logo
DATABASE RESOURCES PRICING ABOUT US

sokol-fitnes.com.ua Cross Site Scripting vulnerability

Description

Open Bug Bounty ID: OBB-1170421 Following coordinated and responsible vulnerability disclosure guidelines of the **[ISO 29147](<https://www.iso.org/standard/45170.html>)** standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence. Affected Website:| **[sokol-fitnes.com.ua](<http://sokol-fitnes.com.ua>) ** ---|--- Open Bug Bounty Program:| **Create your bounty program now**. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| **[XSS (Cross Site Scripting)](<https://www.owasp.org/index.php/Cross-site_Scripting_\(XSS\)>)** / CWE-79 CVSSv3 Score:| 6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N] Disclosure Standard:| Coordinated Disclosure based on **[ISO 29147](<https://www.iso.org/standard/45170.html>)** guidelines Discovered and Reported by:| **geeknik ** Remediation Guide:| **[OWASP XSS Prevention Cheat Sheet](<https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.md>)** Export Vulnerability Data:| Bugzilla Vulnerability Data JIRA Vulnerability Data [ Configuration ] Mantis Vulnerability Data Splunk Vulnerability Data XML Vulnerability Data [ XSD ] Vulnerable URL: ![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAAA3CAIAAABVZQ1/AAAACXBIWXMAAA7EAAAOxAGVKw4bAAAPAklEQVR4nO2df0wb5R/Hb12HBQ7HrxYGXaDLgoQQNAtBTNic26ILNqQyhhrRoZJJCC5IdGGQIKJhiGKUzMU/ZrLxj/vDEEOIQUI0qYTMgazWitgwLA2yBgtSvCGwjvv+cfk+Oe+e5+kVeh4bn9dffZ7efe7zeT63fejn2vezg+d5BgAAAABUQKe1AwAAAMB9C9QYAAAAQC2gxgAAAABqATUGAAAAUAuoMQAAAIBaQI0BAAAA1GJL1BiLxfLTTz+RhoDmQEYAANgY2teYn3/+eX19/eGHH8YOAc2BjAAAsGFC1Jjp6em4uDjsW4FA4Pz586Shcnp7e0tKSkhDJVCc3PDxb7zxRnR09JUrV8QHbzjGexpxRtCyhGVBvIbo9fT0dEJCQmRdVe4Ghe2ZZQBQC56Kx+NhWVbJW5Qj6RQUFAwMDJCGSgj30iGP9/v9Op3O4XAEg0Ge51dWVjZ2ofsDlBHJsihHvG7otcfjiY+Pj7i3dFAqKWzPLAOASui1rXC3bt1yu92HDx/GDrWC47iYmBjUHXrggQe09UdDxBmRLIty9Hp9VlaW5LV48j9jO6cSADRB0fOYTz75xGKxJCUlvfjii4FAgGGYQCCQmZnJcdyOHTuuXLkiHn700UdxcXEffPBBSkpKQkLCqVOn/vnnH5Ll3t7eJ598cteuXfLhyMjIwYMH4+Li0tPTT5w48euvvzIMc/v27ddee81oNO7du/edd965e/euxOAvv/ySlJT0/fffC8OQx8uZn58Xh4YaLJKQhfnOzk6LxZKQkPDCCy8IK8MwzOrq6quvvhoXF5eRkfH222+ji2IjEnP37t1z586lpKTExsaePHlyfn6eFIL46rGxsc8+++z8/Pxbb71lNBqTkpJefvnl27dvS4xLOkXiVtXIyMhjjz0WHR1tNBpPnjz5xx9/yBMkWRaSY9jJ9PT0H3/8UTCIXqenp//www/C5DfffENPCjqAtIbypRPiPX/+vNFo3LNnz+effy5v2cnvUkmW6V4BABCS0DWG4ziHwzE8PHz9+vXZ2dmGhgaGYXbv3j0xMcGy7MrKSkVFhXj4zDPPcBx3/fr