Open Bug Bounty ID: OBB-1182079
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:
      a. verified the vulnerability and confirmed its existence;
      b. notified the website operator about its existence.
Affected Website: |
blogtransportation.info |
Open Bug Bounty Program: |
Create your bounty program now. It’s open and free. |
Vulnerable Application: |
Custom Code |
Vulnerability Type: |
XSS (Cross Site Scripting) / CWE-79 |
CVSSv3 Score: |
6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N] |
Disclosure Standard: |
Coordinated Disclosure based on ISO 29147 guidelines |
Discovered and Reported by: |
geeknik |
Remediation Guide: |
OWASP XSS Prevention Cheat Sheet |
Export Vulnerability Data: |
Bugzilla Vulnerability Data |
JIRA Vulnerability Data [ Configuration ] |
|
Mantis Vulnerability Data |
|
Splunk Vulnerability Data |
|
XML Vulnerability Data [ XSD ] |
|
Vulnerable URL:
![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAAA3CAIAAABVZQ1/AAAACXBIWXMAAA7EAAAOxAGVKw4bAAARGklEQVR4nO2dfUxT1xvHr4iMlxJeBuWlOF5c0BCCxBHGEnQMjRpGSIPI3MaAObIhcYyRxQlmjOGCjgnbCCNmUaNkyfzDEEPIwgjZksaQiYgda1jtKkJF6BTKyzoFBO7vj5ud3N89L72Flsp4Pn/13Hvuc56XUw49t/3eDTzPcwAAAADgBNxc7QAAAADwnwXWGAAAAMBZwBoDAAAAOAtYYwAAAABnAWsMAAAA4CxgjQEAAACcxVOxxkRHR//222+0JrB2gVICwDrH9WvM77//vrS0tH37dmITWLtAKQEAsLHGDA8P+/r6Ek9NT0+fOnWK1pRPW1tbVlaWpEkbl+GPHJbt5Cojx09xnxWmxV4jH374oZeX16VLl9jdJJVdHRhRTE5Ovv3228HBwSqV6uOPP37y5Mky7MuMnebV8PBwQEDAMsZdCXIqu1beGsDag2cyNDSkUCjknGL0ZJOcnNzZ2Slp0qwtexSHXL5qyPFT0md2dnbl48oxMj4+7ubmptVqFxYW2D0llV0dGKnLysp64403RkZG9Hp9amrq8ePH7TUuP3aaV0NDQ/7+/vaOu3JsVnatvDWANYeL98rGxsYMBkNaWhqxCcjnmWeeWR0jVqvV29t7+/btGzduZHR72kr5+PHjvr6+7777TqVSbd26taGh4cqVK/YakRk7jru7e2xsrPjFKuOQ6QEAy0DWGvPNN99ER0c/++yzb7311vT0NMdx09PTUVFRVqt1w4YNly5dEjcbGhp8fX2//PLLkJCQgICAgoKCx48f0yy3tbXt3bt306ZNxOYXX3zBNvLPP/+89957wcHBmzdv/uyzzxYXF4XjY2Njr776qq+vb3R0dH19vbA7gTt56tSp4ODgsLCw8+fPCxfeuHHjpZde8vLyCg4