Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:
      a. verified the vulnerability and confirmed its existence;
      b. notified the website operator about its existence.
Affected Website: |
in-en.flightnetwork.com |
Open Bug Bounty Program: |
Create your bounty program now. It’s open and free. |
Vulnerable Application: |
Custom Code |
Vulnerability Type: |
XSS (Cross Site Scripting) / CWE-79 |
CVSSv3 Score: |
6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N] |
Disclosure Standard: |
Coordinated Disclosure based on ISO 29147 guidelines |
Discovered and Reported by: |
gdattacker |
Remediation Guide: |
OWASP XSS Prevention Cheat Sheet |
Export Vulnerability Data: |
Bugzilla Vulnerability Data |
JIRA Vulnerability Data [ Configuration ] |
|
Mantis Vulnerability Data |
|
Splunk Vulnerability Data |
|
XML Vulnerability Data [ XSD ] |
|
Vulnerable URL:
![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAABLCAIAAAAphcDFAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAbOElEQVR4nO2dfVAU5/3AN3jCAcs7nAgoLxJgqMUbQihp0F7RaRxKnStFo5bGlzAEGWIoQyggpZRmCFFjrbUOYzVjMGOcjjoMwziUXlp7WmoUyXkSel6UwHkeVAGBnHgQYH9/7OT5bXef3dt7WQTz/fy1L8/zfF+e5/Z7++zu93mOoigCAAAAACTA42krAAAAADyzQIwBAAAApAJiDAAAACAVEGMAAAAAqYAYAwAAAEgFxBgAAABAKhZujImNjb158ybfLvBMsjB7eWFqBUgB9LXbWaAx5tatW3Nzc2vWrMHuAs8kC7OXF6ZWgBRAX0uBnRgzMDDg5+eHPTU+Pv7uu+/y7bpIa2vrpk2bWLsCykjKL3/5S29v7w8//JCpgF1lhAu46C73epvmabkXwep0MQjrzHfWIUud0IqG2Udu8e2jR4927doVFhYWGRn5q1/96uuvv2YVGBgYCAoKclEKH66bMDU1tW3bNu4vSIza8zM4UV8/h+Op/0AWK5Qg/f39JEmKOSVQ0gnS09M7Ojq4uzabzV0iRDI8POzh4aHT6WZmZlg2Cisj7BAX3eVeb0vXpkOwOl0kAr0gYJH4geScVizpbvHtpk2btm/fbjabDQZDZmZmZWUlV2JgYKCLUgRw5ddns9lUKlVeXh7XJ2LUnp/BybzO2Gw2g8EQGBho+wbqaVx/ngEW4lzZ4OCg0WhUqVTcXS8vr3lWxmq1+vj4rFmzZsmSJaxT86/MMwyr08XjXC+IrOW0Vm7nyZMn3d3dx48fj4yMTExMPHTo0Llz5+ZZB1cG/NDQ0IYNGw4ePIiOyGSyhIQE5sbThXWd8fLyksvlaJu2HX7yTiAqxvzhD3+IjY0NCQn5xS9+MT4+ThDE+Ph4TEyM1Wp97rnnPvzwQ+buoUOH/Pz8Dhw4sGzZsqCgoB07djx58oRu5/r162vXrvXz84uMjPzZz372n//8ByuutbX1Rz/60dKlS1m73Kmq999/PzY2Nigo6Oc//zmtGJapqanXX3/dz88vOjr6N7/5zezsrMgWRkZGmGYyTzGVGRwc/PGPf+zn5xcbG/v+++8zb/y5ruN6T0ATrObM6i+88MKBAwfowjdv3vTy8kJ133jjjbfffpsgiMePH7/xxhthYWErVqz47W9/yzT/3XffDQsLW758+cmTJ5nWff755yEhIZcvX+Y6c3Z2tqqqatmyZb6+vps3bx4ZGREWQdvl6+v76quvjoyMvP3222FhYSEhIbt27Xr8+DG207EisE4WM33x3nvvsYai+IHE1Or69esvvfSSt7d3WFjY5s2b79+/z1UATfuwulhgMIjsHW9v73v37vn6+tK17ty5ExERQRDE/fv3X3nlFT8/v8TExDNnziBNXOwRrrFO//pooqOj9+3bxzwSGRl548YNeuPTTz/lVvnrX/8q3KYwYqozy7AuO1xgrsw57McYq9Wq0+k6OzuvXbtmsVgqKysJgggICDAYDCRJ2my2/Px85u5Pf/pTq9V67dq1rq6urq6u7u7u/fv3003l5OTs3LnTZDJduXIlMzOT/pvABfswBquYXq+nFTOZTNXV1Xwm1NfXT05O6vX69vZ2rVbb1NQksoWQkBCmmXztl5SUeHp63rlzR6PRNDc3C7uO6z0BTbCaM6sXFRVpNBq6cFtb29zcXHt7O72r0Wiys7MJgti7d6/FYunu7m5vb29tbT127BhSz2Aw9PT0nDp1KjMzE6k9Pj6em5vb2Ni4du1arrH79+/XaDQajcZoNEZERPT29gqL0Ol0V65c0el0FoslKSlpeHhYr9dfvXq1v7+f6XBmL2NF8DlZGKvV2vUNzKHIKsM3DJhadXd3FxYWDg0N9fT0REVFlZSUCMjFdjF2MDjaOwRB3L59u7y8nL4nKCkp8ff37+3tvXjxIjPGuNgjdo3lc1oYBwEv8XH9+vX169fv3LnTibqInTt3rl+/ng5jYkQ4/eANsIPwVFp/fz9BEBMTE/RuZ2dnXFwcOoV9HkNXMZlM9PELFy6kpaVRFDU6OiqTybATmiaTKSYmht62Wq0kSY6OjnJ3WRPcTMWuXLmCFOMSGhpqtVrpbZ1Ol56eLr4Fvll1tD0zMyOXy/v6+pC99OSygOvE24LVnFndYrH4+PjQXk1PTy8rK9u+fTtdwN/ff3p6emZmhiRJpF5ra2tGRgYSivzMbDM7O7u4uJjPmQqForu7m3lEWMTY2Biyy8PDY3JyEjkkPj6e3mZ1OlYEn5OFH3phh6JI57O0YnLnzp3w8HCuAsxHCwJS0GAQ3zsIs9kcFxd39uxZ5BamgbR013uEa6xIp5k5MJuy+1jFaDRu2bIlODi4oaEBjXwxFblYrdaGhobg4OAtW7YYjUZhEdi+Zj0oeuoPLBcpMrtBiCRJdIcYERExOjpqt4pcLl+xYgW9nZSUZDKZCIIICgrKy8vLyMjIysqKiIhIS0v7wQ9+gJrt7Oyktzs6OtLT09F0E2uXT7GoqCikGPOv08OHDx89ejQ8PBwTE0MfmZubk8lkwi04xIMHD+bm5mJjY5G9WA2FXYfVREBzxPLlyxMSEjo7O5OTky0WS21tbUJCwuzsrEaj2bBhw9KlSwcHB6enp5nq0RcIWijXsfv27Wtvbz9x4gRWz/Hx8