10dHR0dHRsbGxjo4OknHKwxir1VpZWen1eoeGhoqKigwGA8MwZ86cmZ2dHRsb6+/v7+3tvXjxothaIBAoLS1tb28/ePCgMEM/HktSUpI4NDQvCVlYGafTKayM1+ttbGwUjmxtbV1eXnY6nf39/Xa7/bPPPqNEJKajo2NwcHBwcNDtdqelpY2Pj1NCEPIyNDTkcDhmZ2ezs7P9fr/T6bx27ZrH40HOKGFsbOz06dM+n8/lcpnN5traWvQWyoh8WbCObWDBGYaprKw8evQoqkNiRkZGjh49WllZSV9D7NJxHDcxMeFyuS5fvlxUVCSxjL1L5VkGAGBT0FtpHo+HYZilpSVhODw8vG/fPvQW9nmMcIrX6xXme3p68vPzhdderzczMxOdwnEcy7ILCwvy4cLCgl6vl3TPg8Egy7JTU1PCsLe3t7CwUHzp4uLimpoa5cdTopY/P5C/Fq/M0NAQWpnk5GSO44TXDoejoKCAFJEEk8k0NjamMGSGYRYXF9HVdTrd8vKyMBweHt6/fz8lKJ78OGRycjI1NVV4LUmQ2ALWMZK3IeE4rq2tLTExsby83O12C5Nut7u8vDwxMbGtrU1YT8oaypdOWCLkPI9LH/YuhecxABBBQj+PYVkWdRjS0tIWFhZCnmIwGPbu3Su8zs7O9nq96PTh4WF02MDAQEFBAerYiIcJCQllZWWFhYVHjhxJS0vLz89//PHH5+bm1tbWLBYLsiz8TyHQ1NTU399/6dIlNEM/HmE0GtHrP//8M2R0CPHKmM1mYWX++usvv9+fmZkpzK+vr+v1elJEYmuBQGBhYSEvL088SQmBZdndu3ejqz/44IPR0dHCMC0tze/3Kw/kxo0bZ8+eHR8fX1tbW19fX19fF+YlCQrpmMIFlxMbG3vu3Lnq6upXXnklJyfnzp07DMPk5ORYrdapqSkUJmkNsUvHMAzLspSvrpHuUgAAIsh/+vuYnTt37tmzBw3p31r+4osvLl26lJeXt7a2Vl9f//rrr1MsLy8v9/T0XL16taGhAT0XUYhDRFgnYllZWdHpdKOjo4JBp9OJzCqJaOfOnZv3IVxsNtuhQ4fsdrvD4fj666/R/Aa+R75hbt68WVtba7fbW1tbhZnW1la73V5TU3Pz5k10GGUNNVk6AABCQP+YQ2mwKOyVffXVV6gLISYYDCYnJ6O+imQoweFwmM1mSuNIr9ePj4/zPG+1Wmtra5FNVXtlpJVhWVbStyFFJJk0mUwOh0M8ozAESeML2wdbWlrS6XTi5p5wzNzcnF6vFzsmzMszol6vrLq6mmXZ+vp6v98vnvf7/XV1dSzLVldXy88Sr6F86eRZpvTKxHcp9MoAIIJsvMZwHKfX61H3HA2Ff71lZWUzMzMul+uRRx5paWlBFlAz3W635+bmonnJcHx8/Pjx499++63f7/d6vVVVVVarlef5qqqqkpISr9frcrkOHDjQ1dUlcXJiYsJgMDidTmGIPX5paUmv109MTJB+50GqJeKQKStTXV1dWFjocrlmZ2c7OjpaW1spEYmfLrS1tRUUFDidzpmZGeGPeiUh89QaI7ZfUFBQVVXl8/ncbndRURE6xmQyXbx4cXFx0e1222w2YV6SEflFsY5hJ0NSUVHh8XhI73o8noqKCsoaYpdOSY3B3qWSGxsAgM2w8RrD83xLS0tMTMzly5fFw87OTpZl29vbTSZTfHz8Sy+9hJ5Fi629+eabjY2NyJRkuLa21tLSkpWVFRUVZTKZKioqfD4fz/Mcx50+fTo5OdlsNre0tAhFQuLkmTNnDh06JLzGHs/zfENDg9hzStQS4yhkysqsrKzU1dWZzeaYmJji4mLh73psRBIjwWDw7NmzycnJBoPBZrMJf9QrCZlUYySHTU5OHjlyhGXZnJycrq4udIrdbs/PzzcYDKmpqfX19cK8JCNya1jHSAseEUh3BXbpQtYY0l3Ky25sAAA2zA6e5yPbfJuens7Nzf3777/phz300EPd3d2PPvoodghozv2dEYV3KQAAm0Sz3/n/9ttvlCGgOZARAAA2j8a6y6DqvwXRPAuaOwAAQKTQssaAqv8WRPMsaO4AAAARJPI1JiMjQ2Gbe/Oq/hsg3I0A1LZDQROReXEWVldXn3/+eUqYaixCRG6DkI5lZGTMzMyovbwabmQAAFsELT/HaFJj7iEWFxfb2tr+44uiLKyurh4/fjwYDFIOzsjICEtQICwHNoMSxzRZXgDYbmhWY7amqv82R5wFn8937NixDz/8kH5KZNXyI3gbbAUZf203MgCArUDoGiNXU5erpjMEXXoKFFV/ipo9dssAuZY+RXhf4P3335fYoUjf37p16+mnn46Li7NYLJ2dneKmh9wO3X+5fZKrEpH5Tz/99KmnnkKnNzU1nTp1SrKk8