Open Bug Bounty ID: OBB-1185733
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:
      a. verified the vulnerability and confirmed its existence;
      b. notified the website operator about its existence.
Affected Website: |
bangkok2020.tarad.com |
Open Bug Bounty Program: |
Create your bounty program now. It’s open and free. |
Vulnerable Application: |
Custom Code |
Vulnerability Type: |
XSS (Cross Site Scripting) / CWE-79 |
CVSSv3 Score: |
6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N] |
Disclosure Standard: |
Coordinated Disclosure based on ISO 29147 guidelines |
Discovered and Reported by: |
KhanJanny |
Remediation Guide: |
OWASP XSS Prevention Cheat Sheet |
Export Vulnerability Data: |
Bugzilla Vulnerability Data |
JIRA Vulnerability Data [ Configuration ] |
|
Mantis Vulnerability Data |
|
Splunk Vulnerability Data |
|
XML Vulnerability Data [ XSD ] |
|
Vulnerable URL:
![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAAA3CAIAAABVZQ1/AAAACXBIWXMAAA7EAAAOxAGVKw4bAAAXcklEQVR4nO2dfVBU1fvAr+u6rnBBXV7UBYeXCM0cMsYIS81RpxxjnK3MTBHJHKOGkBxz0BwjLDS/6ig2jONoY06ZNQ5D/kFW5DgbkhLRuq1EhMzK0IqICLjiiiv398f5deZ03u7dZRfRzucv7r3Pec5znuecPdxz733OMEVRJIFAIBAIgoDuXhsgEAgEggcWMccIBAKBIFiIOUYgEAgEwULMMQKBQCAIFmKOEQgEAkGwEHOMQCAQCILF0J1jEhISzp8/zzoUPJCIKN+n+Bc4X0sNpHuIrnWvGKJzzO+//97f3//YY49RDwUPJCLK9yn+Bc7XUgPpHqJr3UNU5phLly6FhYVRL3V3d2/bto11OEBOnDixaNEi7JBjTEDwVT9H/urVq8uXL4+IiIiJiXnnnXdu374Nzl+7dm3FihVRUVExMTEbN268c+eOr8IogfU52bqxY8cGSTkVLOiYMYEKfQCdFlT/S5pbHSgz/HaylsCR3QkrhdVOGoPK+2oqLDuMBqoKdWawf3D+I/h/H9PV1VVcXMw6HCDUOSZQygeBrKwso9HocDisVqvdbt+8eTM839/fb7PZTp06dfr06aKiIl+FUQLr83vO4EQ5gE4bIv6/52b4FzhY6sqVKytXruzo6JAk6eLFi8uXL7979y5LXqMwqy6Px+PxeBoaGsaMGeP5B6ANcM+d+QCicHE6nbIsa7nEkfQVl8s1ZsyYvr4+7DCAVVDxVT9L3u12G41Gt9sNDmtqapKSksB5nU7X1dUFzldVVSUnJ/skPECDfcLpdI4ZMyZIykmwoJPGBKqlQ1PVQPQHygz/9PAD19rampqaCv5IS0tjlfr000+TkpL0ev20adNOnjyJFiTlSWFfLeT0bdQJwY7vfwRN9zF79+5NSEiIiIhYsWJFd3e3JEnd3d3x8fFut3vYsGGfffYZerh79+6wsLD//e