Open Bug Bounty ID: OBB-1176427
Following coordinated and responsible vulnerability disclosure guidelines of the **[ISO 29147](<https://www.iso.org/standard/45170.html>)** standard, Open Bug Bounty has:
&nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence;
&nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence.
Affected Website:| **[enta.net](<https://www.enta.net>) **
---|---
Open Bug Bounty Program:| **Create your bounty program now**. It's open and free.
Vulnerable Application:| Custom Code
Vulnerability Type:| **[XSS (Cross Site Scripting)](<https://www.owasp.org/index.php/Cross-site_Scripting_\(XSS\)>)** / CWE-79
CVSSv3 Score:| 6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N]
Disclosure Standard:| Coordinated Disclosure based on **[ISO 29147](<https://www.iso.org/standard/45170.html>)** guidelines
Discovered and Reported by:| **g0bl1nsec **
Remediation Guide:| **[OWASP XSS Prevention Cheat Sheet](<https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.md>)**
Export Vulnerability Data:| Bugzilla Vulnerability Data
JIRA Vulnerability Data [ Configuration ]
Mantis Vulnerability Data
Splunk Vulnerability Data
XML Vulnerability Data [ XSD ]
Vulnerable URL:
---
**Screenshot:** 
**Mirror:** [Click here to view the mirror](<http://1176427.openbounty.org/mirror/>)
### Coordinated Disclosure Timeline
Vulnerability Reported:| 28 May, 2020 20:30 GMT
---|---
Vulnerability Verified:| 28 May, 2020 20:44 GMT
Website Operator Notified:| 28 May, 2020 20:44 GMT
a. Using the ISO 29147 guidelines| 
---|---
b. Using publicly available security contacts| 
c. Using Open Bug Bounty notification framework| 
d. Using security contacts provided by the researcher| 
Public Report Published
[without any technical details]:| 28 May, 2020 20:44 GMT
Vulnerability Fixed:| 3 July, 2020 19:41 GMT
---|---
{"id": "OBB:1176427", "type": "openbugbounty", "bulletinFamily": "bugbounty", "title": "enta.net Cross Site Scripting vulnerability ", "description": " \n\n\nOpen Bug Bounty ID: OBB-1176427\n\nFollowing coordinated and responsible vulnerability disclosure guidelines of the **[ISO 29147](<https://www.iso.org/standard/45170.html>)** standard, Open Bug Bounty has: \n\n&nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; \n&nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence.\n\nAffected Website:| **[enta.net](<https://www.enta.net>) ** \n---|--- \nOpen Bug Bounty Program:| **Create your bounty program now**. It's open and free. \nVulnerable Application:| Custom Code \nVulnerability Type:| **[XSS (Cross Site Scripting)](<https://www.owasp.org/index.php/Cross-site_Scripting_\\(XSS\\)>)** / CWE-79 \nCVSSv3 Score:| 6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N] \nDisclosure Standard:| Coordinated Disclosure based on **[ISO 29147](<https://www.iso.org/standard/45170.html>)** guidelines \nDiscovered and Reported by:| **g0bl1nsec ** \nRemediation Guide:| **[OWASP XSS Prevention Cheat Sheet](<https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.md>)** \nExport Vulnerability Data:| Bugzilla Vulnerability Data \nJIRA Vulnerability Data [ Configuration ] \nMantis Vulnerability Data \nSplunk Vulnerability Data \nXML Vulnerability Data [ XSD ] \n \nVulnerable URL:\n\n \n--- \n \n**Screenshot:** \n\n**Mirror:** [Click here to view the mirror](<http://1176427.openbounty.org/mirror/>)\n\n### Coordinated Disclosure Timeline\n\nVulnerability Reported:| 28 May, 2020 20:30 GMT \n---|--- \nVulnerability Verified:| 28 May, 2020 20:44 GMT \nWebsite Operator Notified:| 28 May, 2020 20:44 GMT \na. Using the ISO 29147 guidelines|  \n---|--- \nb. Using publicly available security contacts|  \nc. Using Open Bug Bounty notification framework|  \nd. Using security contacts provided by the researcher|  \nPublic Report Published \n[without any technical details]:| 28 May, 2020 20:44 GMT \nVulnerability Fixed:| 3 July, 2020 19:41 GMT \n---|---\n", "published": "2020-05-28T20:30:00", "modified": "2020-06-27T20:30:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://www.openbugbounty.org/reports/1176427/", "reporter": "g0bl1nsec", "references": [], "cvelist": [], "lastseen": "2020-08-20T00:47:37", "viewCount": 6, "enchantments": {"dependencies": {}, "score": {"value": 0.6, "vector": "NONE"}, "backreferences": {}, "exploitation": null, "vulnersScore": 0.6}, "openbugbounty": {"patchStatus": "patched", "mirror": "http://1176427.openbounty.org/mirror/"}, "immutableFields": [], "cvss2": {}, "cvss3": {}, "_state": {"dependencies": 1645446165, "score": 1684000741, "epss": 1678905580}, "_internal": {"score_hash": "8db26d82cf58957de9bd52d670acc58c"}}
enta.net Cross Site Scripting vulnerability