utiM0UJR5yFjIyMpqYmehLFQWFV95WL9ssdwBpUouHP/LtJpVDDX7mrv//+e2xs7I0bNxiGmZ+fT0hI+O6777CnYDcyAIBtRegag1VTl6umY8XVjTKQWUqjjKJmj90yAKulTxLeF94a/T/0rQcEamtro6KiJicnBwcHu7u7Q9oJV98e66pEZN5ms9ntdvSgq7e3t7S0VGIHe115pkjhyJMSFtj7RLlov9wBrEH1NPyVu2qxWBobG+vq6hiGaW5uLi4ufuKJJxjq3Q4A2xf6TzSxaupy1XQeJ67O8/yMDGGeoupPV7PHirHLtfQpwvskO6RfzgeDQYPBgPzp6elBP6HH2glXYYzuqviUwsLCL7/8Es0r2fhAnilSOPKkYH2QgN4lqe4rFO2XO0AyqETDX+yYcg3/sFxdW1vLzs5uaWlJTk5GWgOkux0AtjMhfoNJUlOXqKaTxNXT09OxZimq/hR9eKwYO0lLHyu8T7FDYm5ubn19XewP3c4G9O0proqx2Wx9fX0nTpzo6+srLi6WPG8gXVeSKUo4FCX/kJDuE4Wi/XIHsAZV1fAPy9Vdu3ZduHDh2LFjXV1dKSkpwiTpbgeA7UzoXplyjX25uDqpexDBb5RRtPTvM0pLSwXh/b6+PnmjbPNs8gtdpPtEoWi/3AGSQfU0/JW7yjCMz+fT6XQ+nw/NQK8MADCE9alHUFPH9k/k4uo8oXtAV/VX2CsTi7HLtfTpWxJg7ZCk74XmElIFJvXKkB2S/yT7yndP4Hk+Nzd3cHAwPj4e2UGQemUSC6RwSHsrKOyVSUCq+8pF+5Vs7sAr0/Dnyb0yioZ/WPsLLC4upqamXr16NTExUdhUgodeGQDgCFFjsGrq2H/VWF16LHRVf56sZs8QxNjlWvohawzWDkn6vqyszGazeTwel8uVl5cnrjFYOyR9e6x95bsn8Dzf3Nycl5eHBO35f0v3y6+LzRQ2HHkWkD8SC+IrondJqvsKRfvlDpAMKtHw52U1RomGv3JXeZ6vqakpLy/nef699947fPgw6SwAAELUGCWK9AJYXXosdFV/nqpmjxVjl2vph/xw0NHRIbdDkr73+XxWq5Vl2czMzPb2dnFtwNoh6dtj7Ye1e4LQBkTDkGL72Exhw5FnAXsJ0pCiuq8QhZs7KNHw5/9dYyKu4T86OsqyrPDZaGVlJTMzs7u7OywLALB9CK9XFhGysrKuXbtGGpLYIrsTTkxMmEwmra7OcZzBYJB8h2ozoHAUZkFCBJOyMQdCskVuGwDYtmig7X9Pq/o7HI59+/ZpdfWBgYGioqIIKl+hcDTPguYOAACgBprtH3MP8e6776alpZWUlExNTTU2NjY3N2viRiAQuHDhwnPPPbdJO5EK586dO8PDw2azeZP+AABwP6P1BymlaNj0sNvtBw4ciIqK2r9//8cff6yJDzzPR0VFlZaWyn+WGC6RCqeysjIxMbGnp2eT/qgK9MoAQFsiv9cyAAAAAAhovA8mAAAAcB8DNQYAAABQC6gxAAAAgFpAjQEAAADUAmoMAAAAoBZQYwAAAAC1gBoDAAAAqAXUGAAAAEAtoMYAAAAAagE1BgAAAFALqDEAAACAWkCNAQAAANQCagwAAACgFlBjAAAAALWAGgMAAACoxf8AIS5fLFuVU1MAAAAASUVORK5CYII=) --- **Screenshot:** ![sokol-fitnes.com.ua vulnerability](/twimages/screen-1170421.jpg) **Mirror:** [Click here to view the mirror](<http://1170421.openbounty.org/mirror/>) ### Coordinated Disclosure Timeline Vulnerability Reported:| 23 May, 2020 16:54 GMT ---|--- Vulnerability Verified:| 23 May, 2020 17:10 GMT Website Operator Notified:| 23 May, 2020 17:10 GMT a. Using the ISO 29147 guidelines| ![](/images/done.png) ---|--- b. Using publicly available security contacts| ![](/images/done.png) c. Using Open Bug Bounty notification framework| ![](/images/done.png) d. Using security contacts provided by the researcher| ![](/images/done.png) Public Report Published [without any technical details]:| 23 May, 2020 17:10 GMT