Open Bug Bounty ID: OBB-1179127
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:
      a. verified the vulnerability and confirmed its existence;
      b. notified the website operator about its existence.
Affected Website: |
tr.etilaf.org |
Open Bug Bounty Program: |
Create your bounty program now. It’s open and free. |
Vulnerable Application: |
Custom Code |
Vulnerability Type: |
XSS (Cross Site Scripting) / CWE-79 |
CVSSv3 Score: |
6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N] |
Disclosure Standard: |
Coordinated Disclosure based on ISO 29147 guidelines |
Discovered and Reported by: |
geeknik |
Remediation Guide: |
OWASP XSS Prevention Cheat Sheet |
Export Vulnerability Data: |
Bugzilla Vulnerability Data |
JIRA Vulnerability Data [ Configuration ] |
|
Mantis Vulnerability Data |
|
Splunk Vulnerability Data |
|
XML Vulnerability Data [ XSD ] |
|
Vulnerable URL:
![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAAA3CAIAAABVZQ1/AAAACXBIWXMAAA7EAAAOxAGVKw4bAAAOfklEQVR4nO3df0wb5f8A8K50WOBw/GgLlE7aRZGQBZUQxATn3IwSbEjdGP7qGCpBXHBBMhdgipVNtmEwkSxkf7hkIyYaYxZDiJkLTtMQwjbGztogq8DaWmuFFulWEGppv39cvNz37rmnpXDSD7xff/W5Pvfc+3m68Oyea9/PllAoJAIAAAAEIF7vAAAAAGxYMMcAAAAQCswxAAAAhAJzDAAAAKHAHAMAAEAoMMcAAAAQSkzMMRqN5qeffuIrblSbpJsAgM1s/eeYn3/+ORgMPvLII8jiRrVJugkA2OTCzDE2my05ORn5ltfrPXXqFF8xcn19fRUVFdxi1A0iQ2J2BNMppnfeeSchIeHixYuriYEPs9cej+fgwYNyuTw7O7ulpeWff/7hOwtTc2lp6eWXX2b2i+6mzWZLTU1dUXgRDhEAAOBFfx8zNzfX0dHBV4wc3xwTdYPIkHJyctxud+Tnejye7u7u4eFhvV6/mhj4MHtdXV0dDAZJkrx69eqPP/7Y3t7OdxZfzaWlpbKyskAgsFbhrXS4AAAALYRltVoJgojkLUxNDKfTmZKS4vf7ucXoGsREuKJQV391DGY3fT6fWCyem5uj3hocHMzNzUWehalptVpPnjzJitnhcBQWFlIviouLBeoLAABgRHQf8+mnn2o0mvT09IMHD3q9XpFI5PV61Wq1z+fbsmXLxYsXmcVPPvkkOTn5448/zsjISE1NPXTo0N9//83Xcl9f37PPPrt161ZWkdU+tXRz6tQpuVyelZV1/vx5VjtLS0tvvPFGcnJyTk7OBx98sLy8jGwBGcONGzeeeOKJhIQEuVx+4MCB33//3ePxMM9l1Z+fn3/zzTflcvn27ds//PDD5eVlZHh//PHH888/n5ycrNFourq6mKtVzF673e7ExMRt27ZRb6lUqunp6Tt37iQlJd26dUskEnk8ntTU1B9++AFZk3qdk5Nz/PhxVpzZ2dk3b96kXly7do06+N133/F9FswK3KXFrq4ujUaTlJT04osvejyed999Vy6Xp6env/baa/Pz81RNTJeZo/3kk08mJydnZ2fv37//l19+QY7e8vJyS0tLRkZGUlLSgQMHPB4PX8DIscL3EQDwnwk/x/h8PpIkh4aGrl+/7nQ6m5ubRSLRtm3bxsfHCYJYXFzU6/XM4gsvvODz+a5fvz4yMjIyMjI6OtrZ2cnXON9CGat9Kozx8XGz2XzhwoXS0lJWO+3t7QsLCyaT6fLly0aj8dy5c9wW+IyOjtbV1blcLrPZrFKpGhoa0tPTMeceOXLE6XSOjo5evny5r6+vp6cHGV5DQ0N8fPzExMTAwEBvby+m11wajaa1tbWxsVEkErW1tZWXlz/99NOY+pGrqanZu3cvNfew3LhxY+/evTU1Ndy3qH8Dg4ODJEk6nc68vDy3220ymYaHh61Wa2trK1UN02WaVqutqamx2+2Dg4OlpaVSqVSEGr3Ozs6BgYGBgQGLxaJUKsfGxkQikZxD0LECAKwB/G2O1WoViUR3796likNDQzt27KDfQq6VUafY7Xbq+KVLl4qKiqjXdrtdrVbTp/h8PoIgZmdnkUVm+1Sb9FtcMpnM5/NRr0mSpJaGWC0gX7NMTExkZmZi6gQCAYIgpqamqGJfX19JSQk3vEAgIJVK6WqXLl1KSUkJ202qSNX0+/15eXkGg0Emk7lcLkxN5pGw63s+n6+joyMtLa2qqspisVAHLRZLVVVVWlpaR0cHNYzcwWeu0YnF4oWFBao4NDT04IMP4rtMm52dlUgki4uLrLC5H65CoRgdHWWd7uCgjnPHCgAQIyRhJyGCIOhlE6VSOTs7G/YUqVS6fft26nVeXp7dbqdPHxoaoqtduXKluLiYXlFhFblh8L31119/ud1utVpNFYPBoEQSvl+0W7duHTt2bGxszO/3B4PBYDCIqTw9Pe33+zUaDd076k8kK7zp6elgMMisRr+F7yZt69atZ8+efeaZZ7q7uzMyMiLvDl5SUlJLS0t9ff3rr7+en59PfTMtPz9fq9VOTU3RC3EsBEEw1+juv//+hIQEqqhUKqlvB2C6TEtNTa2srCwpKdmzZ49SqSwqKnrqqadEnNHzer2zs7MFBQWs07Ozs5HhCTRWAIDV+09/HxMXF5eVlUUX+RbKVmpxcVEsFo+MjJAkSZKkyWQiSTLy03U63a5du4xGI0mS3377bRQBrEjk3XS5XGKx2OVyrW0Ak5OTDQ0NRqOR/lpae3u70Wg8fPjw5OTk2l6L64svvvjss88KCgr8fn9TU9Pbb7/NVzMuLo51BLlWRhForAAAq4W/zcGsz0S4VvbNN9/Qa2VMgUBAJpPRSyusYiji1S0KQRDcpZVI1sqmp6clEgl9CkmSVAdXulbGqkwtHFmtVqpILxxxu8n3bbG5ubnMzMwvv/wyLS1tbGwMUxPZXz719fUEQTQ1NbndbuZxt9vd2NhIEER9fT1muEKcNTq6yNdlDJIkVSoVMmyFQkGSJOsg31oZd6wAADEi+jnG5/NJJBJ6TZ8uUnNMZWWlw+Ewm82PPvqowWCgW6DX4o1G486dO+njrCKrfeSfIeayfn19fUlJidlsdjqdnZ2d7e3tmBbu3r0rkUjGx8cDgUAoFFIoFD09PXNzcxaLRafTIecY5rVqa2srKirsdrvZbC4sLOzu7kaGV1lZqdPprFar2WwuKCigmuV2MxQKlZWV6fV6p9NpsVhKS0vfe++9UCh0+PDhqqqqUCh08uTJ3bt3Y2oyP52wc4xer6enAS6r1arX60NRzTF8XWYaGxsrKyu7evWq2+222+21tbVarRYZdkdHR3Fxsclkcjgc1F0XplPIsQIAxILo55hQKGQwGBITEy9cuMAsdnV1EQRx+vRphUKRkpJSXV1NPx9mtnb06NHW1la6KVaR1T73zxB3DmhsbFSpVImJieXl5fSNAl8Lzc3NdORGo7GoqEgqlWZmZjY1NXHnGNa5Pp+vrq5OJpOpVCqDwRAIBJB/JV0ul1arJQhCrVafPn2aahbZzenp6VdeeSUtLU2pVDY3N/v9/pGREYIgqHvBxcVFtVrd29uLrIkZk9WIbo5BdpnJ7/cbDIbc3Nz4+HiFQqHX610uFzLsQCBw7NgxmUwmlUp1Oh3rrouJb6wAALFgSygUWtvFN5vNtnPnznv37uGrPfzww729vY8//jiyuMHcvn17165df/7558buJhPd5fUOBACwnlbw/au1dfv2bUxxgyFJcseOHaKN3k0mussAgM1s/fMu/09YXl4+c+bMr7/+GvkpJ06cOH/+/MzMzLVr11pbW+vr64ULL0ZguhzFAAIANgCYYyISFxcXDAaPHj0a+Sm7d+/u6elRqVR6vf7IkSOHDh0SLrwYgelyFAMIANgI1vuBkLCifgxO5WxmHgkEAoWFhcPDw2sUWhhr9QBf0OSeNO5wcUU4gMwvwYf99jMAIMbBfQwad2eBuLi4mzdvbobH9VGIZCMGGEAANiGYY0BskUgkubm5zBcAgP9d4ecYvlT2VLL31NTUV199lUr4T+Gm2ecmb0emc+deSPRvYnlMVn8aN0U/tw43NuQlWPsCRD4ydGvIrQ0wV+cbzDNnzrDaYW1SwNzjEpNan9sOPn5u+5g4mcNVXV393HPP0acfP34c8yAKudFAdFsSAABiU/g5hi+VvclkohL+2+12Oru7CJVmX4RK3s49grwQsiYybxU3RT+3L8jYuJeIcF8ATMDIrQ0wV0cOps/nG/kXfosECl9qfb52+OLnwxcnc7g++ugjo9FI/zqqr69v3759fA1iNhqIuiYAILbgH9dgUtnTCf8HBwfphP8hVJp9bvJ2ZDJ87oWQNUP8eatofCn6+bYA4F4i7KNyfMDIrQ0wV+cOJl87fL+650utz9cOJn5k+/gPnXlWSUnJ119/TR9kZfJnQm40sMqaAICYEuY3mJhU9vSKikqlohP+86XZ52bm5ybDR14IeS4yx3vYFP2YLQAwGwfwwQSM3NoAf3XkYPJtkcAXD19qfWQ7mPj58MXJotPp+vv79+/f39/fX15eft999/E1iNxoYJU1AQAxZY1/50+n2af/gIrFYr/fv7ZXYSZ1p8zMzOh0utra2nPnzkmlUofDUVZWFklsaxsYxvpe/b+0b98+akmzv78fuasm0+TkZFtbG3OjgdXXBADEjjBzjEKhiI+Pv3PnDvUf3vHxcfp/4khZWVmJiYmzs7OPPfYYfdBms4WNY0UX4m4PMzMz43Q633//fapI7ZoVSWxRwwS8uLj422+/UbcOFovlgQceiO7qyHbS0tIWFhbu3btH3VI4HA46HrFYbLPZcnJyqHjw7fDFz9d+5B566CGFQvH9998PDw9/9dVXmJpvvfXW559/XldXZ7FY0tPT16QmACC2hF1NC5vKnvVbOW6a/bBZk/kuxFcTCZmin5XGH7kFAPISrJ0LIhyZ0L/PLZBbG0RyddbzD2Q7xcXFtbW1LpeLyvCPT62PaQcZP1/7+A+dNVxtbW0FBQVarRb/keE3GoiuJgAgpoSfY8Kmsmf9ueGm2Y9wjuFeiK8mEjJFf+j/p/FHbgHAdwnWzgWRjAzdGnJrg0iuzpxjCILo7OzktjMxMbFnzx6CIPLz87u7u/Gp9THtIOPnax//obOGi7rRxAwdAGCTWPvc/ptchFsbCG19U+vPz8/LZDKn07nSb1IAADaYjfnYGaxvav0rV66UlpbCBAMAWLf9Y8CaO3HihFKprKiomJqaam1tbWtrW5cwvF7v2bNnX3rppXW5OgAgpsB9zMYRI7sJ0A9+1uXqAICYAs9jAAAACAXuYwAAAAgF5hgAAABCgTkGAACAUGCOAQAAIBSYYwAAAAgF5hgAAABCgTkGAACAUGCOAQAAIBSYYwAAAAgF5hgAAABCgTkGAACAUGCOAQAAIBSYYwAAAAgF5hgAAABCgTkGAACAUP4PYFrHM3ENxecAAAAASUVORK5CYII=)
Screenshot: ![tr.etilaf.org vulnerability](/twimages/screen-1179127.jpg)
Mirror: Click here to view the mirror
Coordinated Disclosure Timeline
Vulnerability Reported: |
31 May, 2020 14:37 GMT |
Vulnerability Verified: |
31 May, 2020 14:46 GMT |
Website Operator Notified: |
31 May, 2020 14:46 GMT |
a. Using the ISO 29147 guidelines |
![](/images/done.png) |
— |
— |
b. Using publicly available security contacts |
![](/images/done.png) |
c. Using Open Bug Bounty notification framework |
![](/images/done.png) |
d. Using security contacts provided by the researcher |
![](/images/done.png) |
Public Report Published |
|
[without any technical details]: |
31 May, 2020 14:46 GMT |
Vulnerability Fixed: |
10 July, 2020 13:34 GMT |
— |
— |