logo
DATABASE RESOURCES PRICING ABOUT US

pastposters.com Cross Site Scripting vulnerability

Description

Open Bug Bounty ID: OBB-1171334 Following coordinated and responsible vulnerability disclosure guidelines of the **[ISO 29147](<https://www.iso.org/standard/45170.html>)** standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence. Affected Website:| **[pastposters.com](<https://www.pastposters.com>) ** ---|--- Open Bug Bounty Program:| **Create your bounty program now**. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| **[XSS (Cross Site Scripting)](<https://www.owasp.org/index.php/Cross-site_Scripting_\(XSS\)>)** / CWE-79 CVSSv3 Score:| 6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N] Disclosure Standard:| Coordinated Disclosure based on **[ISO 29147](<https://www.iso.org/standard/45170.html>)** guidelines Discovered and Reported by:| **10Harshjoshi ** Remediation Guide:| **[OWASP XSS Prevention Cheat Sheet](<https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.md>)** Export Vulnerability Data:| Bugzilla Vulnerability Data JIRA Vulnerability Data [ Configuration ] Mantis Vulnerability Data Splunk Vulnerability Data XML Vulnerability Data [ XSD ] Vulnerable URL: ![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAAA3CAIAAABVZQ1/AAAACXBIWXMAAA7EAAAOxAGVKw4bAAAVlUlEQVR4nO2df0wT5xvAT6ys1vJztfJLKM4Uw0iHjBFU5ggzjhBCug0ZEqadI4QRwhpCHOLCSP+ojjHjnDOEsaVLmPMPYgxZCJrGOEI6gsgqNhVJR2rTVWQVARusWLnvH2++l9u9d9ejUAF9Pn/13nvf533e53nfe+/ee/vcOpIkCQAAAAAIAiErrQAAAADwwgJzDAAAABAsYI4BAAAAggXMMQAAAECwgDkGAAAACBYwxwAAAADBYvXOMcnJyTdv3uQ6BNYc4EHgZQD6OYNVOsfcunVrYWHhjTfeYD0E1hzgQeBlAPo5jp855u7du2FhYaynZmZmTpw4wXW4RLq7u4uKirgO1xDLa5bgyQw2QfUgo5cui314ej4PDx8+/OSTTzZv3hwfH//FF188ffp0uSq9e/duVFQUf/EnT54cPHgQl/DHH3/s3Llz06ZNu3btunXr1qJU8kvA1hZi4cV6gcpPL0hP9GvDJbJ2r1TBI/DnmOnpab1ez3W4RF6YOWZ5zRI8mcHmeXpwBe2j0Wjm5+fNZvPVq1dNJlNTU9Nzq/rJkyf5+fk+nw8/VVpa2tzc7HQ68/Pzjxw5srz1rsXeGDzW7pUqeKzGtbJ79+6NjY3l5uayHgJrjpfEg48fPx4eHm5vb4+Pj09JSTl16lRXV9dzq31iYmLfvn2tra34KZ/Pl5mZGRUVlZmZOT8//9xUev6IRCKlUkn/wZUYDF6Sfr5oSF7sdrtUKj19+rRCoYiOji4vL5+eniZJcnp6mpJgMBjoh99++61UKm1paZHL5ZGRkYcOHZqbm0PSBgcHc3JypFJpXFzcBx98YLVaWStta2srKSnBD9VqdUtLC0o0m82hoaFIGZIkKysr6+vr+TNs376dvzjecK5WZGdni8VimUxWXFzsdDq5msawEo9Mj8dTWVkpk8kSEhKam5t9Pp9AmV6v98iRI1KpNDExsampCRVEFen1eplMFhMT09HRIcT4Pp+voaFBLpdLJJLi4mK3282lG5Lf2tqqUCgkEklJSYnb7a6vr5fJZNHR0RqNxuPxsDqUVTHWJrBqi4rTfRQZGclIZ9jHb8O5nMLV8/n7Bp3z58/v3buXSwFWjzMa6HQ69+/fL5VKlUqlXq9HjeWHIQHR1NSkUqmqq6tVKpXFYmGcXax6dPfh1maFdcjQVQ3AC6wyl53e3l7hGRgXLgDh/znG4/GYzWaTyTQ4OOhyuRoaGgiCiIiIGB0dlUqlXq+3vLycfvj+++97PJ7BwcGhoaGhoaHh4eGWlhYkqrCwUKPROByO/v7+nJwcsVjMWiPXQllhYaHRaESJv//++8LCQm9vLzo0Go0FBQX8GdRqNX9xvOGsrRgeHq6srJyYmLBYLAkJCTU1NVxNY1iJR2Ztba3L5RoeHu7t7e3u7j537pxAmTqdbm5ubmRkpLe3t6+vr62tjVJ+dHTUYrEYDIacnBwhxm9paTEajUajcWxsLC4uzmq18uiGekV/f7/ZbHa5XDt27HC73SMjIwMDA3a7vbGxkcuhuGKsTRDYVXBwm/sVxeUU1p7PX4Tizp079fX16KmCVQFWqzKoqakJDw+3Wq09PT3nz5+n0jdj8NtEKpWOj48bDIbe3t7XX3+dcXZR6jHch1ubVTfWIbNELwiRuXQ0Gs27775748YN/NT169ffffddjUZDpcBCGTv8U5DdbicIYnZ2Fh2aTKZt27ZRpxg3legQFXE4HCj94sWLmZmZJElOTU2JRCKv14vX4nA4FAoF+u3xeKRS6dTUFH7ocrkkEgmSkJWVVVdXV1ZWhmoMDw+fn5/nz+BwOPiL4w3HW8HAZrPFxMTwNI1xs8Yq0+fzoasASu/u7s7OzhYoUyaTUQ8NZrM5KyuLqoiyIb/xKeRy+fDwMCORVTckn7qj7O/vDwkJoe7lTSbT9u3bKQl0D+KKsTaBS1shzzGMQ78N53IKf8/n7xtOp3Pbtm0XLlzgUoDVqgzNfT6fWCym10I9xzgxuExEkmRHR4dKpZqYmMjNzc3PzydJ0mazyeVyHvvwqIe7D3/24tINgYYMKWxo8HiBVeay4/F49Hp9dHR0SUnJ2NgYShwbGyspKYmOjtbr9VTXZVy4AAqR30lIKpVSOzTi4uKmpqb8FhGLxVu3bkW/d+zY4XA4CIKIiooqLi7Ozs7Oy8uLi4vLzMx85513KLEmkwn9vnLlSlZWFrX9g34YGxurVCpNJlNqaqrL5WpqalIqlc+ePTMajfv27duwYQN/hq1bt/IXF9IKgiD++uuvo0ePWq3W+fn5hYWFhYUFnqYJkTk5OTk/P5+cnEyl2+12ITIfPnzodrsVCgU6XFhYEIlElNfoW2j8SpuZmZmamlKpVIwqWHVD8iMiIlBiQkJCeHj4xo0bKW+63W5KAsOhDMVYmyDcnn4RIorL0Tw9n6sIori4WKvVfvTRR1wKcFmVzuTkJEEQ9FqoU/Hx8cIt0NjY2Nvbu2XLlvPnz6tUqhMnTiBNeOzDox7DfTisuuFDBs+zWC8IkckD/eHv33//ZU0hCGLTpk3Hjh2rqqo6cuRIamoq2iiYmppaWFg4Pj5ODQEC6+cAhf85Zhn57bffbty4YbFYXC5XXV3d7t27v//+e4Ig1q9fHxsbi/Lw7ygrKCgwGo3j4+OFhYURERHp6el9fX30lS7+DH6LC0GtVldUVLS1tYnFYrRXh6dpwTAXhdfrDQkJGRoaoqaWkBDOxU8hGq5fv36JOuPwLyBwNWEZ7RkM1/Bw7969kZGRP//8k0cBxlriYsEXx6hrIp4+NTW1c+dOgiBiY2MNBoNarR4aGkKrlMFQj1U31iGzRJYo02w2+01B/P33301NTX19fTqdDqXodLrW1tbq6mqdTvfaa6+hRFgo44T/MYdrdYL1FOta2aVLl1hXmcxmc0JCAiPR5/PJZDLqIZ1xSJKkyWTKysoqKirq6ekhSfLcuXO1tbUxMTEul0tIBr/F6c1hbcXk5KRIJKK3An8TS28az4IAJZNraUKITKlUii9wsb745ZJGIZfLzWYzI5FrrYyrVzAOGR5kVYy1Cazazs7OhoSEUCsn/f39ftfK/Dacyyn8PZ+nh/t8PnqPZVUggLWyS5cuBbBWhoRQizwkSVZWVhIEgb/5X6x6XDXiunENGSFDg8sLQobhslBVVSWVSuvq6qgtMAi3263VaqVSaVVVFcl2pQIoAp9jPB6PSCSiui91iLoL2ulhsVjS09Obm5tJkrRarfn5+VevXnW73Q6Ho6KiorCwkJKMVoT7+vrS0tKoRMYhQi6Xy+VylN/pdIaHh6enpwvPwH+WWpjmagWScO7cuenp6bGxMbVaHRkZydM0upV4ZFZUVBQVFTkcDovFkpGRcebMGYEyq6qqsrOz0U1oS0uLTqfDvcZvfKrJer0+KytrZGTE6XTW1NT09fVx6SZ8jmF4kPUihTeBR9usrKyKioqJiYmxsbGcnBxU0ezsrEgkGh0dRduf6PbhEuXX0X7nGFY/MkzKowBuVbwharWaXktg+8qqq6t3795tsVjcbrfBYEBbwr788ssA1GN1H+M6wAo+ZBiNDcALrDKXnfLycrvdznXWbreXl5eTHFcqABH4HEOSZHNzs0QiofYsokO0d/nkyZOMbYjz8/PNzc1KpTI0NFQul5eXl09MTDBqqa+vb2xspOQzDhFlZWXFxcXUYWZmJiMPfwaes/hmSrwVJEn29fVlZmaKxeKYmJi6urrIyEieptGtxCMT3yoqUKbX69VqtQkJCRKJpKCgAN1J4dcCLmmMG+ejR4/KZDKxWKxWq/3uXaaE88wxDA+yXqTwJvC03Waz5eXlSaXS1NTUM2fOUBU1NDTgXdFgMLCKEuJov0/wrH7ErcHVFtbNwYyG0Pcut7a2BjbHeL3ehoYGhUIhFoszMjI6OzvHx8clEgm6h1iUelwPiIzrAA4+ZBiNDcALXDJXBNYrFYDwM8cEgN+FGh6USuXAwADX4fNkKa14njJXOSvoQYEE4JSX0I/BZq2bdPX38xXkub7z98udO3d4DoE1B3gQeBmAfs7Daowlww+Ezl6d3Lx587PPPmMkgrOEk5ycfOPGjYMHD96/f194ETAvsMpZY3MMhM5etWg0GupvLghwlnCQrd58883Q0ND6+nrhRcC8wConwDmGJ6B3UlKSxWIJIC66EALbhH737t11NLZu3Xrs2LGnT5/yRA5PSkp69OgR+r1csfTpMoUrSQiLcB7UEOt+a3zw4MHIyIhWq6VnQM66fPlyRETEgwcPqPQ9e/YcP36cIIhHjx59/vnnSUlJGzduTElJ+frrr589e4by8JxibQKr6e7fvx8WFnb79m0q56+//pqSkkIXRTkFtwNXKHh+P3JpyG9kqmNrtVoq4hE/yzsWhChJBO27EgGYFFgzBPYah/8dXfDe4GVlZV25cmWxpZA+Xq/X6/Wi0FjZ2dlo+yZ/eBV68UDUXSYlSQF6BqzkshRkFUI5q6CgoLa2FiVevHgxLi4OReAoLi5Wq9Wjo6OTk5NGozE3N3dwcBBl4znFpQllOovFsnv3bmQ6rVZ76NAhKqdKpeLa/oQ3gbFDbCn4NTJlK+HuWPaxQAazmwEvLWtpjnG5XGij8GIL4vr09/fv2LEj4OLBYKWUDNIcQ3fW6OioRCIZHx/3+XxKpRJd5efm5kQiERX0jA7PKYFNMJlMyHQul0sqlaK/OPT09Gzbto3aJexXyHObY+i2EuiOF3ssAC8S/tfKrl+//vbbb4eFhcXHx3/44Ye3b9+emZlRKBQej2fdunW//PLLDz/88N5771H5jx8/XldXxxDy5MmTTz/9NCwsLCkp6auvvkKLFZcvX/ZbOz1Pd3f3/v37UWAxXCuCIJ49e3bs2LEtW7Zs2rTpwIED9PUZBmKx2Ov14h/L++abb7Zs2RIVFXX48OHHjx8TBMForBC1qQysSgrXEylJYF/3C1jJ69ev79q1a+PGjZs3bz5w4MA///yD52H1FKr3xIkTmzdvjo2N/emnn/AaGdCdlZKSUllZ2dDQ0N7eHh4efvjwYYIgUIApKoQMHZ5TAgkNDUUfSomNjdVoNCiI78mTJxsaGgKOl4NbDzcLwe10giC+++675OTkV1999eOPP56ZmaHS6bbiYVFjgVi5bgYA/8HvLCSXyzs6OqampsbHx0+dOoX+5UcF9Pb5fE6nUywWUxE+0tLSfvzxR8bNTmNjY2lp6fj4uNVqzc3NPXv2LEmSMTExeXl5Q0NDrPUODg7m5eXRw6kWFBR0dnbyaKXX6zMzM9E/1Wtra6l/qjNuvqanpwsLC6urq/FoFsXFxQ6Hw2azpaWlUX/epjeWX22GzqxKcunJpST91BKVbGtr+/nnn6enpycmJrRarVqtxutl9RSq99ChQxMTE729vaOjo4wa8dtburNIkpyampLJZJGRkSaTiUosKioqLCzs7+9nfG+G/xQOo/apqamCggK9Xo8OnU5nZGTkpUuXEhMTeW78/T7H4NZjNQur01FOjUbjcrnQ30hRDBLcVqwPCgGMBXLluhkA0PEzxwiMsp6dnd3V1UWlj42NMcYJawh61rjZpIDQ2VxasUanJ/8/ZmT/JzQ0tKyszOPx8ERMogdsZzRWYLhvnqjyrHpyKUligz9gJemwhlgnBX8sgFEQrx2Pc15aWpqYmEhPmZ2dbWhoUCqVIpFo+/bt9L+785zCoZsuOjo6JCQEBbGnqKqqEovF586d45JAYvZHorjWypD1cLPwjBeCI0Y9w1YMSwY8FsjV0c0AwP9zTGlpaXp6el1dXWtr67Vr11Aio6udPHlSo9GQJHn27NmSkhL8vpLeraOjo6nPV6CzarWaHuFOJBKp1WrGcvzFixfz8vJ4tJqenhaJRKxXIrvdLpFIUIQ+g8EQExODR6qw2+1isZgqYrVaKSVZby0ZarPqzGo6Lj25lCT/O/iXouTw8PC+ffvi4uLoF1B6QS5PsQrnmWMYziJJcmRkJDIyMi0tra2tjcTwer0mk4n+8pnrFH0OYDWd0+ns6+vLyMg4ffo0vXa0IkSl4HIYQpxO58DAAH2Owa3HahYh44X+hMSwFSNnYGOBXNFuBgB0BL3zHxoaMhgMer0+IyOjpqaGZLvbQr0wPz//woULjLMulyskJMRut1Ojl4pzbLPZysrK0G0alR/dGZWVldlsNipRo9HQrxq4VmhQserP0CctLQ2P8beocYWrzaozq+m49ORSkgx08ONKJiYm6nQ6m81Gv4DSC3J5arFzDO6s3NxcnU537do1mUzG9R2nwcFBpVLJf0rgh7n6+/vpovAMuBy/a2W49bhegPsdL3TJDFsxcgY2FsgV7WYAQGdx+8qo0Oh4V0tLSzMajZGRkbOzs/hZKVv8dq642eQiQ2dTWrFGp8e1vXDhQkJCgtfr5VkrowdsZxQXGO6bS0kuPbmUJP87+ANWUkiIdXIxHwvgmmNwZ3V1dSUmJqL7ZbVajS6CJEky3rX09fXRV5C4TuHg6g0MDNDzC9kNxT/HsFrPr1iu8UJJxm2FywxsLJAr1M0AgIGfOYYr9Dce0LupqUmlUqGzjBDlJEcIev642SRJ2jlCZ3NpxRWdHh+3qampbW1trO/88YDtjMYKDPfNE6CeVU8uJUls8AespN8Q61yeYr2Y0mt0OBzUnS/DWXNzcwqFgnpBPTY2JpFIRkZGRkdH5XJ5e3u7y+Wanp5GpdC9MM8pLptT//nwer1Wq3Xv3r3oPTY9A1dxrjyM5xjcengRLqdzzTF4THibzcb6EmixY4FcuW4GAHT8zDE8UdYZAb3RV+SoQ0asddYQ9MJhhM7m0oorOj0+rjo7OxUKhc1mY9yJcwVs9xu9HIfHdKx6cik5Pz9PH/xLUdJviHWSw1Nc12j6Jwaob2ExnKXT6dDGAQqtVpubm0uSZE9PT25ubnh4uEQiUalU7e3tVB6eUzj2/36oWC6XV1ZWUi/YefRnCOGfY3Dr4UWEfEOBLhmPCd/V1aVSqXj0FDgWyJXrZgBAZ9li+3s8HrFYzLXUvkSeQ+hsIZehFWc1K1lbW4teREOcc+EwbOX1ehUKRUdHh/AiwWA1dzNgzbFssf2vXLmSk5PDGt9p6UDo7NVPa2srepYFZwmHYatXXnmls7Nzz549wosAwCpneeIuz8zMoF3LyyINWIts2LDhrbfeWmkt1jz8EwwArDmWZ46h1m2XRRoAAADwYrCOJMmV1gEAAAB4MVlj3ygDAAAA1hAwxwAAAADBAuYYAAAAIFjAHAMAAAAEC5hjAAAAgGABcwwAAAAQLGCOAQAAAIIFzDEAAABAsIA5BgAAAAgWMMcAAAAAwQLmGAAAACBYwBwDAAAABAuYYwAAAIBgAXMMAAAAECxgjgEAAACCxf8A02Qral7ysM8AAAAASUVORK5CYII=) --- **Screenshot:** ![pastposters.com vulnerability](/twimages/screen-1171334.jpg) **Mirror:** [Click here to view the mirror](<http://1171334.openbounty.org/mirror/>) ### Coordinated Disclosure Timeline Vulnerability Reported:| 25 May, 2020 09:13 GMT ---|--- Vulnerability Verified:| 25 May, 2020 09:24 GMT Website Operator Notified:| 25 May, 2020 09:24 GMT a. Using the ISO 29147 guidelines| ![](/images/done.png) ---|--- b. Using publicly available security contacts| ![](/images/done.png) c. Using Open Bug Bounty notification framework| ![](/images/done.png) d. Using security contacts provided by the researcher| ![](/images/done.png) Public Report Published [without any technical details]:| 25 May, 2020 09:24 GMT Vulnerability Fixed:| 19 June, 2020 19:36 GMT ---|---