logo
DATABASE RESOURCES PRICING ABOUT US

thaiopencode.com Cross Site Scripting vulnerability

Description

Open Bug Bounty ID: OBB-1174625 Following coordinated and responsible vulnerability disclosure guidelines of the **[ISO 29147](<https://www.iso.org/standard/45170.html>)** standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence. Affected Website:| **[thaiopencode.com](<https://www.thaiopencode.com>) ** ---|--- Open Bug Bounty Program:| **Create your bounty program now**. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| **[XSS (Cross Site Scripting)](<https://www.owasp.org/index.php/Cross-site_Scripting_\(XSS\)>)** / CWE-79 CVSSv3 Score:| 6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N] Disclosure Standard:| Coordinated Disclosure based on **[ISO 29147](<https://www.iso.org/standard/45170.html>)** guidelines Discovered and Reported by:| **g0bl1nsec ** Remediation Guide:| **[OWASP XSS Prevention Cheat Sheet](<https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.md>)** Export Vulnerability Data:| Bugzilla Vulnerability Data JIRA Vulnerability Data [ Configuration ] Mantis Vulnerability Data Splunk Vulnerability Data XML Vulnerability Data [ XSD ] Vulnerable URL: ![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAAA3CAIAAABVZQ1/AAAACXBIWXMAAA7EAAAOxAGVKw4bAAANdUlEQVR4nO3df0wT5x8H8BMLVGhRaluRwgA30SyGNYYRlrFlmYQZQkjd/DEd22pmFBdGSINO3LIx/sAFkWz7gywLS1y2bPvDGEMIYQkhS0OIU9YcXcOwooFaK1uAFXdqweLtj8v3ct/71euP44e+X3/1uT53n+dzz3P90CuUNTRNEwAAACpIWu4BAADAYws1BgAA1IIaAwAAakGNAQAAtaDGAACAWlBjAABALSu3xhQUFIyMjEg1AeKHRbWKjIyMHD9+XKbDw4cPDx48+Ndffyk5GqZ+yazQGvPHH388evToueeeE20CxA+LanWx2+35+fkyHZKTk1NSUhobGyMeClO/lCLUmMnJSb1eL/rU3NzcmTNnpJpx6u7urq6ulmouDW5GMudBVLT9l8Xk5GRmZuYyDuCff/45fPiwyWSyWCwffvjhw4cPo9o9zpOckEWlcAwRrw72OMsyKUqyiPkCj3mauBFnZmbcbndDQwP77Pz8/MGDB3lHbmho6O/vj3jkZXk9eWLF/j4mGAy2trZKNeO0EmpMPBnl5eVNT08ndjyPH7vdvrCwQJLkwMDA0NDQJ598spTRE7KoFE50Yq+OhFOSxdKnwI1IUVRaWlpqairTnJ+f3717dzgc5u1iMBgoiop4ZNSYpbQS75XduXPH6/W+8soros3Vgr0eQNSDBw9cLtc333xjsVi2bdvW0dFx4cKFqI6g0WgKCwtji57ARZWQiWZziSepeKyu5To1NVVeXt7e3h7Dvqv09WT1UlRjvvzyy4KCgo0bN7799ttzc3MEQczNzeXn51MUtWbNmu+++47b7Ojo0Ov1Z8+e3bRpU2Zm5rvvvvvgwQPmOFevXn3ppZf0er3FYnnjjTf+/PNP0XDd3d0VFRXJycm85p49e86ePctsHBkZSU1NZQZDEMSxY8dOnDgh32Hr1q3yu3PHwEtQ6jwwSb3wwgvr1q0zmUz79u27ffs28f/3B+7du3fs2DGTyZSbm/vZZ58tLi6yHUTP0vz8/HvvvafX6/Py8j799NPFxUWm87lz5woKCjIzM9966y02OkEQi4uLTU1NmzZtSk9P37dv38zMjFRQgiBu37792muv6fX6bdu2/fjjj+xBhEF5kyIaRTQQd7Tp6ekHDhyYmZk5ceKEyWTauHHj4cOH7927RxDEunXrbt26lZ6ezhxnfHw8Oztb+SIhCMJisfz+++9s85dffpHqKezAW2OiQYUpM6mdOXPGZDJt3rz522+/5U601JwK15JwqGwuFovlt99+iyEjhSmw4xTNIp4UCIlrgUd0pQmHJHoBsvLy8j766CP5kyN1ohI19cqjP+Ei1xiKokiSHBoaunLlSiAQOHXqFEEQ69evHxsb0+l0oVCopqaG29yzZw9FUVeuXBkeHh4eHna5XG1tbcyhqqqq7Ha7z+cbHBwsKyvTarWiEaVulFVVVbE3W3t6eh49etTX18c0+/v7Kysr5TvYbDb53blj4CUodR4IgnC5XEePHp2amvJ4PDk5OXV1dbx06uvrA4GAy+Xq6+vr7u7u7OxkT6zoWWppabl//77b7e7r63M6nV9//TXT2e12M9F9Pt/p06fZ47e1tfX39/f393u93uzs7NHRUZmgdXV1GRkZo6Ojvb293BojGpRLNIpUIOZcDQ4OkiQZCAS2b98+PT3tdrsvX748MTHBHTzj2rVrjY2NzI+lUovEJMA7iN1u37VrF7fqsK5evbpr1y673c5u4a0x0aCiKVMUNTY25vF4zp8/X1ZWxgskOqfCtSQz1JgzUp6CfBbxpBDxWiCkVxpvSMKIsVmyqQdJtKyJiQmCIO7evcs0h4aGtmzZwj6l0+m4PZkms4vP52O2X7x4sbi4mKbp2dlZjUYTCoWEUXw+X35+PvOYoiidTjc7OytsBgKBtLQ05gglJSUOh+PQoUNMxIyMjIWFBfkOPp9Pfndh7myCMueBa3x8PCsri7tvOBzW6XQ3b95kOnR3d5eWlsqcJZqmjUYjRVHMY5IkS0pKeNEHBwe50c1ms8vl4g5DKmg4HNZqtdygGzZskArKS00YRSoQM9pgMMiONikp6f79++ype+aZZ7gH8fv9W7Zs+fnnn2nZReIX4HWgKKq1tdVgMOzfv9/r9TIbvV7v/v37DQZDa2srmyBvjUkFFabMpMbuSIstEtE55V0sokMVUp6R8hTks0hgCsJrgSG60oRDogXnlnsQqY3cLWpPPSgUucbwCgn7qiRTY7RaLbt9dHTUbDYzj998802r1epwONrb23/99Ve2TzgcDgQCzOOLFy+++uqr7FO8ptVqHRgYmJqaysnJCQaDZrM5HA53dXW9/vrrSjpE3F0qd5nz4HK5ysvLs7OzjUajwWBgtrP9A4FASkoKu6PX62UvPNGzNDs7SxCE8X8MBoPZbJaJHgwGNRpNOBzmjlwqaCAQ4AVljiMalHtA0ShSgWRGK2zSNF1aWvrVV1+xTalFotDs7KzNZtNoNExTo9HYbDa24DF4i0o0qGjK8i9qMitf9CWSN9R4MlKegnwWcaYgfy3Q0istYgmJocaoPfWg0JJ+5v/TTz91dXUVFRUtLCw4HI4PPviA2b527drNmzczj+V/o6yysrK/v7+np6eqqmr9+vVWq9XpdHLvdMl3iLh7DGw228svv+x0OkmS7O3tjfk4jFAolJSUNDw8TJIkSZJut5skyYh7rV27dgmCxhlF1J07d9xuN7sSCOlFEvFeGUEQN27cqKurczqdLS0tzJaWlhan0/n+++/fuHGD7Sb8tSKZlZnYfGWGqrCbaEYrJIWI10Jsyzs2K3bqnzjyJSi29zEE5+32pUuX2LfbXCRJ5uTk8DaGw2Gj0cjee+E1aZoeGhoqKSmprq7u7e2labqzs7O+vj4rK4t9GyTfIeLuUrlLnYe///6b+3MoSZK8n90U3ivjniWdTid8ny7zzsBsNpMkyTuNSu6VXbp0iT2OMCiPMIpUoKjex4TDYe788nAXScR7ZbW1tTqdzuFwTE9Pc7dPT083NDTodLra2lpabFFJBRWmHPF9jNSc8naUGmpsGUWVgnwW8aQQ8VpgiK40Nd7H0CpPPSgUe42hKEqj0bC3Ytkms0z37t3r9/s9Ho/Vam1ubqZpenR0