9/48aNGzt27MqVK2/dugX0/PLLL7NmzQoLC4uJiXnppZf++OMPanUnTpx49tlnR4wYQT38+OOPqZpnzJgxatSoqKiol19++e+//5b+udXdtWtXQkLC2LFjly9fDoyXJOny5cvPP/98WFhYQkLCrl27yEWhCxcuRERE/PTTT+Dw5s2bb7zxRlRU1MSJEz/44APyXydUPjQ09NatW6GhoeBSX1+fwWCQJKmjoyMkJGT06NHgfGxsbHt7u0/CaI1YCPhO2LZtW1RU1IQJEw4dOsSSlCTp77//fu6558LCwiZNmnT06FFqdO7evbtx48Zx48aFhoa+/PLL165dY/kH9X9oaOgrr7xy7dq1d999NyoqKiIi4rXXXrt58yY16CzzqKHnVA2Vw4UazGksMQC/u5L+v3379uuvvx4WFhYXF/f+++/fvXtXoweAGHXIYJCe0WIGpoRfHTnY+fLY8IR89913kiTFxMT8+uuv4I9z586xSvX398NLOp0OLUjKk8LUqlUtRL0B/iadiaLqWAEV9TnG7XbbbLbq6uqamhqXy1VQUCBJ0ujRoxsaGmRZ9ng8mZmZ6OELL7zgdrtrampqa2tra2vr6up27NgBVGVkZGRnZ7e0tFRVVc2cOdNoNFJr5CyUud3u2n9ANdfV1a1Zs6atrc3hcMTGxubm5kJ5u90OjG9padm0aRM4n5ubazAYmpqaKisrjxw5ghnQ3d394osvbt++fdasWeBMXl6ey+Wqq6s7efLkiRMnSktL+fIoH374YVZWlqqffRXGQsB3QkNDg8PhOHz48MyZMzmSubm54eHh9fX1FRUVrDlmx44dlZWVlZWVjY2NZrO5vr6e4x/Qeaqqqmw2m8vlmjx5ckdHh91uP3v2rNPphOGQ/h1lqnms0PNDo+o0DvzuSqoqKirq7e212+0nT560Wq379+/X7gHWkMEgPaPRDAxWddTBzjePXCj75Zdf5s2bl52dzfEtWurKlSunT58+duyY0Wg8fvz44cOHyZ9vdGGNI0ytWvtSHr97aHGsgAL/NsfpdEqS1NPTAw6rq6sTExPhJepaGSjS0tICzpeVlU2fPl1RlM7OTr1e7/F4yFpaWlri4+PB3263W5blzs5O8pClGaOpqWn8+PGk8VVVVcB4r9drNBqbm5uhHnDjDJuwcOHCt956Cyr0er2yLEP5EydOpKenc+RRCgsL58+f7/V6qR7Dbth9EiZlOE6A/uRIAreg7qWuJ0RHR9fV1aFnOP6RJAld7tPpdL29veCwuroarAoqRNBJ81ihVw0NdBRsC2cxBBXjdFdUHi0eGRkJ1zxtNltaWppGD7Bax1+rQUPMN4M0m1UddbBzxh0WuMbGxiVLlphMpuLiYmgDCTXcnMaS8qQwq2pWXdT+oHC7h6pjBVT0qpOQLMvwXtJsNnd2dqoWMRqNEydOBH9Pnjy5paVFkqSxY8cuXrw4PT197ty5ZrN5+vTpzzzzDFRbXV0N/v7+++/T0tLgkgV2SNUsSdJvv/22YcOG+vr6vr6+/v5+eDeNGh8bGwuMb29v7+/vT0hIgHpQ4997772TJ08ePHgQnmlvb+/r60PlwahjyUO++eabI0eO1NTUDB8+XNVpPglT4TgBWwykSoK1ONS9ZBXd3d2dnZ0pKSnoSY5/ZFlGl/vCw8NHjRoFDs1mM3zWikWZah419PzQDAROd6Vy/fr1jo6O+Ph4cNjf36/X67V7gNWxMVghVjUDg1Uda7Cz5LHATZkyJSMjo7m5GTaZClYKEBcXd+PGDY3ypDCrampdfqDRsQKSQf0+5ssvvzx48GBKSkpfX9+6devefvttcH748OETJkwAf/v3RpnFYpk9e7bVarXZbBUVFX5b2NvbW1ZWduzYsYKCAvjwxj/5Cxcu5OTklJWVRUREqOrxSZiFdicM0F1+z4IssCgHKpoDhNVdqXg8Hp1OV1tba7PZbDab