logo
DATABASE RESOURCES PRICING ABOUT US

customcookies.com Cross Site Scripting vulnerability

Description

Open Bug Bounty ID: OBB-1171879 Following coordinated and responsible vulnerability disclosure guidelines of the **[ISO 29147](<https://www.iso.org/standard/45170.html>)** standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence. Affected Website:| **[customcookies.com](<http://customcookies.com>) ** ---|--- Open Bug Bounty Program:| **Create your bounty program now**. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| **[XSS (Cross Site Scripting)](<https://www.owasp.org/index.php/Cross-site_Scripting_\(XSS\)>)** / CWE-79 CVSSv3 Score:| 6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N] Disclosure Standard:| Coordinated Disclosure based on **[ISO 29147](<https://www.iso.org/standard/45170.html>)** guidelines Discovered and Reported by:| **g0bl1nsec ** Remediation Guide:| **[OWASP XSS Prevention Cheat Sheet](<https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.md>)** Export Vulnerability Data:| Bugzilla Vulnerability Data JIRA Vulnerability Data [ Configuration ] Mantis Vulnerability Data Splunk Vulnerability Data XML Vulnerability Data [ XSD ] Vulnerable URL: ![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAAA3CAIAAABVZQ1/AAAACXBIWXMAAA7EAAAOxAGVKw4bAAAQtElEQVR4nO2dfUxT1xvHr1CgwOW91Aq4AiFICGENY4xlzBA0yAghHUOGhEmdRJEoa5iygcYxsqBBYJthZFkY0Wk2/9gIIcQ4w9hWCXHISMGKXYcMSqnMACuuasG6+/vjJDf3d9+4Fsrr8/mr5/Tcc77f85zbp/deethCEAQGAAAAAE7AZbUFAAAAABsWyDEAAACAs4AcAwAAADgLyDEAAACAs4AcAwAAADgLyDEAAACAs1gTOSYiImJwcJCrCKwFICibB4g1sIysfo65ffv2f//99+KLL7IWgbUABGXzALEGlpdFcsz4+LiPjw/rW3Nzc2fOnOEqCqejoyM7O5uruEQcVuUMuCaTZ5LXCMsbFCGs5Jz8888/Bw4cCA4ODg0N/eCDD54+fbqWIzI+Ph4QEMDz7hKVL0ushchY9NwkO+G37CSWxQKALeU6xmKx1NbWchWF49Qc47CqlUQul09PT6+2Cj5WPsesJCqVamFhQavVdnd39/b2nj59erUVrSbLEmshS3qNn5sbwMIaQbS6w9+/f99gMKSmprIWNw8eHh6rLYGTjR2UJ0+eDAwM6PV6b29vDMMaGxsLCgpKSkpWW5eDiESi6Ohohw9fxlgvfUmTXpZoymHW8lm5jhB0HfP5559HREQEBQW98847c3NzGIbNzc2Fh4dbrdYtW7ZcvHiRWmxsbPTx8Tl37tzWrVsDAgKKioqePHnC1XNHR0d6erqbmxuz+OzZs8rKyq1bt3p7e+/du3dmZoZ29Uq7gr5169brr7/u4+MTGhr61ltv3b17lyYSw7BHjx4dPnw4ODh4+/btH3/88bNnz1CfDQ0NERER3t7eb7/99szMzIkTJ4KDg4OCgg4cOPDo0SPUP1MPqmf2yV+PuHPnTlBQ0I0bNzDGVfn8/PzBgwd9fHzkcvlHH32EDmS6Y04mq0JWGcJd04LCKoNVMGr86quvenp6BgcH7927d3Jykhz6zJkzwcHB27Zt+/rrr3nmlrnwaLAOwaoTjctclp6enhMTEyjBYBg2MjISEhLCFSkus1988cWePXvIQ06ePFlUVPTmm2+eO3cO1QwODnp4eJAWDh8+fOLECZ7Q0OZncnJyz549Pj4+O3bs+Pbbb5nzQBIaGvr777+TxR9//JGnMbPBorHmOitpgqm3uVinnXluMqWSXkJDQ3/77TeBjqhtBFrA2KZ9WSwAGIZhBC9jY2MYhqlUKrPZPDIykpaWVlJSgt7S6/U4jttsNrvdTi2Ojo5iGJabm2s0GkdGRuLi4qqrq7n6z8zMvHz5MmuxtrY2MTFxaGjIZDKVlZVpNJqxsTEcx6na/P39yaJUKm1paZmdnR0dHW1sbBwdHWWKfPfdd7OysoxGo06nS0hIOH/+PDJYWFhoMpkMBkNKSopEIkF+0Re6srIyLj2ontknVz2p32KxREdHf/XVV6QRqq+qqqr8/PzR0dHh4eHU1NSmpiYudzRYFbLKE+6aFhRWGayCCYL48ssvW1tbLRbL1NSUWq1WKpXk0Pv375+amrp27Zper+eKNdfCo8I6BKtO1CH/stTr9SEhIX19fVyR4jJrMpnEYvHDhw9Rm7i4uPb29paWlvT0dFTzySefiESiK1euoGJkZGR3dzdPaGjzo1QqqcrJZS9hQHMkk8nS0tL6+/uZU9fX15eWliaTyaiVi8aaK1I0weQE8kw77dzkkSrQEdOUQAus0+48C5sNQTmGPHl6e3sjIyPJt2if+NSQGI1GVN/W1paYmIheG43G8PBw8hCr1Yrj+OzsLGtRKpUODAzQxHDlmNnZWZFIZLPZmPrJQ+x2O47j5KdzR0dHcnIyUmuxWFBlT0+Pi4vL48ePSb9RUVFcerj65BkLicnMzCwtLeXyJZFIrFYreq3VapOSkrjc0WAq5JIn3DU1KFwymIKZ2kZGRtCZj4Ymo8ylnGfhcUEOwaqTZ1kiTCZTZGQkSgNckeIxm5yc/P3335PH2mw2s9ns5eWFZCQlJZWXlxcUFKAGvr6+NpuNJzTU+bHb7WKxmKqcXPYmBrQ5sVqttbW1gYGBeXl5BoMBVRoMhry8vMDAwNraWtILISzWXJGiBVTIpwFt2bNKZcLVjGlKuAVWF86zsNlYPMdwfazz5BixWEzWDw8PS6VS9Nput5vNZvKttra2tLQ01qLFYhGJROjbgRAxBEHk5+crFIry8vL6+vpffvmFeYjZbHZ3dyfbGwwGmUzG3ydZZNXD1Sf/WFVVVS4uLq2tray+ZmdnMQwjv5YGBgai2WN1R4VVIZc8ga4JRoyYMrgEEwQxMDCwe/fukJAQVI/6pA3NpZxfIQnrEKw6eZYlIjk5mbwG5YoUj9mzZ8+qVCqCIJqamvLy8lClQqHo7u6empoKCwuzWCxSqdRut7e0tOTk5AgMDUEQZrOZppx1KniYnZ1VKpUikQgVRSKRUqkkv2GQLBprIZGiVfJMO+uBNKkCHXGZEmiBVYyzLWweVvT3Ma6urtu2bSOLi/5Fmaurq/DOv/vuu5aWlvj4+IWFhfLy8mPHji1dMI3n0sPK48eP29rarly58uGHH7I+YLDZbC4uLv39/VqtVqvVDg0NabVaTLC7pSukQQsKUwaXYAzDlErlzp07NRqNVqu9evUq/0COKeca4nkXw/3794eGhqjNWCPFYzYnJwcJ6OzszMnJQZWZmZldXV2dnZ1ZWVl+fn4KhUKj0XR1dWVmZjpglkkwA2abe/fuHT16VKPR1NTUoJqamhqNRlNaWnrv3j1qy0VjjeqXfY3xSBXejNXUmrWwueBPQY5dx2CUS8v29nbaTQmE3W6XSCTkvQJakSAIqVSq1Wqphzx8+NDFxYW8f9LT08P1hU6r1YaFhdFE8t+/YhqkFZl6uPrkGUskEg0PDxMEkZWVdfToUdaZxHGceS3P6o4GUyHPvTIhrplBYZXBKvjBgwfUr3JarZbrOoZVuZDrGK4hWHXyL0u73U61yRUpLrOIuLi4rq4uf39/6i2+pKSk7Ozsq1evEgTR3NxcVlYmk8nMZrPA0BCMe2Xt7e3C75WVlJTgOF5eXj49PU2tn56eVqvVOI6TT7kExnrRSNEqeaaddiCXVIGOWE0JtMDqwnkWNhuO5xir1SoSicjbjmSRfERmMpl0Op1CoaA+XCVvj2o0mri4OLKeViQIora2NikpCT2aQ18NCIJISkoqLi6emppCT6pJMcPDwxkZGd3d3dPT00ajsbi4OCsriymyuLg4Ozub9Tk80yCtyKqHtU8hY+n1erFYPDQ0xJzkkpKS5ORknU5nNpvr6upqamq43FHnk0shqzyBrmlB4ZLBFIzaS6XS5uZmi8ViMBiUSiVPjmEq51FItcw6BKtO/mVJ65YrUjxmCYI4ffp0fHw8GRpSoVQqRZ2bTCZfX1+FQoHeEhIaBHrmTyoXfq+ssLBwbGyM692xsbHCwkL0WmCsF40UbQJ5pp12bvJLFeiIakq4BUJAjllGC5sNx3MMQRDV1dVeXl4XLlygFhsaGnAcP3v2rFQq9ff3379/P/kwmdrb8ePHq6qqyK5oRYIg7HZ7RUWFRCIRi8VKpRJ9NUB/YoTjeGxs7Pnz50kxCwsL1dXV0dHR7u7uUqm0sLBwamqKKdJqtR46dEgikYSFhVVXV9vtduE5hlUPa59c9bSxysrKdu7cyZxkm82mVqvDwsK8vLwyMzNHR0e53NEOZFXIKk+ga1pQuGQwBaP2Go0mMTFRLBbLZLLy8nKeHMNUzqWQVs86BKtOdCDrsmSdAdZI8ZglCALdNyNPB0RBQUFubi5ZTExMJKdUSGgQJpMpPT0dx/Ho6Oj6+vrnfR4jBIGxXjRSCOoHNM+00z5AlhfhFojFcsxqWdgYLJJjHIB1zTGJjo6+efMmVxFYC2ykoAhclkvBarWKxWLaX1itF5wU6xWYdmezASysLqv2O/8//viDpwisBSAoz8X169dTUlJWfmetZQFiDTiJ1d93+bkYHBw8cuQIT4OnT5/u27fv77//FtghbGMOLAtzc3Por5ZXWwgArC3WWY5RqVTh4eE8Ddzc3Nzd3Y8fPy6kN9jGHFguyJv1qy0EANYWy59j5HL5v//+u1y9UXfPnpmZGRoaUqvV5Lvz8/P79u2jbcGtVqu7urqEdL52tjEHnM3yLksm8/PzP/zwA+yiSMPZ074CbAALq8tav46h7p5ttVq9vLzI03h+fj4jI8Nut9MOCQwMtFqtQjqHbcwBAACcylrPMTxMTU3t3r27vr7escPX1DbmAAAAGxJB/weTua8164beDu+cL3z3bCpyufzkyZPP5Za6+bYD25izGoc9wAEAALhY/DrGarX29fX19/f39/cPDAzU1dWR9Xq9XqfTXbhwISUlBcOwsrIys9k8MDBw7dq1jo6O5uZm1Eyr1fb09Gi1WrPZHBMTMz09PTQ0dPPmzbGxsaqqKp5R/Pz8yN2zCwsLl+Lz1q1bu3btUqlUZA31RllWVpZKpTIajT09PSkpKWKxGMOwurq6rq6urq4ug8EQEhIyPDzMZZx/rpguVCrVrl27qP/nAwAAYGPC//MZrn2tmVthL2XnfIG7Z/P/opirhnUnc8e2MWc1zrWvEewBDgAAsPh1jFgs3r59O3odExNjNBrRaxzHqT83e/DgwcLCQkREBNkSfebiOO7n54cqw8LCfH19PT09UTEkJIR8Ws41ytKJjY1dWFgYHR2trKwk/93h9evXk5KSkP6AgIDc3Nzk5OT333+/oaHh119/xTBsbm5udnY2Pj6e2SHNOBWBLry9vSsrK0dGRhYWFmJjY5fuEQAAYG2yjp/5C4R10+/1so05AADAumbxHGOz2SYmJtBrg8HwwgsvsDaTSqXu7u5//fUXKur1ev4fSzo2igNUVlYaDAapVKpQKNAeAc+ePevs7KT91fJLL71UVFRUWVnZ2tra3t7u5+cXGBj4vFsACHRx5MgRhUIhk8kMBkNlZaVDtgAAANYBgq5jysvLJycn79y5U11dnZWVxdrG1dU1Pz9frVZPTEyglgUFBc8lhXUUiURis9n+/PNPDMNcXFyYv4ZhYrfbRaL/24ctKCjo008/1el06Hczvb29MpmMvK139+7dN9544+eff56ZmZmYmGhqalIoFBiGqdXqQ4cO3b59e3Jy8tixYzdu3FgWFxiGWa1WnU7X0NAQFBQkpE8AAIB1yuI5BsfxxMTEhISElJSU+Pj4iooKrpafffaZTCZLSEjIyMjIzs4uLS0VroNrFG9v71OnTikUiosXL0qlUgzDyE9qLrRaLesFhFwuv3TpEsa4URYVFZWcnFxSUhISEpKYmGiz2VpaWjAMq6ioSE1NTUtLi4qKMplMQh6cCHGBYdilS5fkcrmQaQEAAFjXbCEIguft8fHxuLg4Z2+lIHyU9957T6fT/fTTT1wN5ufnY2JiTp06dfDgQa42O3bs+Oabb1555RUH5XKwMnMFAACwjli1vf0do76+nvwP6qx4eHhcvnz5tdde42kD25gDAACsDOvs78rc3Nxefvll/jb8CQYAAABYMdZZjgEAAADWEYs8jwEAAAAAh4HrGAAAAMBZQI4BAAAAnAXkGAAAAMBZQI4BAAAAnAXkGAAAAMBZQI4BAAAAnAXkGAAAAMBZQI4BAAAAnAXkGAAAAMBZQI4BAAAAnAXkGAAAAMBZQI4BAAAAnAXkGAAAAMBZQI4BAAAAnAXkGAAAAMBZ/A+xYfvrAVEP8AAAAABJRU5ErkJggg==) --- **Screenshot:** ![customcookies.com vulnerability](/twimages/screen-1171879.jpg) **Mirror:** [Click here to view the mirror](<http://1171879.openbounty.org/mirror/>) ### Coordinated Disclosure Timeline Vulnerability Reported:| 25 May, 2020 21:24 GMT ---|--- Vulnerability Verified:| 25 May, 2020 21:35 GMT Website Operator Notified:| 25 May, 2020 21:35 GMT a. Using the ISO 29147 guidelines| ![](/images/done.png) ---|--- b. Using publicly available security contacts| ![](/images/done.png) c. Using Open Bug Bounty notification framework| ![](/images/done.png) d. Using security contacts provided by the researcher| ![](/images/done.png) Public Report Published [without any technical details]:| 25 May, 2020 21:35 GMT Vulnerability Fixed:| 16 June, 2020 17:38 GMT ---|---