dHR0ZSUFJYHBEQEBAQgu/z9/b29vZFDhoeH6W1mL/OJ4HMyE1bXEzxDkQXfMGCNvc8++6yioqK3t3d6enpubm5ubg6rAx/YwSDsOuywz8vLKy0tffXVV+nqBEEwDaQ3XO8Ru8byOS0yMtIht7BITk7Oycnp6+tDSmLhdjT3iK+vb1VVVVFR0e7du5OTk9FreFgRAtcZwEXsxxg38vHHH9+4caOnp8disZSVlX3/+9//4x//SBDEkiVLli9fTpcROVEmgE6nY+7abDYPD4+uri50gfbwWIhvOnARqXl2drZGo+nr68vJyQkICFAqlVqtFk2UOcTk5OSFCxfOnj1bUlKSm5vL9zvnvv7gItxedk4Eq+tdhKWVWq0uKChoamqSy+Vms3njxo1ulCWSwcFBvV7/73//W2pBThvLnRyjr/giqa+vP3jwYHFxcX19/apVq/iKcTsa2/V3796tra3VarX19fXCImCiTDokudrabLZ79+7R20ajceXKlejUCy+8sGPHjqqqqg8++KClpYVVcXZ2tq2tDXU2a1ckkQwIgli+fLmPj8/o6Cg6iOKZW1AoFB4eHgMDA/SuwWBwV8siNc/JydFoNOhHolarW1paLl26RMcYhULh6en55ZdfIvXQjREXDw+PCxcubN68OT09vaamhlsgICAgODiY9SG0QyK4sHqZT4QYJ7O6nhAcig5p9fDhQ4vF8utf/3rVqlWRkZHoUWJwcPDk5ORXX31F75rNZpHtI7sccp1Coejp6WHuEgTBNNC5ZlnwGSsGHQfxdQmCqKqqMhqNCoVCqVTu2bMHHY+OjkZOJnAdzT2yZ88epVIZHh5uNBqrqqoERDh3nQHEIjyVJjDdbLVaZTIZmuhEu/RdeV5entls7unpUSqVdXV1FEX19vZu3Ljx73//+/DwsMlkKigoyMnJQS3TTxS0Wu3q1avRQdauwAcHwq/YFxUVZWRk0PdP+/fvr6+vF26B+dCIWWxiYkImkxkMBta3Mnl5eWq1ur+/v6enJyUlBfuogKUh03sCJbGac52vUCgUCgWtttls9vf3VyqVqMGCgoJNmzaZTKaenp7U1NQjR45whbKOGAwGuVyu1+u5DmloaEhPT9fr9WazuaSkRKvVihTBnd2md1m9zCdCjJNZ8A1FMQOJq5VCoTh27NjY2JjRaFSr1ciW9PT0goKCoaEho9GYmZmJ/YEIuEJk7yBYTzTVajXTQIea5esRrLFO//qYiH+k0d/fn5+fL2C4XfLz8/v7+8WI4PY1KgDPY1zH+fsYX1/fmpoapVJJv5qJds+fP0+SZFpaWmpqamZmZkpKSkVFBUEQ8fHxGRkZRUVF9MMYm82GJv0HBgZCQ0MJd0yUYTl8+HBGRsbGjRvj4+MvXbok8IYYUxkufn5+5eXlqampH330EfP40aNHZ2ZmVq9enZOTs337djEqsbznqOas6hs2bFi3bh398n5kZGRCQgJzouzw4cPh4eGpqakbN27ctGlTcXGxXfUSExMLCwvpt4lYDqmoqFCpVFlZWfHx8WazOTk52TkRCG4vY0U44WSCIEiSTE9PZw1F57Q6d+7cBx98EB4evm7duri4OHT8zJkzfX198fHxarV6y5Yt6Lj4LhbvuoGBgfDwcOaRo0ePTkxMJCUl5ebmMge2Kz0iYOy8ER0dffr0abQr8Kvk4/Tp09HR0WJEwESZtLg9arkS7RMSEq5evcq3uygwGAwKheJpa7GYcKKX58HJi3HsAc4BfS0p8/rM3y63b98W2F0U6HS6p/K/b/HiRC/Pg5MX49gDnAP6WlIkfMNKZJbseU6mLUacoyr97ne/O3ny5MOHDz/99NPq6uqioiLXdHQeKaxbICwcJ2NxyKuLtAuw3Lx5k/lwHgDYuP3OiJ4r0+v1K1eutFtYZDF3IUacEypptdrU1FRPT8/4+PjDhw+7oKBLSGTdAmGBOBmLQ15dvF2ARalUNjY2Pm0tgIWL/fsYlKJcZLoe+i1DkY/RULGvvvrqrbfeio6O9vb2TkxMfO+991BuLuEk9m7P0y6c3xtbZe3atTdu3Jiamvriiy/eeust5ikpkvDz4ZB1AwMDS5YsYWUkkzQ5PCGus/g8JuBkBN8oklo9pldZLRw4cGDVqlWPHj3iFpYaek0KOn+g663t2LHjRQYvv/wyQRAjIyN6vb60tJSY33Re7pIFKcjmA7tRiJkkRvzDfJEZ0VEx+s1Ug8Hw4MEDjUajUqmuXbsmRqjbtbKb39sh5vN9R4eso9/rjYuLY2XskDQ5PCXiDVRXPMY3iqRWj+lV5lmNRuPv749eAWcVlhTmmhRuyUhPp+Fh7bp9/QKRuEsWvI48D0gSYywWS2Bg4PT0tMhik5OTMpkMpVHCSrernlu04pZx8bI7b4PYUev6+/t9fHxSU1OLiopQgXmIMXZx2mMCo8iNcNVjeRWdNZlMoaGhZ86c4Ss8z3q6iN0YYzabU1NT3ShRAIgxiwg7c2XMFOXnz59nnsKmnafhy5LNyraNitHZkLjJuFgJ0v/0pz+98sor6Oy+fft27NjBquKiVnbze/OJ+PLLL319fT/77DOCIEZGRoKCgv7xj39wE7zzpUxn5djnswKbXt5p6zw8PJqbm0+dOvW3v/2NayY2OTzBs0ADNhs/1zTm0ofYBSC4HrOboR0V4BtFkqrH5/mpqSn6g5Vt27YxjzMLY03DqortDoEE+8w1KZhzZXwmi1x/QRiUq59PYQHHErgxb3cFAeFVG4j/nfsVWICD246w/tj2AT7sxBhW0n7mKb6E+QRuxhmbrBsV8/X1zc7O3rp167/+9S/mmGYlSFer1VqtFqWUaG1tzc3NZSnsolZi5sqxImJjY6urq+mJ6dra2uzs7B/+8IfcBO/YlOncLO58VghkXHfOuu985zt1dXW7d+/mrv/Blxweu0ADNhs/1jQEdgEIrscEMrSzDOQbRZKqh/UqQRDFxcVdXV3cl9+YhbGm8amK7Q6+BPvMNSlYP1uuyeLXX3AIgcUFsAt/YMe8wLILYlZtYCKwAAe2HT79AYexe6fDN1fGl3aelSWbL1k3q9jExERlZWVCQoJMJouPj6+rq5uZmeEKzcjIOHfuHDpus9ncqJWY/N4CIqanp5OSkurq6kJDQ4eGhlje44JSphOcLO58IrjVnbaOuTZBRkbGa6+9xjSWLzk83wIN3Gz8lODyAXxZ97kew2Zo5xtUfKNIUvW4Xm1qakpISNi+fXtubi5TInfdCq5pWFWx3SG8OAX2Z4s1mRCX7d/uXJldhYUdyx3zAgaKWbWB+t/xLLAAB7cdAf2dS6LzbcbJGEOn8g79huDgYPTd9YULF7KyslB1mUymVqu5s+SsYgibzdbZ2ZmRkVFTU0NxOrWxsXHnzp0URR09enTLli3u1QqrEmsYCYigKIpeLozODcXyHk13d/eGDRsiIiLouqw0UHZFcKs7bR1TrtFo9PHxaWlpQcZaLBZPT09U2Gg0oni2detWpVJZVlZ28ODBS5cuURQ1NjYmk8noqznLdXwp0fr7++VyOTre29uLbMRetkZHR9VqtUwmEzCQCXMUSaoe16symUyhUBgMhqGhIZIkaRdhC3NN41MV2x12k49hY4xAkjpsI2jXoRjDN374HIsd8wK