3W632WwBN0nVM4NjBgQLXFFRkdVqfeutty5evKi9lK+1UGFVHaiXFQfZsQ8U/NscjWsO6CF2Z11eXk5d0bLZbLGxsdhJr9cbGRkJlz6wQ5bm9vZ2vV6PasbWvjDjwaKQ0+kE59G1Mr1eX19fryhKRkZGbm4uNIO1IEOVVxSls7MzKSnp6NGjaOtYr4r5JIyCNlCjEziS2FpZeXk5a63MZrOhZ/xYsFL+HQ40ylTzWKFnVd3T06PT6dBlUmq/5YhhULsr1kBZlrFVRI0eYLUOK64xxKQZpNlaqlM1DwscoKOjIz8/X5blnJwcau3UUhy0y5NVs8r6t1am6lgBFf/nGLfbrdfrGxsbsUPQIxcvXtza2upwOKZNm1ZYWKgoSn19/YIFC06dOtXR0dHS0rJ69eqMjAyoGSx8W63WqVOnwpPYIUuzoijR0dGlpaVdXV2NjY0Wi4U/xyiKsnjxYovF4nQ6HQ5HSkoKKd/Q0GA0Gu12OzhcvXr1okWLWlpaHA5HampqSUkJR97r9c6fPz8vL8+DAMQWLFiQmZnpcrkaGxtnzpy5efNmn4RRX5Eh0OIEjqSiKBaLBXUvPI8+liguLk5LS7Pb7a2trbm5uVarVYt/FPYvLBZlqnmc0FOrVhQlLS1t9erVbW1twHusfssSY3VX1BWYqpycnPT0dIfD4XK5duzYUVRU5NMcQ7aup6dHr9c3NDSAR3SswKmagQWRVR1/jiHlycChZTMzM6mXOKUCIo9WzSrLmWNQZ2L+ZzlWwMf/OUZRlMLCwpCQkMOHD6OHu3btkmV5+/bt0dHRY8aMycrKAg85+/r6CgsLk5OTDQZDdHR0ZmZmW1sbVsv69es3bdoE9WOHQGzHjh2YZkVRrFbr9OnTjUbj+PHj161bpzrHtLW1ZWRkyLIcHx+/fft2qnxeXt7s2bPB3263e82aNZGRkbGxsYWFhdTH8lCefCQA621vb1+2bJnJZDKbzQUFBeCjH+3CZKVoCLQ4geMuRVFaW1ufffZZWZaTk5N37txJ1eD1ejds2BAZGWk0Gi0WS0dHh0b/sH5hsShTzeOEnlq1oihNTU1z586VZXnKlCklJSWsfssSo3ZX0pmoKo/Hk5+fHxsbGxISsnDhwubmZu1zDHXIKIpSUFCADjFW4PhmYLFgVceZY6jyZOC04Gsp/2rhl+XMMcq/nYn6n+pYgSoqc4wf8F+G4ZOcnHz27FnWYZBoaGiIjo4Odi0CFoMT5aHMQIbMIFTHkvcvcL6WGkj3EF1rKDC0Xo34888/OYdBwmazJSYmDkJFAiqDE2VBwPEvcL6WGkj3EF1rKODDe2VakmMnJCSwvt4fNLTYuXXr1kOHDl29evXcuXObNm3KyckZHNsAfqcZfwDyk58/f/7NN98Mdi137tx59dVXr1y5wqn0AXDmfQ3wPxYpLUWCbZggsGidY7QkxwYyjzzySCAM8xONSbznzJlTWloaGxubmZmZl5e3cuXKwTFPGkCa8QcjP3l2djb8yCB4jBgxwmAwrF+/nlXpg+HM+xfofyxSWooMgnmCAKJ1jtHymjmQiYuLc7lca9eujYuLGzVq1KRJkz7++GOfcvsMJKW5xtfhZ82a9euvv96+ffuvv/5au3atdtsGjmqKclbztTRt3759Dz300MiRIx9//PFvv/1W1RiyLl81kAo537tdu3bNbrfn5+f7ZJJGsP6Qn59fWVnJqhR1JqfJly5dghnghw8fnpCQsHXrVpgSjcwSv3fvXnBp+PDhMNkdVAU9g5WdOXNmbm4u3LuB9ADm1X379oEEaE8++eSPP/5ItXbYsGETJ07EtoQALU1OTk5KSiJbyqo0Li7O4XBwWsRKmI8uaXzxxReTJk2CvwOo/2Gk+Nx3ydcF/4/G5zZpaWnff/+9RhnwZnBDQ0N7e3tlZeWcOXNqamp8ekzEz+EBoD6K1GLnvQVY2NbWlpWVVVtbK8tyU1PTsmXLvF4v9SRWkKO5pKQkPj6+srKyvb396NGjJpMJvFjMAfOhHxpIhZxszVqeNvv9AJzzwRann/CbDMqCF8p7e3tBBhHw0ip6CQJfqJMkKTExEU1qQr7LBNU6HI6nnnoKvptOGoyWLSkpSUxMBC9VHz9+PDIysqqqSotaLS1lVcpvETVhfn5+flZWFhROSUmBb8cp/+7MGiM+9Ie2gIqmOYafvhuT6e3t1ev18OPB4EF2TS123ltUU5Sz8pZraZrZbD516hQ83LNnD/oFEhXMh35oIBUO/TkGdSa/yWTZqqqqKVOm8O10Op0hISGpqanod4j892Wrq6snT57MuoqWxQzev38/NJiv1teWYgbzW0QeulwuWZbBl84VFRWJiYnwHyasM2uJ+NAf2gIWmtbK+Om7MRmQQ4mVzIfMDE8mn0dv21l5xalZuPlJvEmwHOB8GWqm91deeeWjjz6CwjNmzPjss884Gweopihn5S1XbVp3d7fL5QJplQGzZ88GSZEl7jYHGjVIA9sRgApLIQo1oTrZZ/hZ2TGgM1WbTGI0Gr1er2rTdDrdkSNHDh8+/MMPP6gKS5JkMBj6+vpUxUiDV61a9cknn6iq9aOlGL62aMKECdnZ2SBD8/bt2wsKCmAKIk5nZg1JX4e2YOigdY5RTd8NZUJDQxcuXLh06dIzZ86gG4QAqJnhyeTzKNS84tQs3L6u2GZnZ8+bNw/dpoLTRmqm9yVLlpSXlwOBy5cv22w2i8XC2TiAn6Kck7dctWlgrzN0EIaHh/f09KAC1G0OtGvwdUeAKAKsRpZCFFZCdazP+JS0HzpTtckYV69e3bx5s8Vi4esHPProo4WFhatWrVJNfHf9+vUtW7asXr1aVSdp8IgRI+Li4lTV+tpSKtpbBCgoKDh69Og333zjdDqpvxUkrCEpHsbcx6je6WhJ343J9PT0FBQUJCcn6/X6pKQk9OtrMjO8k0g+j32TLDHyipNJIFj54TlNKy4uNplMS5Ysgak4qG1kZXrv7e0NDw8H5pWWli5atIi1cQDVQuoqAXmSLIjuhsAq1dzcjK2nk9sccLIzYRowtOwI0ErAWRXxKVM92WfIgqy1Mmy3CH6TQUWRkZGRkZEmk8loNObk5IBugF4CwIR1UK3X601PTwePJcjHG1CtTqdbsGABqyFoWfTS+vXrgQZ0uw2WWi0t5a+V8VtEHgJycnKMRmNpaSnV/2TV1CHpx9AWDB3U55iysrK5c+fCQ71eb7FYsMctmAzE4/FUV1enp6eDB49dXV16vR59jq0wOjf6w2c0GuGl+vp6+E0+VhCzAR38rDOAzs5Oi8WCZhuktnHp0qXTpk1bt27dzp07T58+jZ4HObLmz5//+eefu1wug8GAGgwHHstLqpAFvV6vy+VCz7S2tqKOUhSlqakJtpSfJkSLBkVR6urq5s+fbzabwU8Y0OByubAAaX8eQ1WIyoDc8jBqJpMJRF/L3MyaY1BnqjYZPIcAE6TL5UK7LnoJAH8E0RobGxtDQkLKy8vJxxuwoNVqTU1N3bNnD7UhChIv1OCurq7W1tazZ89qUaulpVrmGFaLFMYcY7fbjUYj+s8Z2ZnJqrEh6ffAEQwF1NfKtKTvZt3Jjhw5csaMGSUlJV9//TU8GfDM8FQbbAisM5IkXbx4ESR2LCoqgiepbWRlegfLZdevX6+pqeHfzvt9v08WRHdDAIBlIvRF1Z6envDwcO21qGrwNeW+6lrZPclUjzpTi9N0Ol1MTExMTMyECROwrgsvAagvbT/88MPFxcVr1qyBW8WQZWfNmlVSUgJ38AwJCfF4POjr/m63OyQkBDN49OjRMTExBoMBXOKrVW0pp1KNLaISHh6u1+tHjhwJz6iOAnJIioWy+xv+FKQlfTcpg22BZ7Va4e08mRle9T5GYuwUgIr5mjAckJOTI8vyunXrQGJHThsx0