME4XQ64+LiPvvss507d/II80SfedTtdjO9wWqAQO38BjAfbafWydPfmE72OFZWV1eH43hjY6Pdbqfut9vtKpUKx3FyPkxgrxASVkLYzwvtLC5TBbYIWC18zzEOh0MkEpEjmGSRnJQbHx/X6XTZ2dloUm5kZGTHjh0//fST3W63WCy1tbVKpZKsGQ3UajSazMxMcietuLCwIBKJ9Ho9mtOrra0tLi6mzfkTBJGbm1tbW2uz2dDUKPOKYrWE+VBAZ2fn3NycwWAoKSnhzzFc8qx+YBUmKJOZTHmqq0kzePxJlecSo46MMz3JlaVKS0vRnLxOpyPn/Glh4tJYV1eXl5en0+msVmtbW1tLS4tAVyNaW1tzc3PR5DD610lw90+aSTzaCYKorKyMioq6cOECjzB/9GnXAsH2MgeXAUK087SUVTutTq7+5sNbL1VVVeSfDCZms7mqqgptC+wVQsJKMHKMx8vEo6kCWwSsHN9zDEEQzc3N4eHh586doxbb29txHD9+/LhEIomJidm9e/edO3cIgnC5XM3NzWlpaaGhoRKJpKqqymaz0bQcPny4qamJrJ9WJAji6NGjpEaHw7F///6EhASFQtHc3Ew+0oOeL8JxPCMj4+TJk8writUSWks1Gk1OTo5YLJZKpY2NjR5zDJd8W1sbzQ+swqSFTL/RXE2aweNPqryQxjI9yfUDZLPZlEoljuPJycnHjx9HltPCxGWY0+lUqVQKhSI8PLyoqIj8h+vR1Qi3233kyJGEhASxWFxSUoL+dXIFhdlzuLQTBNHT04PjONXbTGH+6BP/fy0wj/IYIEQ7T0uZ2pl18vQ3wm8I7BVCwkr8f44Rcpn4r12At3jIMT6wkr6blpZ25coVruKDjb+v+VVHr9dLJBIiIMMUgCY9bPgpBPfdZQJ4fq5sLfnzzz95ikBAodVqU1NTsYAMUwCa9LABIQAQgbiWzH3K9evXDxw4wCNw7969V1555Z9//hFYYQCuiP7BBx+cOXPm33//vXr1alNTU11d3XpbBABAQAM5ZtWoqakhX2tgJSQkJDQ09PDhw0JqC8wV0QsKCjo7OxUKRVVVVUNDQ3V19XpbBABAYLP2w3NCRlTn5uZaW1vXxh6foRppt9uDgoKoTxM5nc6KigpaS4eGhmiLbXDx4YcfHjp0aIUWPjCuBgDgPmUd7mOSkpLsdju/DPrhWxt7fIZqpMPhCA8PJ5eGXVxc3LFjh9vtpp0SFxfncDiEVL4qL58+MK4GAOA+ZX3GygJzdfpVxGazPf/88ydOnPDt9IBaER0AAMBnvMsx5DrY675MN9e5rCuW83wFAC2WHhERUV5ePj09/dZbbyUmJsbHx+/Zs+f27dteGUklKSnpnXfe8cGxiIBaER0AAMBnhOaYa9eubd++HS2xh2GYUqmsqamxWCx9fX35+flisRjDsLa2tsuXL1++fNlgMMhkspGRESTscDj0er1Opzt37lx+fj61WofDMTAwMDg4ODg4ODQ01NbWhmFYdHQ0uUx3VVUVhmE1NTXbt28nP2LBcy6ruoaGBqvVOjQ0dPHixd7e3s7OTlJSq9X29fVptVqr1Zqenm6324eHh69cuWI2m5uamrwy0jdojkVQB8oCwdUAAAA+4nHGhrlwdyAs0811LlMdz1cAMAxDX+wgCKKvry8oKIh8Z7i/v//RRx8VbiTr7DrP68qsjiUbG/grogMAAAjB831MRkaGy+UymUxqtRp94I9cpvvNN99sb2//5ZdfME+rr6/KMt1Go9HlcmVkZPCfS1PH8xUAHMfJ1cgVCkVUVFRYWBgqymQycrbcqyX3hcN0LIJ1RfT1dTUAAIBveM4xrAt3B+wy3fcR9/uK6AAAAB7xnGPUarXBYJBIJNnZ2dT32J944onq6mq1Wn327Nmenp7o6Oi4uDhv30t3Op1jY2No22AwPPLII6xiBw4cyM7OlkqlBoNBrVZ7da5EIgkNDf37779RUa/X878p6bOR3sLq2KWlpe+++4721PK6uxoAAMA3BM35x8fHf/rppzqdDr3bcfPmzRdffPHnn3+enp4eGxs7depUdnY2hmEqlWr//v03btyYmJior6//9ddfhVTe2Ng4MTHxxx9/NDc3K5VKtDMhIcHpdP7111+o6HA4dDpde3t7fHy8x3NpBAcHV1RUqFSqsbExJFlZWSnEMK+MDAoKYr4Nw8TtdpOfNcQYjsUwrL+/XyqVkiN7geNqAAAAX/BhDicQlunmOpd17p31KwAevzrl1ZL7TqdTLBbTJsmZxnR1dWVlZfH4FlZEBwDgQWIDQRDrld5GR0czMzP/+++/NT7XT4reeOMNnU73448/cgksLi6mp6e/++67+/bt45LZunXr119//dRTT/loLgdr5i4AAAAqgbW2/33NiRMn+D+9vnHjxvPnzz/99NM8MrAiOgAADxKw7vKqERIS8uSTT/LL8CcYAACABwzIMQAAAIC/WM/5GAAAAODBBu5jAAAAAH8BOQYAAADwF5BjAAAAAH8BOQYAAADwF5BjAAAAAH8BOQYAAADwF5BjAAAAAH8BOQYAAADwF5BjAAAAAH8BOQYAAADwF5BjAAAAAH8BOQYAAADwF5BjAAAAAH8BOQYAAADwF5BjAAAAAH/xP+9KFalsjWkAAAAAAElFTkSuQmCC) --- **Screenshot:** ![louisianabaptists.org vulnerability](/twimages/screen-1167928.jpg) **Mirror:** [Click here to view the mirror](<http://1167928.openbounty.org/mirror/>) ### Coordinated Disclosure Timeline Vulnerability Reported:| 21 May, 2020 19:43 GMT ---|--- Vulnerability Verified:| 21 May, 2020 19:57 GMT Website Operator Notified:| 21 May, 2020 19:57 GMT a. Using the ISO 29147 guidelines| ![](/images/done.png) ---|--- b. Using publicly available security contacts| ![](/images/done.png) c. Using Open Bug Bounty notification framework| ![](/images/done.png) d. Using security contacts provided by the researcher| ![](/images/done.png) Public Report Published [without any technical details]:| 21 May, 2020 19:57 GMT