OPnjw4P3794V9hvr6+ujo6ICAgDfffFPIAOq/c+dOX19flUp14MCBP/74Q+hPDJ/ordBf7Ikkt7hLeP7FmyGMUWhRCIiN0PpPTEyIx2WUQFxKPEtCn7m5uXfeecfX1zcyMvLTTz8VriXGi2eJ47jFxcWKioqQkBAfH5+DBw9OTEwwZqyXl9e9e/d8fHyEDkajMTw8nOO4+/fv79u3z8fHZ8uWLV999RVjI0tm7MSDKpXq5s2bwovr168LBn/66SfaWAjUh5hDYgbwXIl36oiTUzKdbHoFAHbA/pgzNDTEcVxhYeHo6KjRaExPTy8uLhZO6fV6hUIxOzsr7Bug5uDgIMdxOTk5JpPJaDTGx8dXV1fT7GdkZHz//fd4UxgXNyL5RH/48OHMzEyTyaTT6Xbs2NHY2Cgcz87OVqvVZrPZaDQmJCSg3QmJk/n5+WazuaOjQ6/XCx3Onj174cKFqakps9lcVlamVqsFT/Lz80dHRw0GQ2pqaklJCXJAqVSeO3fOYrEMDg42NDQMDg7SPKd5i+yLPRHnFncJz784LexRiFGgWiMjjP6SutNKIK4sniXheGVl5aFDhwYHBwcGBtLS0pqamogloGWptrY2KSmpv79/ZGSktLRUo9GwZyxCr9eHh4f39PTwPK9Wq1GxxFMlCENm7LSE4ISGhqanp/f29hLP9vT0pKenh4aGMnLIyIA4V+KdOtrklIQGAI5C1hozMzMjNLu7u2NiYtAp4v0Y4RKTySQcb21tTUpKEl6bTKaoqCh0idVqVSgUFosFb9KMiAddWFhQKBToD1ZbW1tKSopw3NPTEx1vbW1FfzgkTqKhiRiNxtDQUEkGrl27hjJgsVjc3d0lO900z2neEj2hbY4LLuF90Gv2KMQoiIMy+sspgbiUxCwJBAUFWa1W4bVWq01OTqbFS8ySUqns6+vDo6DNWIGRkZGYmJjLly/z/04VcbHQVBnBkBM7LSFErFZrbW1tYGBgbm6uwWBAxw0GQ25ubmBgYG1trZAfWg4ZGRDnSs57E+7HAE7C3eYHHYVCgbZQwsPDLRaLzUs8PT03b94svN62bZvJZEKXd3d3o26dnZ3Jyclod0LSpBlBPHjwYH5+Pjo6GvUR3kIPHjxYWloSH6fFhW+M3Lp169ixYwMDA/Pz80tLS0tLS5IMREREoAwEBATk5OSkpKSkp6eHh4cnJSW9/PLLNM9p3tI8YbtEgz0KMQoacvrThhOXkpalycnJ8fHxqKgo4dqlpSV3d3dGvJIsTU9PWyyWhIQEtuf4jM3JySkrK3vttdcE/zmOExcLdVOpVOz8EGNn5B/Hx8enoqKiuLj48OHDcXFx6HtucXFxmZmZg4ODfn5+whFiDtkZoM0om28rAHAsq3rPf+PGjWFhYahJ/NbyavqDo1ard+3apdFotFrtjz/+aLP/Dz/8cO7cuYSEhPn5+fLy8vfff9/lLj0NSEpJzNLs7Kybm1tvb69Wq9Vqtf39/VqtlrMzXnvvvY+NjfX398spUzCGXQPJ5M6dO0ePHtVoNDU1NehgTU2NRqMpKSm5c+cOOkibafZmAABWGaesMbOzs/fu3RNeGwyG5557Du+zuLjY3t6O/hJJmnKMKJVKDw+Pu3fvCk29Xi/8U6xUKt3c3IaHh9FxmW4/fPhwdHT0k08+2bJli0ql8vT0lHPVCy+8UFBQUFFRceHChatXr9I8p3nrWJeWN8qyIQ6Hl5IjZSksLMzb29tisaj+JSwsTH68fn5+gYGB9ooIKJVKnU4nbnIcJy4WOqXFkBO7Xfk/cuRIYmJiaGiowWCoqKhAxysqKgwGg1KpTExMPHLkCDouyeHyMiDnvQkAjoS9lYbfdEEb1lar1d3dHe0joya6rzgyMqLT6RITE8X3/NGeskajiY+PR8clTZqRmZkZd3d3vV4v3JksKirKysrC76/m5OQIt+t1Op34Rq7YSeLus1KpbG5unpqaMhgMarXa39+fkYGBgYH9+/f//PPP4+PjJpOpqKgoMzOTET7RW6In4tziLuF9xEbkjCKOAlWEeIMH7y85hQ8nKSUxS8Kp4uLilJQUnU43OjpaV1dXU1NDi5eYpdra2uTkZOGOt/BpgO25JF4B4Z4/Khb7xys2Y6cdJJKXlzc0NMQeLi8vj5FDORngsfsxxMkpeTsDgKNY/hrD83x1dbW3t/fFixfFzfr6eoVCcfr0aaVS6e/vn5+f/+jRI9zaRx99VFlZiUxJmkLPuro63Mjx48fRoFar9d133w0KCoqIiKiurkZfiTGbzZmZmQqFIioq6vTp07jPgpN4vBqNJikpydPTMzQ0tLy8nL3GzM/PV1dXx8bGenh4KJXKvLw8s9ks9CeGT/SWttqh3OIu4X3ERuSMgqKgrSvy1xh8OEkpiVkSTs3OzpaVlUVERHh7e2dkZAi3yonxErO0sLBw7NixoKAgT09PtVo9Pj7O9hxv8jw/MjKyd+9eb2/vmJiYM2fO2LXGEFNNm5MrgZZDORng/3+NoU1OHns7A4BD2MDzvGM/GA0PD8fHx//999/sblu3bm1paXnxxReJTQdy+/btXbt2/fXXXw63TERm+P9hnFdKZzM8PJyYmDg5OelqR5wFTE5g9bH9vTIncfv2bUbTgWi12piYGCcZB3CcV0oAANYcLtaScZKq/8mTJ8+fP//w4cPr169XVlYWFxev3Ob6weWC/C53AAAAR+HKNcZ5qv5paWnNzc0RERF5eXmlpaUFBQUrt7lOcLkgv8sdAADAgTh+jYmMjJS54eu838fs3Lnz5s2bc3Nzf/755wcffCA+5RAZfIYd+eHbxCVy6+IqzM3Nvf7664x0OSqZNAeWzfLU7CMjIx17M8a1kv44DpycACATV36OeQp/g/lUMTU1VVtbu8qDoirMzc3t379/YWGB0TkyMnJ8fNxJDqwEOY65JL0AsN5w2RoDqv5PIeIqmM3mPXv2nDlzhn2JY0XjHTgNngY1e5dL+gOAy7G9xtDk6+ULrRNhqPoz1OmJmvm4RLxNKXv8qQGS3RXx5gbxSQE0O2z/cfs0VyVy699+++2+ffvQ5SdOnMBvMuHjEivFCEdchcjIyBMnTrCLKA6KKD5vU75e0sHmEwHwaUaMcRlq9vJdvXv3ro+Pz61btziOm5iYCAgI+OWXX4iXECX9AWBdYXuNyczMLCwsNJlM165dS01NFeQ9rFarXq/X6XQXL15MTU3lOK6urq6rq6urq8tgMISHhw8MDHBM0SfGRllpaeno6GhfX19HR0dbW1tzc7Nw3Gq19vT09Pb29vb29vX11dXVCcdramoePXrU39/f0dGh0WjOnj0rdO7v7+/u7u7p6TGZTJWVlWgsq9Xa+y9iOzSOHj3q4eFhNBq7urpaWlps2qH5T4Poqp+fH5Jbz8vLU6vVGo0Gbaa3tbVlZ2dL7BDHxStFCwcvil0Q50lhYeHu3buFv7MSbty4sXv37sLCQpoDRIPEaYbHKIY4bSTptcvV6OjoysrKsrIyjuOqqqoyMjJeeeUVbrUkzgBgjcH+iSZDvl6O0DpRIJ1nqvqz1emJsuS4RDxbmp5oh/b7cNqTApah4U/7pT3DVfElKSkpV65cQcclRSGOi1eK8eADSVGIPkhAZ2ni80T5ely7HndAvpo9++EI8tXs7XJ1fn5+27Zt1dXVQUFBSLaANtsBYD1j4zeYNGF2mULrNIF0hqo/Qx2dKEtOk4hnSNPbJW/OeFKAvRr+NGSq7qvV6vb29gMHDrS3t2dkZEjuN9DGlVSKEY6kKHZBmydE+Xpcux53wC41e/bDEWSW2y5XN23a1NTUtGfPnsbGxpCQEOGgzccBAMA6xPZemXz5elxmnLZ74MBvlNEk4v97ZGdnC1r37e3t+EbZylnhF7po8wSXrydq1+MOrL6avXxXOY4zm81ubm5msxkdgb0yACBg16cerVYbERFB3D9RKpVarVZykLh7sLCwEBQUhLZr8KacvbKrV6+iTQ+FQoHvnzAkHYl2ZmZm3NzcxHtW4r0ypI9L2ytDdmj+0+zLV5/keT4+Pr6rq8vf3x/ZQdD2yiQWaOFIqkDLpMyzwjzheb64uFihUJSXlwtyjYjx8fGysjKFQoEehExzQGIQn2ZEH2h7ZeJpI7lQvqs8z09NTYWGhl6+fDkwMHBgYEA4CHtlAIBjY42hydfLFFonwlb15+nq9BxFlhyXiLe5xhDtJCcnFxUVmc1m4Qn26BLikwLs1fCn2Zf/9ASe56uqqhISEpA2Pv//SvX4uMRKEcPBq4D8kVgQj4jO0sTn2fL1SLsed0C+mr2cNUaOmr18V3meLykpyc3N5Xn+888/T0tLo10FAICNNYYhXy/pSZQZJ8JW9eeZ6vREWXJcIt7mhwPiUwOMRmN6erpCoYiLi2tsbESXEJ8UwLBDU3cn2rfr6QnCNiBq2pSaJ1aKGA5eBeIQtCZDwF8mMp8IgE8zm2uMw9Xse3t7FQqF8NlodnY2KiqqpaXFLgsAsH6wb6/MIcTGxv7666+0Jg32ps2qodfrlUqlq0a3Wq2enp6S71CtBBSOzCpIcGBRlueATZ6SaQMA6xYXaPuvmqq/M3DtkwI6OztTU1MdqHyFwnF5FVzuAAAAzsBlz49ZQ5w8eTI8PDwrK2twcLCysrKqqsolbkxPTzc1NR06dGiFdhwVzpMnT7q7uyMiIlboDwAA/2Vc/UFKLi7c9NBoNDt27PDw8Hj++ee//vprl/jA87yHh0d2djb+s0R7cVQ4hYWFgYGBra2tK/THqcBeGQC4Fsc/axkAAAAABFz8HEwAAADgPwysMQAAAICzgDUGAAAAcBawxgAAAADOAtYYAAAAwFnAGgMAAAA4C1hjAAAAAGcBawwAAADgLGCNAQAAAJwFrDEAAACAs4A1BgAAAHAWsMYAAAAAzgLWGAAAAMBZwBoDAAAAOAtYYwAAAABn8T8B+UB3XIPWoAAAAABJRU5ErkJggg==)
Screenshot: ![blogtransportation.info vulnerability](/twimages/screen-1182079.jpg)
Mirror: Click here to view the mirror
Coordinated Disclosure Timeline
Vulnerability Reported: |
3 June, 2020 03:43 GMT |
Vulnerability Verified: |
3 June, 2020 03:51 GMT |
Website Operator Notified: |
3 June, 2020 03:51 GMT |
a. Using the ISO 29147 guidelines |
![](/images/done.png) |
— |
— |
b. Using publicly available security contacts |
![](/images/done.png) |
c. Using Open Bug Bounty notification framework |
![](/images/done.png) |
d. Using security contacts provided by the researcher |
![](/images/done.png) |
Public Report Published |
|
[without any technical details]: |
3 June, 2020 03:51 GMT |
Vulnerability Fixed: |
8 July, 2020 16:50 GMT |
— |
— |