EzvHo/HZDLt2bPnxRdfVNgbB/hnoU8FsReHSkpKWG8cUe9j+Br82BGAv1Y2kEz1ft/HkM7kNJlVkR+X5syZk56eznmv7OzZs3CMKIoSHR0N30hWFKW0tBSuepnNZvQ2eufOnZwFMVQtv6X8SlVbpDDuY7CC1M6MypBD0u+BIxgiqMwxWtJ3YzIgxeSBAwdcLldXVxe4WlxcDK6SmeG1zDHUpO5oFm5fE4ADMjMz4WTAbyN/Y4Jly5aFh4d//fXX4JC6cYB/FrIKut1u9GsDAPwAoqOj49ixY+gHEKw5BsteztGg+L4jAElLSwu6YkNVqCWhOvX3HUtx39TUBBSilZLO5DdZdSJhfR9DPvyQZZn6fYzH46mvr589eza6Xfcnn3ySnJxstVrBRzAmkwn++sPvY9rb2z///HOTyVRdXa1FLb+l/EpVW6Rom2OonRlGSqENSb8HjmCIoDLHaEmsTcpUVFTMmTMnPDw8JCQkJSXlwIED8BKZGV51jpEZac8VJAv3QBKAa4GzMYGiKOXl5bIsQ8OoGwf4bSG1IOu3D/wAGQyGadOmVVRUsOTRnwMsezxLg+LjjgBUPB6P0WiE0wBLoWpCdVbz0azsx48fT0lJwSqlOpPTZP4cQ64KgIcf1FL79+/HnvlDoqOj16xZA9/IAOzevTs+Pt5gMEydOrWsrAwzGFxKTU1Fb01U1XJayq9UtUWKtjmG6n8YKSrBHtqCYKMyx2hJjh3UBNpavs8Ktg0DAW4c4LeF1IIa3TIEycvLG4Tntx6PJz4+/uDBg1ilQ7af/Ecg/Y9FSksRwf3FMEVRgvSkJyBcunRp6tSpN27cuNeG+MlXX321Z8+en3/+ObBqL126tHPnzn379gVW7SBw584dm832xBNPBLuiM2fOPP3004NcqcAP0EgJHjzEHBN4tm7dajabFy1a1NzcvGzZsi1btgQ8r/Pt27f1en2Q3tATCASCQOHD/jECjQzCxgEjR44UE4xAIBj6DPX7GIFAIBDcv4j7GIFAIBAECzHHCAQCgSBYiDlGIBAIBMFCzDECgUAgCBZijhEIBAJBsBBzjEAgEAiChZhjBAKBQBAsxBwjEAgEgmAh5hiBQCAQBAsxxwgEAoEgWIg5RiAQCATBQswxAoFAIAgWYo4RCAQCQbAQc4xAIBAIgoWYYwQCgUAQLP4P6fMapp+lph4AAAAASUVORK5CYII=)
Screenshot: ![bangkok2020.tarad.com vulnerability](/twimages/screen-1185733.jpg)
Mirror: Click here to view the mirror
Coordinated Disclosure Timeline
Vulnerability Reported: |
5 June, 2020 21:37 GMT |
Vulnerability Verified: |
5 June, 2020 21:48 GMT |
Website Operator Notified: |
5 June, 2020 21:48 GMT |
a. Using the ISO 29147 guidelines |
![](/images/done.png) |
— |
— |
b. Using publicly available security contacts |
![](/images/done.png) |
c. Using Open Bug Bounty notification framework |
![](/images/done.png) |
d. Using security contacts provided by the researcher |
![](/images/done.png) |
Public Report Published |
|
[without any technical details]: |
5 June, 2020 21:48 GMT |
Vulnerability Fixed: |
6 July, 2020 19:47 GMT |
— |
— |