68bXDV4WlT29vL4ox2HYE9IcY4yhOfoOJ0s7TqVX1ej1KsMqaOqivr9dqtcXFxXfv3mW2wDcr5eXl9dJLLx05cuQvf/kL92xubu7FixcJgmhra+NOlLmolZiJMgERBEEMDQ15eHgMDQ3xVVer1evWrdNqtTqdjjbEIRF81V207vnnn29oaCgsLETLhwjw8ccfnzhxIiUlZXp6uqys7M0336SPuz3hP+Lu3bt0ZkyUoZ1vUCG4o0gi9bhenZubO3HiRGJi4rJlyyoqKsrKygQKc02TTtWFjPDPCljc2I1CfHNlJElib+pDQ0PRPSbN8PBwaWkpSZLoFSZuMeaMB0VRWq2Wvi/m/lFavXq1RqMJDAykb6LdpRW2DIX7q4IVQVHU2NhYeHj42bNng4ODe3t7UXWk3oMHD9A/cYqidDod9j6GTwS2utPWceWqVKqMjAzhuTIWOp0uKiqKoiiFQqHT6VhnhW8UCMYcRUtLC99kVFFREUmSZWVlw8PDAgbS8I0iidSz69XJycmoqKgTJ05gC2NNw6rKN1e2YO9jRM6VMR3LHfPC9zHYdiYmJjw8PJjTa8y5sv5v0jDzzZWhdvj052sfEMB+jEEpypmZ7SmetPN8WbKp/03WzSpGpzg8fvy4xWIZGxujzzY0NFCcJPYURdXW1qakpKB1Adyllcj83nwiKIoqLi6mp+/eeecdlUrF8h69K5wy3a4IbHp556zjyu3r6yNJUjg5PN8CDdhs/HYv4tys+1yPCWdoZw4qgVEkkXpivEpnL56YmOAWxpqGVRXbHQshxphMJuZcExO+xQX4HMsd83ZjDLYdvqUW+NaG4GsHq79A+wAfonLJ1NXV+fj4nDp1qrKykt6gKMpms5WWlkZFRfn4+GRnZ9Mxv7y8vLq62m6D3GIXL15UqVT+/v4+Pj4pKSnHjx/nSqd36ZtotEtRlFu04ivDjTFYEV1dXSRJ0n+IbDZbTExMc3MzV3+tVpuWliaXy8PDw8vKyvhiDFYEtrrT1mHlNjU1MZc/KSwsDA0NjYqKQg/Pp6en6+rqEhISPD09FQpFfn4+/XbDzMxMRUVFaGioXC5Xq9X0H3PhizhJko2NjQqFIjAw8LXXXkPPmSlOj4uHbxRJpJ5IryqVysrKSpE/DayqFK475j/GMKGP22w2uVzO/AuIwI4fAcdyx7xwjCFJcv/+/dx27ty5k5WVRZJkcnLykSNHUJWhoaGcnBySJGNiYhobG5nrD2Hbweov0D7Ah5vzlYnMku1KMm2r1SqXy1kvYrkubvHm916M1vHNsSwQRKrnkFcXWhe4i71792Jf3sGyQPodFuCYT9yc219klmxXkml3dHRkZmY69OmTGHGLN7/3s23dQsYhrz6rXXDw4MFF93weFuCYTyTM7Y/4+uuvt23b9t///ldkeYHM5+Pj4/Rby+7TzjEFAABgsnTp0hdffPFpa2GfBb42xDPMfMSYpUuXenp6lpeXiyl869atubm5NWvWYM+iaVO3KuiAAgAALEZUKtWxY8eioqLy8/P37t3LTUMFSITzMUY4az0rsU9paSn9faJdhLP9T01NnT9/nl64Xpj5ydMOOAe9AMTT1oKXBa7e4uUpOlbM2hCAFDgfY8bGxhoaGkQWDg4OtlqtYkqiS/zu3btNJlNHR4fJZDp27Fh7e3t3d7d49aKjo+1+UYg1ge9bxU8++eSdd95paWmBLHgAAAAicfMz//9vVyZLSEhwtNbg4KDRaFSpVE+ePGlpaRkeHg4ICCAIYv369evXr3e0NTG3O3wKsI7fu3dv69atTU1N3/3udx1tEwAA4FuLnfsYvvTadrPuV1dXY3PlsnA02z+xkPK0AwAAAMLYnyvDptd2Ius+C+ey/RMLKU87AAAAYAfhz2f6BdNrC2fdZ7XDzPLrSrb/BZKnHQAAALCL/fsYkiTR61VRUVF0Fm4uarW6ra2NIIi2trbs7GyBZyHJycnT09N9fX1VVVW+vr7oeEdHR3p6OnqiTs993b5922q1Njc3t7e319XVjY+Pj46OpqSkYPXkexovl8tXrFhBbyclJZlMJmwxlgIEQdhsttra2tbW1kOHDnV0dPzzn//kMwoAAADg4rbvY4Sz7jNxPdv/QsjTDgAAANjFbTHm+eefVygUn3zyydWrV7OzswVKVlVVGY1GhUKhVCr37NlDH5ydnW1ra2Ne4lmPYWw228zMTEBAQHBwsKMf4dtstnv37tHbRqNx5cqV3DJcBQiC8PHx+clPfkJvl5eXP3jw4OTJkw6JBgAA+DbjfIwJDQ212WxffPEFOpKbm1tWVpaZmcn9+HFmZob5klhISMjvf//7np4e9NFMZ2dneHh4bGwsvXv79u24uLg///nPg4OD4+Pjly9fLi4uLigoIAiitLS0sLDw1q1b9+/ff/PNNy9fvixG27Kysvv373/++ed1dXU5OTlcE1gKcPH29q6vr6+pqYGv8wAAAETifIzx9fWtqalRKpXoxd/c3Fy9Xp+Xl8ctrNPpuHcP0dHRp0+fprdZ81SJiYmnTp06c+ZMUlJSRERESUnJ3r17q6qqCIKoqKhQqVRZWVnx8fFmszk5OdmuqiRJpqWlpaamZmZmpqSkVFRUcE0Qswjmrl27wsPDxX95CgAA8C3nOYqi3NXW48ePQ0NDLRYL69n71NRUUlJSTU3N66+/zlc3MTGxubn5e9/7nruUQQwMDKxevdruzYd0CgAAAHxrced3/nxZ9728vD766KOXX35ZoO5Tz3z+1BUAAAB49nDbM3/hrPvCAQYAAAB4JnFbjJmHrPsAAADA4sKdz2MAAAAAgMl8rFEGAAAAfDuBGAMAAABIBcQYAAAAQCogxgAAAABSATEGAAAAkAqIMQAAAIBUQIwBAAAApAJiDAAAACAVEGMAAAAAqYAYAwAAAEgFxBgAAABAKiDGAAAAAFIBMQYAAACQCogxAAAAgFRAjAEAAACkAmIMAAAAIBUQYwAAAACpgBgDAAAASAXEGAAAAEAqIMYAAAAAUvF/bRX19izFUPkAAAAASUVORK5CYII=)
Screenshot:
Mirror: Click here to view the mirror
Coordinated Disclosure Timeline
Vulnerability Reported: |
5 June, 2020 16:34 GMT |
Vulnerability Verified: |
5 June, 2020 16:43 GMT |
Website Operator Notified: |
5 June, 2020 16:43 GMT |
a. Using the ISO 29147 guidelines |
|
— |
— |
b. Using publicly available security contacts |
|
c. Using Open Bug Bounty notification framework |
|
d. Using security contacts provided by the researcher |
|
Public Report Published |
|
[without any technical details]: |
5 June, 2020 16:43 GMT |
Vulnerability Fixed: |
4 September, 2020 07:44 GMT |
— |
— |