en.osjd.org Open Redirect vulnerability

2020-05-28T02:53:00

Description

Open Bug Bounty ID: OBB-1174847 Following coordinated and responsible vulnerability disclosure guidelines of the **[ISO 29147](<https://www.iso.org/standard/45170.html>)** standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence. Affected Website:| **[en.osjd.org](<http://en.osjd.org>) ** ---|--- Open Bug Bounty Program:| **Create your bounty program now**. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| **[Open Redirect](<https://www.owasp.org/index.php/Unvalidated_Redirects_and_Forwards_Cheat_Sheet>)** / CWE-601 CVSSv3 Score:| 3.4 [CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:N] Disclosure Standard:| Coordinated Disclosure based on **[ISO 29147](<https://www.iso.org/standard/45170.html>)** guidelines Discovered and Reported by:| **myNickName ** Remediation Guide:| **[OWASP Open Redirect Cheat Sheet](<https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/Unvalidated_Redirects_and_Forwards_Cheat_Sheet.md>)** Export Vulnerability Data:| Bugzilla Vulnerability Data JIRA Vulnerability Data [ Configuration ] Mantis Vulnerability Data Splunk Vulnerability Data XML Vulnerability Data [ XSD ] Vulnerable URL: ![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAABLCAIAAAAphcDFAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAZV0lEQVR4nO2df0xb1/XAX12POsYQIMYQ4ibG3ViUIUpThmiWbiiKUkot5GZ0RZSmNEVJxCJKUZpRL8tYipKMEtplDGURrWgUdfmjIgxFEYpQllkRzQhzXep6DmMUHMe1iCHAXOoax+/7x1Xv9+29+64fDjYOOZ+/uJf7zj333B/H7773zn2IZVkGAAAAAKKAbLkVAAAAAFYs4GMAAACAaAE+BgAAAIgW4GMAAACAaAE+BgAAAIgW4GMAAACAaBEXPiY7O/uzzz4TS65U4raZcasYAMQ/MH14LL+P+fzzz0Oh0OOPP05MrlTitplxqxgAxD8wfYSE8TETExNJSUnEf83Ozh47dkwsKZ3e3t6ysjKxZAwgtnFiYiI1NTV6laJmUsy7XMShYnfu3Hn11VfT09PXrVv3q1/9amFhIa7UI0LRUPrQevbZZ//85z/j5I0bN5599tnVq1dnZGS89tprs7OzKH9qaurll19G9nnrrbcWFhYYhrl9+/ZLL720Zs2adevWvfHGG99++y2W8/e///2JJ55ITEx86qmnPv/8c16lEU/kRcGrRWguipXC9j69wFItXERiv3zFP5Hfx8zMzBw9elQsKZ1l9zEbNmzwer2xrJGJ47EYh4pVV1cHAgGr1Xr58uWBgYHDhw8vt0bhufdBdePGDYvFsmvXLpxTWlqq1WodDofFYvH7/fv27UP5u3btCoVCyD5Xrlw5cuQIylQoFDabzWw2Dw8PHzp0CMupqKhoampyuVwlJSW7d+/m1RvxRF4UsalFStVLq0kcTp/lh6UyPj6uUqmk/ItSkoLb7U5JSQkEAsTkMjI+Pp6SkhIl4biZkRktesShYvPz81qt1ufzoeTg4OD3v//9+FEvAiQOrdra2kOHDuGk3+9/77335ubmUHJ4eFir1bIs6/P5ZDLZzMwMyr969WpOTo7P51MoFDyjYVFqtdrlcrEse+HChby8PKF6MbBt2NWDYqWwGtILLMnCRSR+lq+4QtJ9zB/+8Ifs7Ow1a9a8/PLL6A59dnZWp9P5fL6HHnroww8/5Cbb2tqSkpLeeeedjIyM1NTUV1555ZtvvhGT3Nvbu2PHju9973vC5Lfffvvaa68lJSVt2LDht7/97d27d5nv7oJPnDiRnZ2dmpr60ksv4R0DLl9//fXevXvT09MfffTR3/3ud+ja69evP/3000lJSevWrfv5z3/+r3/9CxXGd9a3bt165plnkpKSfvjDH3700UdEhYmSkYRjx46lp6evXbv2/fffZxjmq6++eu6555KSkrKzs0+cOMG98ee1+ve//73QVtevX3/qqadWrVqVnp7+wgsv3Lp1i9J8ilkoZuQpHJ+KrVq16ubNm4mJieiq0dHRrKysGKhH1FDMbkJ42zVShhaX2dnZc+fO7d+/H+c88sgjr7/+OpK5sLBw9uzZbdu2MQzj9XqVSuXq1atRMa1WOzk5mZiY+M0332CjBQKBhIQELKq2tra0tPSXv/ylyWTiKcOb10R7Lmq0E3tZWAsF6TbnIVy1hFVLXLjElg4evOkDIML7GJ/PZ7VaBwYGBgcH3W53Y2MjwzCrV692OBwqlcrv91dVVXGTzz//vM/nGxwcHBoaGhoaslgsLS0tYsIpG2VHjhyZn58fHh7u6+szm82nTp3C+gwPDyN9nE6nyWQSiq2rq3O73RaLpa+vr7e3t6Ojg2EYg8FQXV3tdDqvXr26detWhULBu2r//v3Jycl2u/3ixYtiCwFRMtLK4XDYbLaurq6tW7ciaQkJCaOjo/39/WfOnBFrtc/nG/oOrq0sFsuePXs8Ho/NZtNqtXi5EWu+WD7FjDyF41kxxI0bNw4cONDa2hoD9cQ0pKhHQWxopQtA+Z2dnQaDISMjQyjq/PnzSqVycHDw9OnTEmtvbm7m7rmpVKqxsbGurq6+vr4f/ehH3JK8ec2I2FP6aCfaUFgLHbrNiTYkrlrCqiUuXGGXDgRslJGh3+aMj48zDIPv0AcGBvR6Pf4X8ZYTXeJ0OlF+d3d3QUEB+tvpdOp0OnyJz+dTqVTT09PEpFqtxjf7Vqu1sLBQqM/Vq1exPphgMIhmEUr29vYWFRVNT0/L5XK/309so0qlCgaDCoWCq7bwVp0oGWuFNUclFQoFLsmVxm0mxVZcRkdHMzMzKc2nmIViRq7C8awYwuVy6fX6c+fOxUY9ooYU9XhwZwdlaLkEoHy9Xm+1Won7RfPz82azOTc399SpUyxpGvIuaWpq2r59ezAYRMnOzs68vDyPx1NcXFxSUoKspNFoiJrzQPZc1Ggn9jJRbbG9MmF1vMJCG1JWLUrVYoOKsnRwFzTe8gVg5GGdkEqlwnf9WVlZ09PTYS9RKBSPPvoo+nvjxo1OpxNfPjAwgItdunSpsLAQ31Zzk3fu3PF6vTqdDv0rFArJ5XKhPlqtVqjP5ORkIBDIzs7GCoyPj6emppaXlxcVFW3bti0rK6ugoOBnP/sZ7yqGYbhqC9tFlIy14u6GTU5OhkIhbkmxVovZ6tNPPz148KDdbg8EAqFQKBQK0ZtPzKebkffeTtwqhigvL6+vr3/xxRdjoB5FQzH1KFCG1rp164Tlz58/r9PpHn/88YmJCeF/V61a9fTTT7e0tBw6dGjv3r30qv/617+eOXNmcHDw4YcfRjkmk6mvry8jI+Ojjz7Ky8s7duwYmhFiEoj2lDjaKb28KOg2F9pwYmIiglWLERlUlKWDu6Dxpg+AiaTLI+bhhx9eu3YtTlI2yvx+v0wmGxoawoNSJrvXT3n+8pe//POf/7TZbG63u6GhYcuWLX/84x/vUWYESLyhNhqNNTU1p06dUigU6BWgCOpalBnjVjGGYb766qvh4eFPPvkkNuqJaRgIBCKTJgbeHMPcvn375MmTDQ0NvPyFhQWr1frjH/8YJfV6vdvtpgv/4osv9u3b19fXt2bNGix8enr6iSeeYBhm7dq1XV1dRqNxaGiIsul3L/aU3stKpdLv99+9exf7Qp/Pp1QqpdQitOHQ0JB0JaUgtnRwFzTYKBMjKj7G7/ffvHkT/SIYGRlZv369sMzdu3cvXLiA30PlJdeuXatUKvF8WBQajSYhIeHLL79EP6wcDgf+JfXkk08++eSTDMOUlpYaDAauj9FoNAzDcNVelGRhSZlMNjExsWHDBlSS2ExGxFa3b992u92/+c1vUJmI34KVbsa4VQyh0WhsNhs3J6rqiWlIvLGQojwjMrSsVquw/JUrV4aHh2UyWSgUmpubQ2uoy+XasmXL5OQk+qWMm6xWq+fn52dnZ9Fjf5fLhaq7c+eO0Whsa2vjfg+YlpYml8v//e9//+AHP2AY5rnnntu9e/fp06d5tsVItKfYaJfey+np6WlpadeuXfvJT36Ccsxmc15eHv0qhNCGwWBQyoVCKAsXZelgSNMH+H/oW2mU3V6fzyeXy0dGRnhJtH1UXl7ucrlsNlt+fn5TUxOWgLc10Z4yzuclWZbdt29fUVER+u3Q0tJy5MgRuj7cDdOampqysjKn02mz2TZv3nzy5Em73V5SUnL58mWv1+t0OmtqagwGA6+NRqORq7ZEyUKtEOXl5UajcXx83Gaz5eXlIWm8ZlJspdFoOjo6ZmZmRkZGjEYj3psmNp9iFilmjGfFMNxeiIF6RA2lv+fKKyk2tIjg5wrXrl1LTk7Gz2kMBkNFRYXL5bJarZs2bero6EDlS0pKqqqq3G73yMjI1q1bDx06FAwGt2/fXldX5+eACtfW1m7ZssVms3m93q6uLrVanZmZyX1JmjevhfaUPtqJNiTWwrJse3t7Tk6O2Wz2er0ff/xxWlra1atXhZZkWXZubk4ulzscDvyQiW58XrcuduGiLB3sd8NSuHwBmMh9DMuyTU1NSqWyq6uLmzxx4oRKpTp+/LhGo0lJSdm1a9f8/LxQ2oEDB0wmExbFS7Is6/f76+vrtVqtUqksLS1FTxQlLhY+n2/Pnj1qtVqr1TY1NQWDwUAg0NTUlJOTk5CQoNFoqqqqPB4PTyuXy7Vjxw6VSpWTk9Pa2ipRsrAMwuPxGAwGlUql0+mOHz+OpPGaiS5saWkR2spsNhcUFCgUiszMzIaGhojXSilmjGfFhBfGRj2ihhH7GOLQkiKEW3JycrKioiIlJUWr1TY3N3PzKysr09LSsrKyGhsb0edNvJ+SXLM3NjbqdDqFQrF58+azZ8+OjY0plUqz2YwFcue10J7SRzvRhsRaEG1tbTqdLiEhITc3t7u