dPfu3QMDA9PT0z6f78iRI1VVVeyRmVuiTqdzx44d7EZek2E2m81mM9Pf7/dnZGRYrVblHeSf5d6Z5SYocx7MZnNnZ2cwGPR6vTabTXhdHTlypLq62ufzeTyenTt3MveFpM4STdO1tbWlpaUejycQCLS1tbW0tMi/are2tpaUlLjdbr/fz/xcKRWUpmmbzcYNyh5HGJR3NkSjiAaK9l4ZN4r8IpFXU1MzMTEh9ezExERNTQ0ttqikggpTVlJjROeUd7HIDzXajKJKgVZQY2JOQfRauHv3rkajGRsbY+4+ia400VdwbkSfz8e9iccbNmt8fJy3umjVph4Uir3G0DTd3NyclpZ2/vx5bvPcuXM6ne7zzz83m80bNmx45513mM97FxYWmpubCwsLU1JSzGZzTU3N1NQUL0pjY+Pp06fZ4/OajEOHDu3du5dtFhcX8/rId5B5VriM2ARlzoPT6SwuLtZqtVlZWQ6HQ1hjKIo6evSo0WjMyclpbm5mrjSmg/As0TQdCoUaGhpycnLS0tIqKytv3rwpPwvhcPjkyZNGo1Gr1dpsNubnStGgNE37/f6KigqdTldYWNje3s4eJ2JQ0SiigaKqMbymzCJJFOGikgoqTDlijZGaU1pwsSSW8hToSDUmnhRErwWapk+dOsXuKFxpokPiRQyFQlqtlvfLBcK9Lly4UFRUJDW8xE49KBShxsQgnskoLCy8fPmyVPNxgiW7XNRbVI/BnK7kFOrr63kf1/OEQqH8/Pyuri6pDo/x68lKpln6T4BkXLt2TaYJED8sqlWqvb1d/hcEUlNTf/jhhxdffFGqA6Z+WazE75IBAOBJTk5+/vnn5fvIFBhYLqgxAACgljU0Tcs8PTk5uWPHjn///Vemz9zcXGdnZ1NTU6LHBgAAq1uEGkMQxPz8vPx3siqpQwAA8ASKfK9sdX3pNwAArBxK/w9mnF/6DQAAT6AoPvNP7PeWAwDAYy+63yvr6OjIzc19+umnW1paenp6mI3Mf1xITU1lvkVufHy8vLy8oqLiwIED169fT/iIAQBgtYiixmi12tzcXObx9u3bfT6faLf09PSmpqbx8fGFhYVnn302AWMEAIDVSZW/j1H4veUAAPB4i6LGhEKhW7duMY+9Xu9TTz0l2u348eNWqzUrK8vr9eKPZgAAnmTRfV+Zw+H44osvgsFgc3OzzWZjNhqNxlAodP369a1btxIEQVGUx+PJy8tL/GABAGBVieJ9jE6nKy4u3rlzZ1lZWVFR0cmTJ5nt6enpH3/8sdVqZX53+fvvv0eBAQAAQsnf+TPwx/wAABAtfCcmAACoBTUGAADUghoDAABqUfp5DAAAQLTwPgYAANSCGgMAAGpBjQEAALWgxgAAgFpQYwAAQC2oMQAAoBbUGAAAUAtqDAAAqAU1BgAA1IIaAwAAakGNAQAAtaDGAACAWlBjAABALagxAACgFtQYAABQy3/Rj27RWNWbawAAAABJRU5ErkJggg==) --- **Screenshot:** ![thaiopencode.com vulnerability](/twimages/screen-1174625.jpg) **Mirror:** [Click here to view the mirror](<http://1174625.openbounty.org/mirror/>) ### Coordinated Disclosure Timeline Vulnerability Reported:| 27 May, 2020 20:59 GMT ---|--- Vulnerability Verified:| 27 May, 2020 21:07 GMT Website Operator Notified:| 27 May, 2020 21:07 GMT a. Using the ISO 29147 guidelines| ![](/images/done.png) ---|--- b. Using publicly available security contacts| ![](/images/done.png) c. Using Open Bug Bounty notification framework| ![](/images/done.png) d. Using security contacts provided by the researcher| ![](/images/done.png) Public Report Published [without any technical details]:| 27 May, 2020 21:07 GMT