7m2hJRGNjI+9ant3CvgchfeGSsnQIly8AE8bHRIDEeZiTk3Pt2jWxZCyJwUdnDocDvbqzjM2kE7eKAfcdeLTfX9zLOgDTh0JMn/lzuXHjBiW5wrBarXq9nonjZsatYsB9Bx7tDw4wfSgs4mWtFRmzemFhYWBgQKvVLrnkt99++/333799+/Y//vEPk8mEo0vdI7HphRXZ19FA+AEg4r///e9yqxZTojTagRWA1PuYlRqzes+ePb29vZ2dnUsuubi4uL6+vra2dv369XV1da+88sq9y4xNL6zUvo4GxBfDGIaJ87DQS040RjuwQpC4p9bc3Lx///6obtst4XORGDxiQeFao1qFkBj0grCWubm5zMxMh8OBcxwOR0lJSXJyskaj2b17Nw7IKCwsfPiMvi1nWXZ6erqqqgo9qT548KBYJMEIulJK19TX1ysUCrGHxvdOLKN2SnxRgseyDGA6lIZw8+NQczZetYoHpPqYwsLCS5cuRVWV+8vHxHIRwcSgF4S1NDc3HzhwgFtAr9fX1NS43W6Xy1VZWVlRUSFWGFmJ+wYt9iVGo7GystLlctnt9qKiIu4L7lwisHPYS7xer0wms1qtYi+/3jsxHh5iQZIoPmZZBjAd6W+ux5vmbLxqFQ9I8jGxiVkNPoZObHqBV8vc3Fxubi4O/cSKB5knFhazkt/vl8vl3Ij0mzZtIuoTDR+zIocHUYcV42MiKBZj4lOreEDSM39uzGphcHsUfJsYEzuC+PzCgO28MOm8A/IoIfSJsd/F9CfKF1OVFyH8T3/60zPPPIMl/PrXv+btRy/5iQBiwcaFBv/yyy8TExM//fRThmGmpqZSU1P/9re/URTmxSdvb28/cOAA1z5iQeaJhRmGCYVCr7/+ekZGRkZGxhtvvIHa7vf7Q6EQDjivUCjm5+cZcYhx2olWDRs3fmpqiluA2AtiUf3FBu3du3ffeuutjIyMxMTEF154YWpqiqK2EK7wxMTEF198cWpq6s0330xPT1+zZs2rr7769ddfo5KUkwtQAYmHCEiJ4c+QhijRXMRrhTz//PPvvPMO+vuzzz575JFHsE327t375ptvihmN20Ce5sQVhojYlEEWS0xMfOyxx95991004yhrArGxRHtKOQ7ggUCKIyotLT179iz6e/fu3QaDgfuhO/4+1ul0jo6O5ubm4n0Pk8lUUVExNjZmt9uLi4vb29vZ7/bod+3ahb9Mrq2txflCOfQvqnbu3Gk0Gj0ez+joKP7AmKISUX8x+WKqsiyLQ4IHg0GXy6VQKPDv99zc3J6eHq4BhZVyhXs8nr6+PvQMg9gcYS9oNJrOzs7p6emxsbG2tjb8aRvR4M3NzT/96U9Zlq2tra2srGRZlqIwtxafz6dWq/V6fVZWlslk4u0sdXd3y+Xy4uJitI9BLIzaaDKZJicnUUe0traiywsKCurr6wOBwNzcnMFgKC8vJ449JKG6utrtdo+Ojm7btm3fvn0Uq/K6hiiTW4DYC0IzUkYCy7JHjx4tKCgYHh52uVx1dXVms5mitlgbq6qqXC4XEq5Wq9G1IyMjxcXFdXV1qOSpU6c++OCDmZkZj8dTX19vNBrZ/50gKKAAHvaU+xielcQk84xDNBfxWiGdnZ07duxAfzc3N8vlchRFm2VZvV5/+fJlMaPxZihXc+KAJyI2ZbgW4y4gYmuCWGN59hSr7gEkvI/hxqwmBrcfFw+0vqj4/GJyKP0tFlRcTJSY/nQfQ4z9zruqqKjo448/xvnc7eMlPxGAEmycaPBAILBx48ampia1Wo0/USYqzItP3traajQavV4vWrDwIo7gBZknFvb7/dxv03p6enB0d7vdnp+fn5CQgEIfij1n4nUBjtMuZlVh1xBl4gLCXiCakTISWJbVaDQWi0WK2pQ2cncOZTIZjlwwMDDAPcUSwz25ADVHyvkURCNQJDOCuPpCcxGvFeJ2u1HsS5ZlCwsLGxoa0C+e8fHx5ORkHJ5AaDThDMVJsbMDeIhNGTGLhY0UIGws9xLKDH0ACe9juru7t23bhv52u90JCQn4XyMjI+g8CYVCgTPtdjv6yhfF01Z/R1paGsqnBPYgyqH0N08fu91OFyWmP8XHSPzX8ePHq6urWZZtb2//xS9+wTUgsVKhBEpz2P/tBZZlKyoq8vPzGxoaWltbr1y5gjLFDM6ybH9/P8MwXCdBVJhXS05ODp5+vb29xDNaLl68uHnzZomFHQ4HbwGamZlpa2vjFlZzEFoJd4GYVYWX8ASyAh/D6wWiGSkjYWZmRi6X8+6ZKOXp+rCCFY2btFgs27dvz8rKQorxFkS3280b9tIrpUsWaxflWmKl+fn5ly9f9ng8Wq12ZmZGo9EEg8HOzs6dO3dS7CDmYygDXlg1ccqIWYzSI2KN5V1CrO7BJPz3MRHHrI5GfP64ZefOnShA+oULF6qrq5dcPq8XiMHGKQb3eDwymczj8dAV5tZy586dsbExfJxGTk4OCiZPDDIvVlgIPtAFoVQq33vvvfb2dpwj9sVJxCxWYGRR/XFQ+iXXh0vEkfbDVnovMfzFrhVWWlpa2t/fPzY2ZjAYVq9enZ+fbzab+/v7S0tLpVeHoQx4YdVLdbSHREPFyUkicQHdBQWDQbVajXckpOyV9fT04J+lKpWKt4fAUn+tEOXMzc3JZDLuNgVvr2x8fBwlxfbKsCii/hT50u9jWJbNzc3t7+9PSUnhvlglVilRglhzeL3Aw2q14je7iAafmZnJzMw8d+5cWlqa3W4XU5hXC5rAONnT04PURq+E4d2S3t7ewsJCscL9/f35+fm4xu7ubt5uxunTp9FtkBhiXbCEe2XCwkIz0m81NBqN1WqVXl5iG3nJyclJuVyO861WK+9HN2/np6enR2KlYSWLqUq5lsjAwEBhYWFZWdnFixdZlu3o6Kirq8vMzHS73RQ7UPbKiAM+LHjKiFlMbE2gNJYy6rgz9AEkjI8RxqwWBrfHD9iFgdYXFZ+fIqewsLCmpsbj8aAnotxBTAwqThFFDM4vJp8y+YXByQ8fPpyXl4fjfkfvRABKsHGiwWtra9FuWHNzc3FxsZjCwr42Go0lJSXj4+PDw8ObNm364IMPUD4xyDyx8MzMjFqtPnz4sNfrtVgsvIc6wWBQr9f39vay4lC6gGhVYtdQZBJ7IWxUf54bOHr0aGFhIXrmv3//fvTMf8l9DCvh5ALphwiEjeFPNA7RXMRrxdBoNBqNBs0Ol8uVnJyMf4VI9DFczcXODuBBmTJiFhNbE8Qay9VKrLoH8wlNGB8jjFktDG6PRgAxmH8E8fmJAdvRSyYqlWrTpk0nT57kDmJiUHGKKGJwfjH59MnPixCObs9RUjgrlvBEAEqwcaHBh4aGVCoV+qXm9/t1Ot2ZM2eEChP72uv1oqDx69evP378OM4nBpkXK4yOWVSpVHq9vqWlhSv/zJkz9JsYehcQrYoQxo0Xk0nshbBR/XkjIRgMHjx4UK1WKxQK9OJDlHxM2JMLFnWIAD2GP9E4RHMRrxWjsrKS+w5hQUEBHnUSfQxXc8rZAVwoUwZZTKlU6vV6rsXE1gRKY7FWxOrC3l6vVML4GCkxq+PHdssbVNzn8ykUCsorN4sl2icC8BSG+OTAAw79pwAQGWGe+d9fMauXN6j4pUuXtm7dyv1q8h6J9okAPIXvr74GAOC+YNnOj1kq3n777aysrLKysrGxMZPJtFxHas/Ozra3t1dUVNyjnJg1Z6kUBgAAoHDfv0xcXFzc0dGh1WqrqqqWMag4fvBzj3Ji1pylUhgAAIDCQyzLRnDZxMREbm7ug3YQEwAAALAo7vv7GAAAACBuAR8DAAAARIswPoYSt58Rj8ItVh4AAAB4oAh/H+Pz+QYHB4eGhoaGhiwWS0tLC863Wq0DAwODg4Nut7uxsZFeHgAAAHjQCPPMf2JiQqfTOZ1OFO7w/PnzR48evX79Osqfm5tDJ/l88sknVVVV//nPf8TKx6YxAAAAQFwR/j5GoVDgeLobN250Op3ob5VKhY+Ky8rKQnG2KeUBAACABw145g8AAABEi/A+xu/337x5E/09MjKyfv36pS0PAAAArFQk3cc0NDTcunXriy++aGpqMhgMS14eAAAAWJGEj1emUqkKCgo2b94cCATKysoOHjy4tOUBAACAlUr498oWFTMGYswAAAAAGHjmDwAAAEQL8DEAAABAtAAfAwAAAESLCGP7AwAAAEBY4D4GAAAAiBbgYwAAAIBoAT4GAAAAiBbgYwAAAIBoAT4GAAAAiBbgYwAAAIBoAT4GAAAAiBbgYwAAAIBoAT4GAAAAiBbgYwAAAIBoAT4GAAAAiBbgYwAAAIBoAT4GAAAAiBbgYwAAAIBoAT4GAAAAiBbgYwAAAIBoAT4GAAAAiBbgYwAAAIBoAT4GAAAAiBbgYwAAAIBo8X9Z5Pep24dsjQAAAABJRU5ErkJggg==) --- **Mirror:** [Click here to view the mirror](<http://1174847.openbounty.org/mirror/>) ### Coordinated Disclosure Timeline Vulnerability Reported:| 28 May, 2020 02:53 GMT ---|--- Vulnerability Verified:| 28 May, 2020 03:07 GMT Website Operator Notified:| 28 May, 2020 03:07 GMT a. Using the ISO 29147 guidelines| ![](/images/done.png) ---|--- b. Using publicly available security contacts| ![](/images/done.png) c. Using Open Bug Bounty notification framework| ![](/images/done.png) d. Using security contacts provided by the researcher| ![](/images/done.png) Public Report Published [without any technical details]:| 28 May, 2020 03:07 GMT Vulnerability Fixed:| 2 July, 2020 17:41 GMT ---|---

{"id": "OBB:1174847", "type": "openbugbounty", "bulletinFamily": "bugbounty", "title": "en.osjd.org Open Redirect vulnerability ", "description": " \n\n\nOpen Bug Bounty ID: OBB-1174847\n\nFollowing coordinated and responsible vulnerability disclosure guidelines of the **[ISO 29147](<https://www.iso.org/standard/45170.html>)** standard, Open Bug Bounty has: \n\n&nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; \n&nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence.\n\nAffected Website:| **[en.osjd.org](<http://en.osjd.org>) ** \n---|--- \nOpen Bug Bounty Program:| **Create your bounty program now**. It's open and free. \nVulnerable Application:| Custom Code \nVulnerability Type:| **[Open Redirect](<https://www.owasp.org/index.php/Unvalidated_Redirects_and_Forwards_Cheat_Sheet>)** / CWE-601 \nCVSSv3 Score:| 3.4 [CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:N] \nDisclosure Standard:| Coordinated Disclosure based on **[ISO 29147](<https://www.iso.org/standard/45170.html>)** guidelines \nDiscovered and Reported by:| **myNickName ** \nRemediation Guide:| **[OWASP Open Redirect Cheat Sheet](<https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/Unvalidated_Redirects_and_Forwards_Cheat_Sheet.md>)** \nExport Vulnerability Data:| Bugzilla Vulnerability Data \nJIRA Vulnerability Data [ Configuration ] \nMantis Vulnerability Data \nSplunk Vulnerability Data \nXML Vulnerability Data [ XSD ] \n \nVulnerable URL:\n\n![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAABLCAIAAAAphcDFAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAZV0lEQVR4nO2df0xb1/XAX12POsYQIMYQ4ibG3ViUIUpThmiWbiiKUkot5GZ0RZSmNEVJxCJKUZpRL8tYipKMEtplDGURrWgUdfmjIgxFEYpQllkRzQhzXep6DmMUHMe1iCHAXOoax+/7x1Xv9+29+64fDjYOOZ+/uJf7zj333B/H7773zn2IZVkGAAAAAKKAbLkVAAAAAFYs4GMAAACAaAE+BgAAAIgW4GMAAACAaAE+BgAAAIgW4GMAAACAaBEXPiY7O/uzzz4TS65U4raZcasYAMQ/MH14LL+P+fzzz0Oh0OOPP05MrlTitplxqxgAxD8wfYSE8TETExNJSUnEf83Ozh47dkwsKZ3e3t6ysjKxZAwgtnFiYiI1NTV6laJmUsy7XMShYnfu3Hn11VfT09PXrVv3q1/9amFhIa7UI0LRUPrQevbZZ//85z/j5I0bN5599tnVq1dnZGS89tprs7OzKH9qaurll19G9nnrrbcWFhYYhrl9+/ZLL720Zs2adevWvfHGG99++y2W8/e///2JJ55ITEx86qmnPv/8c16lEU/kRcGrRWguipXC9j69wFItXERiv3zFP5Hfx8zMzBw9elQsKZ1l9zEbNmzwer2xrJGJ47EYh4pVV1cHAgGr1Xr58uWBgYHDhw8vt0bhufdBdePGDYvFsmvXLpxTWlqq1WodDofFYvH7/fv27UP5u3btCoVCyD5Xrlw5cuQIylQoFDabzWw2Dw8PHzp0CMupqKhoampyuVwlJSW7d+/m1RvxRF4UsalFStVLq0kcTp/lh6UyPj6uUqmk/ItSkoLb7U5JSQkEAsTkMjI+Pp6SkhIl4biZkRktesShYvPz81qt1ufzoeTg4OD3v//9+FEvAiQOrdra2kOHDuGk3+9/77335ubmUHJ4eFir1bIs6/P5ZDLZzMwMyr969WpOTo7P51MoFDyjYVFqtdrlcrEse+HChby8PKF6MbBt2NWDYqWwGtILLMnCRSR+lq+4QtJ9zB/+8Ifs7Ow1a9a8/PLL6A59dnZWp9P5fL6HHnroww8/5Cbb2tqSkpLeeeedjIyM1NTUV1555ZtvvhGT3Nvbu2PHju9973vC5Lfffvvaa68lJSVt2LDht7/97d27d5nv7oJPnDiRnZ2dmpr60ksv4R0DLl9//fXevXvT09MfffTR3/3ud+ja69evP/3000lJSevWrfv5z3/+r3/9CxXGd9a3bt165plnkpKSfvjDH3700UdEhYmSkYRjx46lp6evXbv2/fffZxjmq6++eu6555KSkrKzs0+cOMG98ee1+ve//73QVtevX3/qqadWrVqVnp7+wgsv3Lp1i9J8ilkoZuQpHJ+KrVq16ubNm4mJieiq0dHRrKysGKhH1FDMbkJ42zVShhaX2dnZc+fO7d+/H+c88sgjr7/+OpK5sLBw9uzZbdu2MQzj9XqVSuXq1atRMa1WOzk5mZiY+M0332CjBQKBhIQELKq2tra0tPSXv/ylyWTiKcOb10R7Lmq0E3tZWAsF6TbnIVy1hFVLXLjElg4evOkDIML7GJ/PZ7VaBwYGBgcH3W53Y2MjwzCrV692OBwqlcrv91dVVXGTzz//vM/nGxwcHBoaGhoaslgsLS0tYsIpG2VHjhyZn58fHh7u6+szm82nTp3C+gwPDyN9nE6nyWQSiq2rq3O73RaLpa+vr7e3t6Ojg2EYg8FQXV3tdDqvXr26detWhULBu2r//v3Jycl2u/3ixYtiCwFRMtLK4XDYbLaurq6tW7ciaQkJCaOjo/39/WfOnBFrtc/nG/oOrq0sFsuePXs8Ho/NZtNqtXi5EWu+WD7FjDyF41kxxI0bNw4cONDa2hoD9cQ0pKhHQWxopQtA+Z2dnQaDISMjQyjq/PnzSqVycHDw9OnTEmtvbm7m7rmpVKqxsbGurq6+vr4f/ehH3JK8ec2I2FP6aCfaUFgLHbrNiTYkrlrCqiUuXGGXDgRslJGh3+aMj48zDIPv0AcGBvR6Pf4X8ZYTXeJ0OlF+d3d3QUEB+tvpdOp0OnyJz+dTqVTT09PEpFqtxjf7Vqu1sLBQqM/Vq1exPphgMIhmEUr29vYWFRVNT0/L5XK/309so0qlCgaDCoWCq7bwVp0oGWuFNUclFQoFLsmVxm0mxVZcRkdHMzMzKc2nmIViRq7C8awYwuVy6fX6c+fOxUY9ooYU9XhwZwdlaLkEoHy9Xm+1Won7RfPz82azOTc399SpUyxpGvIuaWpq2r59ezAYRMnOzs68vDyPx1NcXFxSUoKspNFoiJrzQPZc1Ggn9jJRbbG9MmF1vMJCG1JWLUrVYoOKsnRwFzTe8gVg5GGdkEqlwnf9WVlZ09PTYS9RKBSPPvoo+nvjxo1OpxNfPjAwgItdunSpsLAQ31Zzk3fu3PF6vTqdDv0rFArJ5XKhPlqtVqjP5ORkIBDIzs7GCoyPj6emppaXlxcVFW3bti0rK6ugoOBnP/sZ7yqGYbhqC9tFlIy14u6GTU5OhkIhbkmxVovZ6tNPPz148KDdbg8EAqFQKBQK0ZtPzKebkffeTtwqhigvL6+vr3/xxRdjoB5FQzH1KFCG1rp164Tlz58/r9PpHn/88YmJCeF/V61a9fTTT7e0tBw6dGjv3r30qv/617+eOXNmcHDw4YcfRjkmk6mvry8jI+Ojjz7Ky8s7duwYmhFiEoj2lDjaKb28KOg2F9pwYmIiglWLERlUlKWDu6Dxpg+AiaTLI+bhhx9eu3YtTlI2yvx+v0wmGxoawoNSJrvXT3n+8pe//POf/7TZbG63u6GhYcuWLX/84x/vUWYESLyhNhqNNTU1p06dUigU6BWgCOpalBnjVjGGYb766qvh4eFPPvkkNuqJaRgIBCKTJgbeHMPcvn375MmTDQ0NvPyFhQWr1frjH/8YJfV6vdvtpgv/4osv9u3b19fXt2bNGix8enr6iSeeYBhm7dq1XV1dRqNxaGiIsul3L/aU3stKpdLv99+9exf7Qp/Pp1QqpdQitOHQ0JB0JaUgtnRwFzTYKBMjKj7G7/ffvHkT/SIYGRlZv369sMzdu3cvXLiA30PlJdeuXatUKvF8WBQajSYhIeHLL79EP6wcDgf+JfXkk08++eSTDMOUlpYaDAauj9FoNAzDcNVelGRhSZlMNjExsWHDBlSS2ExGxFa3b992u92/+c1vUJmI34KVbsa4VQyh0WhsNhs3J6rqiWlIvLGQojwjMrSsVquw/JUrV4aHh2UyWSgUmpubQ2uoy+XasmXL5OQk+qWMm6xWq+fn52dnZ9Fjf5fLhaq7c+eO0Whsa2vjfg+YlpYml8v//e9//+AHP2AY5rnnntu9e/fp06d5tsVItKfYaJfey+np6WlpadeuXfvJT36Ccsxmc15eHv0qhNCGwWBQyoVCKAsXZelgSNMH+H/oW2mU3V6fzyeXy0dGRnhJtH1UXl7ucrlsNlt+fn5TUxOWgLc10Z4yzuclWZbdt29fUVER+u3Q0tJy5MgRuj7cDdOampqysjKn02mz2TZv3nzy5Em73V5SUnL58mWv1+t0OmtqagwGA6+NRqORq7ZEyUKtEOXl5UajcXx83Gaz5eXlIWm8ZlJspdFoOjo6ZmZmRkZGjEYj3psmNp9iFilmjGfFMNxeiIF6RA2lv+fKKyk2tIjg5wrXrl1LTk7Gz2kMBkNFRYXL5bJarZs2bero6EDlS0pKqqqq3G73yMjI1q1bDx06FAwGt2/fXldX5+eACtfW1m7ZssVms3m93q6uLrVanZmZyX1JmjevhfaUPtqJNiTWwrJse3t7Tk6O2Wz2er0ff/xxWlra1atXhZZkWXZubk4ulzscDvyQiW58XrcuduGiLB3sd8NSuHwBmMh9DMuyTU1NSqWyq6uLmzxx4oRKpTp+/LhGo0lJSdm1a9f8/LxQ2oEDB0wmExbFS7Is6/f76+vrtVqtUqksLS1FTxQlLhY+n2/Pnj1qtVqr1TY1NQWDwUAg0NTUlJOTk5CQoNFoqqqqPB4PTyuXy7Vjxw6VSpWTk9Pa2ipRsrAMwuPxGAwGlUql0+mOHz+OpPGaiS5saWkR2spsNhcUFCgUiszMzIaGhojXSilmjGfFhBfGRj2ihhH7GOLQkiKEW3JycrKioiIlJUWr1TY3N3PzKysr09LSsrKyGhsb0edNvJ+SXLM3NjbqdDqFQrF58+azZ8+OjY0plUqz2YwFcue10J7SRzvRhsRaEG1tbTqdLiEhITc3t7u7m2hJRGNjI+9ant3CvgchfeGSsnQIly8AE8bHRIDEeZiTk3Pt2jWxZCyJwUdnDocDvbqzjM2kE7eKAfcdeLTfX9zLOgDTh0JMn/lzuXHjBiW5wrBarXq9nonjZsatYsB9Bx7tDw4wfSgs4mWtFRmzemFhYWBgQKvVLrnkt99++/333799+/Y//vEPk8mEo0vdI7HphRXZ19FA+AEg4r///e9yqxZTojTagRWA1PuYlRqzes+ePb29vZ2dnUsuubi4uL6+vra2dv369XV1da+88sq9y4xNL6zUvo4GxBfDGIaJ87DQS040RjuwQpC4p9bc3Lx///6obtst4XORGDxiQeFao1qFkBj0grCWubm5zMxMh8OBcxwOR0lJSXJyskaj2b17Nw7IKCwsfPiMvi1nWXZ6erqqqgo9qT548KBYJMEIulJK19TX1ysUCrGHxvdOLKN2SnxRgseyDGA6lIZw8+NQczZetYoHpPqYwsLCS5cuRVWV+8vHxHIRwcSgF4S1NDc3HzhwgFtAr9fX1NS43W6Xy1VZWVlRUSFWGFmJ+wYt9iVGo7GystLlctnt9qKiIu4L7lwisHPYS7xer0wms1qtYi+/3jsxHh5iQZIoPmZZBjAd6W+ux5vmbLxqFQ9I8jGxiVkNPoZObHqBV8vc3Fxubi4O/cSKB5knFhazkt/vl8vl3Ij0mzZtIuoTDR+zIocHUYcV42MiKBZj4lOreEDSM39uzGphcHsUfJsYEzuC+PzCgO28MOm8A/IoIfSJsd/F9CfKF1OVFyH8T3/60zPPPIMl/PrXv+btRy/5iQBiwcaFBv/yyy8TExM//fRThmGmpqZSU1P/9re/URTmxSdvb28/cOAA1z5iQeaJhRmGCYVCr7/+ekZGRkZGxhtvvIHa7vf7Q6EQDjivUCjm5+cZcYhx2olWDRs3fmpqiluA2AtiUf3FBu3du3ffeuutjIyMxMTEF154YWpqiqK2EK7wxMTEF198cWpq6s0330xPT1+zZs2rr7769ddfo5KUkwtQAYmHCEiJ4c+QhijRXMRrhTz//PPvvPMO+vuzzz575JFHsE327t375ptvihmN20Ce5sQVhojYlEEWS0xMfOyxx95991004yhrArGxRHtKOQ7ggUCKIyotLT179iz6e/fu3QaDgfuhO/4+1ul0jo6O5ubm4n0Pk8lUUVExNjZmt9uLi4vb29vZ7/bod+3ahb9Mrq2txflCOfQvqnbu3Gk0Gj0ez+joKP7AmKISUX8x+WKqsiyLQ4IHg0GXy6VQKPDv99zc3J6eHq4BhZVyhXs8nr6+PvQMg9gcYS9oNJrOzs7p6emxsbG2tjb8aRvR4M3NzT/96U9Zlq2tra2srGRZlqIwtxafz6dWq/V6fVZWlslk4u0sdXd3y+Xy4uJitI9BLIzaaDKZJicnUUe0traiywsKCurr6wOBwNzcnMFgKC8vJ449JKG6utrtdo+Ojm7btm3fvn0Uq/K6hiiTW4DYC0IzUkYCy7JHjx4tKCgYHh52uVx1dXVms5mitlgbq6qqXC4XEq5Wq9G1IyMjxcXFdXV1qOSpU6c++OCDmZkZj8dTX19vNBrZ/50gKKAAHvaU+xielcQk84xDNBfxWiGdnZ07duxAfzc3N8vlchRFm2VZvV5/+fJlMaPxZihXc+KAJyI2ZbgW4y4gYmuCWGN59hSr7gEkvI/hxqwmBrcfFw+0vqj4/GJyKP0tFlRcTJSY/nQfQ4z9zruqqKjo448/xvnc7eMlPxGAEmycaPBAILBx48ampia1Wo0/USYqzItP3traajQavV4vWrDwIo7gBZknFvb7/dxv03p6enB0d7vdnp+fn5CQgEIfij1n4nUBjtMuZlVh1xBl4gLCXiCakTISWJbVaDQWi0WK2pQ2cncOZTIZjlwwMDDAPcUSwz25ADVHyvkURCNQJDOCuPpCcxGvFeJ2u1HsS5ZlCwsLGxoa0C+e8fHx5ORkHJ5AaDThDMVJsbMDeIhNGTGLhY0UIGws9xLKDH0ACe9juru7t23bhv52u90JCQn4XyMjI+g8CYVCgTPtdjv6yhfF01Z/R1paGsqnBPYgyqH0N08fu91OFyWmP8XHSPzX8ePHq6urWZZtb2//xS9+wTUgsVKhBEpz2P/tBZZlKyoq8vPzGxoaWltbr1y5gjLFDM6ybH9/P8MwXCdBVJhXS05ODp5+vb29xDNaLl68uHnzZomFHQ4HbwGamZlpa2vjFlZzEFoJd4GYVYWX8ASyAh/D6wWiGSkjYWZmRi6X8+6ZKOXp+rCCFY2btFgs27dvz8rKQorxFkS3280b9tIrpUsWaxflWmKl+fn5ly9f9ng8Wq12ZmZGo9EEg8HOzs6dO3dS7CDmYygDXlg1ccqIWYzSI2KN5V1CrO7BJPz3MRHHrI5GfP64ZefOnShA+oULF6qrq5dcPq8XiMHGKQb3eDwymczj8dAV5tZy586dsbExfJxGTk4OCiZPDDIvVlgIPtAFoVQq33vvvfb2dpwj9sVJxCxWYGRR/XFQ+iXXh0vEkfbDVnovMfzFrhVWWlpa2t/fPzY2ZjAYVq9enZ+fbzab+/v7S0tLpVeHoQx4YdVLdbSHREPFyUkicQHdBQWDQbVajXckpOyV9fT04J+lKpWKt4fAUn+tEOXMzc3JZDLuNgVvr2x8fBwlxfbKsCii/hT50u9jWJbNzc3t7+9PSUnhvlglVilRglhzeL3Aw2q14je7iAafmZnJzMw8d+5cWlqa3W4XU5hXC5rAONnT04PURq+E4d2S3t7ewsJCscL9/f35+fm4xu7ubt5uxunTp9FtkBhiXbCEe2XCwkIz0m81NBqN1WqVXl5iG3nJyclJuVyO861WK+9HN2/np6enR2KlYSWLqUq5lsjAwEBhYWFZWdnFixdZlu3o6Kirq8vMzHS73RQ7UPbKiAM+LHjKiFlMbE2gNJYy6rgz9AEkjI8RxqwWBrfHD9iFgdYXFZ+fIqewsLCmpsbj8aAnotxBTAwqThFFDM4vJp8y+YXByQ8fPpyXl4fjfkfvRABKsHGiwWtra9FuWHNzc3FxsZjCwr42Go0lJSXj4+PDw8ObNm364IMPUD4xyDyx8MzMjFqtPnz4sNfrtVgsvIc6wWBQr9f39vay4lC6gGhVYtdQZBJ7IWxUf54bOHr0aGFhIXrmv3//fvTMf8l9DCvh5ALphwiEjeFPNA7RXMRrxdBoNBqNBs0Ol8uVnJyMf4VI9DFczcXODuBBmTJiFhNbE8Qay9VKrLoH8wlNGB8jjFktDG6PRgAxmH8E8fmJAdvRSyYqlWrTpk0nT57kDmJiUHGKKGJwfjH59MnPixCObs9RUjgrlvBEAEqwcaHBh4aGVCoV+qXm9/t1Ot2ZM2eEChP72uv1oqDx69evP378OM4nBpkXK4yOWVSpVHq9vqWlhSv/zJkz9JsYehcQrYoQxo0Xk0nshbBR/XkjIRgMHjx4UK1WKxQK9OJDlHxM2JMLFnWIAD2GP9E4RHMRrxWjsrKS+w5hQUEBHnUSfQxXc8rZAVwoUwZZTKlU6vV6rsXE1gRKY7FWxOrC3l6vVML4GCkxq+PHdssbVNzn8ykUCsorN4sl2icC8BSG+OTAAw79pwAQGWGe+d9fMauXN6j4pUuXtm7dyv1q8h6J9okAPIXvr74GAOC+YNnOj1kq3n777aysrLKysrGxMZPJtFxHas/Ozra3t1dUVNyjnJg1Z6kUBgAAoHDfv0xcXFzc0dGh1WqrqqqWMag4fvBzj3Ji1pylUhgAAIDCQyzLRnDZxMREbm7ug3YQEwAAALAo7vv7GAAAACBuAR8DAAAARIswPoYSt58Rj8ItVh4AAAB4oAh/H+Pz+QYHB4eGhoaGhiwWS0tLC863Wq0DAwODg4Nut7uxsZFeHgAAAHjQCPPMf2JiQqfTOZ1OFO7w/PnzR48evX79Osqfm5tDJ/l88sknVVVV//nPf8TKx6YxAAAAQFwR/j5GoVDgeLobN250Op3ob5VKhY+Ky8rKQnG2KeUBAACABw145g8AAABEi/A+xu/337x5E/09MjKyfv36pS0PAAAArFQk3cc0NDTcunXriy++aGpqMhgMS14eAAAAWJGEj1emUqkKCgo2b94cCATKysoOHjy4tOUBAACAlUr498oWFTMGYswAAAAAGHjmDwAAAEQL8DEAAABAtAAfAwAAAESLCGP7AwAAAEBY4D4GAAAAiBbgYwAAAIBoAT4GAAAAiBbgYwAAAIBoAT4GAAAAiBbgYwAAAIBoAT4GAAAAiBbgYwAAAIBoAT4GAAAAiBbgYwAAAIBoAT4GAAAAiBbgYwAAAIBoAT4GAAAAiBbgYwAAAIBoAT4GAAAAiBbgYwAAAIBoAT4GAAAAiBbgYwAAAIBoAT4GAAAAiBbgYwAAAIBo8X9Z5Pep24dsjQAAAABJRU5ErkJggg==) \n--- \n \n**Mirror:** [Click here to view the mirror](<http://1174847.openbounty.org/mirror/>)\n\n### Coordinated Disclosure Timeline\n\nVulnerability Reported:| 28 May, 2020 02:53 GMT \n---|--- \nVulnerability Verified:| 28 May, 2020 03:07 GMT \nWebsite Operator Notified:| 28 May, 2020 03:07 GMT \na. Using the ISO 29147 guidelines| ![](/images/done.png) \n---|--- \nb. Using publicly available security contacts| ![](/images/done.png) \nc. Using Open Bug Bounty notification framework| ![](/images/done.png) \nd. Using security contacts provided by the researcher| ![](/images/done.png) \nPublic Report Published \n[without any technical details]:| 28 May, 2020 03:07 GMT \nVulnerability Fixed:| 2 July, 2020 17:41 GMT \n---|---\n", "published": "2020-05-28T02:53:00", "modified": "2020-06-27T02:53:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://www.openbugbounty.org/reports/1174847/", "reporter": "myNickName", "references": [], "cvelist": [], "lastseen": "2020-08-20T22:01:15", "viewCount": 4, "enchantments": {"dependencies": {}, "score": {"value": 0.8, "vector": "NONE"}, "backreferences": {}, "exploitation": null, "vulnersScore": 0.8}, "openbugbounty": {"patchStatus": "patched", "mirror": "http://1174847.openbounty.org/mirror/"}, "immutableFields": [], "cvss2": {}, "cvss3": {}, "_state": {"dependencies": 1645721060}}