Open Bug Bounty ID: OBB-1185758
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:
      a. verified the vulnerability and confirmed its existence;
      b. notified the website operator about its existence.
Affected Website: |
jigsaw24.com |
Open Bug Bounty Program: |
Create your bounty program now. It’s open and free. |
Vulnerable Application: |
Custom Code |
Vulnerability Type: |
XSS (Cross Site Scripting) / CWE-79 |
CVSSv3 Score: |
6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N] |
Disclosure Standard: |
Coordinated Disclosure based on ISO 29147 guidelines |
Discovered and Reported by: |
MitRauch |
Remediation Guide: |
OWASP XSS Prevention Cheat Sheet |
Export Vulnerability Data: |
Bugzilla Vulnerability Data |
JIRA Vulnerability Data [ Configuration ] |
|
Mantis Vulnerability Data |
|
Splunk Vulnerability Data |
|
XML Vulnerability Data [ XSD ] |
|
Vulnerable URL:
![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAAA3CAIAAABVZQ1/AAAACXBIWXMAAA7EAAAOxAGVKw4bAAAVuklEQVR4nO2dbUwUxxvAt+eJJx4gB5wC59+DKjHWKFVzsVaptaahlhC0WFOkviBBaghSgxYttRQNIr5EqaE20YQSY/1grZLGUHs1DZKrVUqRnvSkhB5XelJAFHoiwsH+P0w62e7OzO4hB6jP7wNh5mZnnpeZfW5nd597jud5DgAAAAC8gGq0BQAAAACeWiDGAAAAAN4CYgwAAADgLSDGAAAAAN4CYgwAAADgLSDGAAAAAN5i7MaYiIiImzdv0orAyAMuwIApAEAhYzTG/Prrr4ODg/PmzSMWgZEHXIABUwCAcmRiTHNzs5+fH/Gjrq6u/fv304qPSXl5eXx8PK04MiDdGRbwEu3t7evWrQsKCgoPD3///fcfPXokavDGG298/vnnIykSN9wuGIJVlUwwYRvvOc7bs5Em+fBqJGvPxxRDib/u3bu3adOmkJCQ8PDwDz74oL+/X3mHjP6FEnpppgEewDOx2+1arVbJR4yWQ8BkMl2+fJlWHDF6e3vx3xEjNjY2JSXF6XQ2NjYuX748Oztb+KnNZtPr9T09PSMpEj/cLhjCbFFyiKiNlxzn7dnI0HQYNZK1J62BQt8paRYfH5+UlNTS0mKz2ZYsWZKTk6O8Q3b/2FBemmmActSjHeMI3Llzp6GhYdmyZcTiSDJhwgT8d2R48ODBDz/80NHRMWnSJI7jCgsLk5KSDh48iBsUFxenpaVNnDhxxETiRtUFj4M3HDe6phjJqehtHj58WFNTY7PZ0FQ/cuRIUlLScF1APE2GetJRdD/m2LFjERERQUFB7777bldXF8dxXV1dRqPR5XI999xzX3zxhbB45MgRPz+/gwcPTpkyJTAwcMOGDQ8fPkT93LhxY+nSpX5+fuHh4W+99dZvv/1GHK68vPz1118fP368qLhq1Sp8tr158+aECROQMBzHbdmyZceOHewGM2fOZB8uEoO4V3bnzp0333zTz88vIiLi8OHDgYGBDNVu3Ljx0ksvTZw4MSQkZM2aNX/99RfHcWwh8/LyHj58iFYdx3F9fX0+Pj549K6urrNnz2ZkZNA8NTAwsGvXrilTpkyaNGnNmjV3797lOO7BgwdbtmwJCQmZNm3aJ598MjAwgLU7fPhwRETEpEmT1q5de/fu3R07doSEhAQFBW3atOnBgwdSj8i6gDHW/v37Q0JCQkNDT506JZT51q1bQUFBV69eZVhSNN+IhhW1ETpO1gKBgYHr1q3DujAmqnByEicDUVmiwKglcaVwpEUn1IjoaLbkQpTYE3HgwAGieJhHjx5t3rzZz89v+vTpH3/8MbKtqH+iYBMnTvzzzz/xVG9sbAwLC6PZSvaEIzS4dH9MqoWoTXNzM3KfVHKigspNDcjHGJfLVVtba7FYrl+/7nQ6c3JyOI4LCAiw2Wxarba3tzc5OVlYXLVqlcvlun79enV1dXV1dU1NTVFREeoqLi5u48aNDoejqqpqyZIlGo2GOCLtZkxcXJzZbEaV33zzzeDgYEVFBSqazeaVK1eyGyQkJLAPV2KvjIwMHx+fxsZGs9lcVlaG64mq1dTUpKWltba2Wq1Wg8GAYoOsFsLh9u3bt379elw8efJkXFzclClTaOIVFRWZzWaz2dzQ0BAWFlZfX89xXGZmptPprKmpqaioKC8vLykpQY2RZ6uqqmpra51O56xZszo6Ourq6q5du2a323fv3j0EFzDGstlsVqu1tLR0yZIluOeurq7Vq1cXFhYuXbqUYUnRfCMaVtRGaBaGVHV1dWhuOxwOrDJjogonJ20ySJUlCoxaElcKcdHJOpotuRAl9kRiVP+LUDwh+fn5PT09dXV1FRUVlZWVJ06cIPqCLdjt27ezs7MPHTpEs5XsCYc4u5RrQbMMTUHlpgbk78dwHNfd3Y2KFoslMjISf0TcHkWHOBwOVH/+/PmFCxfyPN/Z2alWq4kbyg6Hw2g0ov9dLpdWq+3s7JQWnU6nr68v6sFkMm3fvj0pKQmN6O/v39fXx27gcDjYh0t112q1QjXdbrdGo2lqasKqTZ48ma0aprGxcerUqUq0wIfk5eWtWLHC7XbjmsjIyNraWrvdjsaVotfra2pqhDVut1ur1WKZy8vLFy1axP/rpvv376P6qqoqlUqFb/NYLJYZM2Z46oLe3l7GWNinvGC2rFy5cuvWrbieYUnaLjk2rKgN/p9tATy3q6qq0NxmyCA0BW0ySJWlCUxbKbRFJ9RO6mi25FJk7ckQT3hgcHCwy+VC/9fW1ppMJmn/bMFaWloiIyPPnj3LEEY6ruiEQ5xdyrUQriklCnpk6mcc+fsxWq0WX1SGhYV1dnbKHqLRaKZNm4b+nzVrlsPh4DguMDAwMTFx0aJFy5cvDwsLW7hw4SuvvIK7tVgs6P/Lly+bTCa8ByUshoaGRkVFWSyW2bNnO53OPXv2REVFDQwMmM3mFStWjB8/nt1g2rRp7MNl9WpraxscHIyIiMCqoX9oqv3yyy87d+6sr6/v6+sbHBwcHBxUogXq8+LFi2VlZdevXx83bhyq+frrr41G47x585qbm4nidXV1dXZ2zp07VyRzX1+fUGa06jiO02q1AQEB6H+DweDv749v84SFhXV0dHjqgs7OTsZY2KeYDz/8sKKi4uTJk7iGMUmEEA1Lg20BPLcNBgOa2wwZhKagTQaisjSBiSuFk1t0REczJA8JCcFt2tvblduTJh7m3r17HR0dRqMRFQcHB9VqwimF7dbExMSsrKy1a9eyhWFAnF0YWS0Y0BRUOFEBjuNG9J7/l19++fPPP1utVqfTuX379sWLF3/66accx40bNy40NBS1YT+1vHLlSrPZ3NTUFBcXFxAQEB0dXVlZKdxiYjeQPXx4VUtISEhNTT1x4oRGo2lpaYmNjVWoxa1bt9LT0ysqKoKCgvAQxcXF27dvl5UEx6ThwlMXKKSnp+f8+fPo9tLq1atxtKNNEiE0ww4XNBmG/NSyNwQmOpooeW1trZfE6+3tValU1dXVOLSoVOTtd5pJ79y5U1dX9+OPPz6+MN6AoaCSiQpwnIfPLjOuKGl7ZRcuXEAXpyJqa2sNBoOo0u12BwcH4/0HUZHneYvFYjKZ4uPjL126xPN8SUlJZmbm1KlTnU6nkgayh0t1l+6V2e12VMTbI0TV2tra1Gq1sBI3ZovR2dk5Y8aMM2fOiLrlOE6n0wUHB+t0OpVKFRwcHBwcLGqj1+tra2tFJqXtFNE8Kyx65AKFY6EatVpdX1/P83xcXFxGRobUjPx/JwnuhGFYT/fKGBaQyiCdnMTJIFWWJjBtpdAEE+2ViRzNtp4UWXsqFE+r1Up37Yh2IArmdruFs0uhc/n/nnCks4u2V4a16O7uVqlUwp1S2kA0BWkaASKGHmNcLpdarW5oaBAVkVMTExNbWlqsVmt0dHReXh7P8/X19bGxsVeuXOno6HA4HKmpqXFxcbhntLNZWVk5Z84cXCkqIvR6vV6vR+1bWlr8/f2jo6OVN2B/KtxglcYYnucTExMTEhLsdrvVap07dy6yBk01vV5fUlJy//79hoaGhIQE4SmMJobb7V6xYkVmZmavAHRIy79cu3bN398f/S+SuaCgwGQy1dXVtbS0ZGRkVFZW8jyfmpoaHx/vcDisVuv8+fOLi4vZnhUWPXWBkrFENTabTaPR1NXVMSzJ/3e+0QwrbCMcwiML0GSQmoI4GYjnVqLAtJWiJMYQHc1eYiJk7UkTr7u7W61W22w2dKcwPT190aJF6Ot8UVFRfn6+tH8la59tK555wpGNMVIteJ43mUypqamtra0NDQ1LliyhDURU0CNTP+MMPcbwPJ+Xl+fr61taWiosHj58WKvVFhYW6vX6yZMnr1+/Ht1J7uvry8vLi4qK8vHx0ev1ycnJra2tolGys7N3796N+xcVEUlJSYmJibi4cOFCURt2A8anxC9KosrW1ta4uDitVms0GgsLC5E1aKpVVlYuXLhQo9FMnTp1+/btQtPRxMC3CjDSL9eMq0m3271z587g4GCNRpOQkNDR0cHzvMvlSktLCw4ONhgMeXl56NSgMMZ46gIlY0lrMjMzY2JiGJZE4PnGMCxuIxzCIwvQZJCagjgZiDGGKDBqKV0pSmIM0dFs60lh2xMNV1RUJBKP5/mcnBy88Ht7e7OysgwGg6+v78qVK4UXJbh/9toXzXAlzhUW0QlH2IP0cpaoBXrHWavVzp49u7i4mDYQUUFPTf0sIxNjhgDjGlmWqKioa9eu0YojjKwi6JX7EZNnVBhdF4wp2KYYwmR4nJUCAE8KY+s9/9u3bzOKY43a2trIyMjRlsK7jHEXjCRsUzwLkwEAhsAYzbs86vT391ssFoPBIKrfu3fvqVOn2tvbf/rpp927d6enp4+KeIAsN2/efO+993BxYGDgwIEDv//++zAOAZPBU4he6O/vf+edd/7+++/RkgrwKhBjyKSlpWVkZBQUFIjqly1bVlJSYjAYkpOTMzMzN2zYMCriAbJs3LgRv9bAcdy4ceMGBwezs7OHcQiYDJ5C9ML48eN9fHyG1zXAGEL5ttr9+/cLCgqGd6tO+ZZ0a2urVqtFT7siTp8+HRUVJXwNfgTEAEaAIbsDT9GOjg6VSiV6YMntds+fP190T6W4uDgyMtLHxyc6Oho9jS0UAy8TlUplNBrz8/Px8wLSpXT06FH0kUqlQg96CbsSPqYhPMpgMOTk5OD8DsTnI4S3o4uLi41Go6+vr8lkMpvNRGml3TI0ZY8oqw7xrMJYqkQv1NTU4Pf5gacMD2KMN07EHvWZlZW1fv16XJw7dy5+wuTxgbQQY4chzzTGOxNE0PnabDa3tbWdOXNGp9MJT6aoE/T4eE9PD8ojgh5dFX6EEYafyMhInICEJz0KiLu1Wq2LFy/Ozc2l6S48FsUJ9MjsuXPngoODq6qqlHTL0FQ2xrDVQSPabLbJkydjU3i6VOFL3lPMkxRjnE4nepiY5/lLly5FRkYOy0UMMNYYsRgTFhZ25coVXDx69KjwLQdpJ1VVVbNnz2b3b7fbfX1958+fn56eLqykPW7O87zFYpk1axbtU+GxIoFPnDiBBWZ3y9BUNsaw1SHWeLpUIcY8xSi9HyNNec3Il46PwhmzOXo2co6UxpxIaGjoxo0bUdrUwsLCnJwcnE6DmH9bSfLtb7/9Vii2RxnvaXn+MVIBaFnuGcYRwkhHL8TTVPZE60lFJQo/hGT+IhPRsspjFIonnKJfffUVbURMV1eX0+kUpumNiYnBCYyJaDQat9st27NKpSorKystLf3uu+9kG3Mc5+Pj09fXNwSBU1JSjh8/LtvtEDQV4qk6HHOpAs8aSmOMNOU1LV86DVo2cloa8xAJHMfl5OScOXPm4sWLdrt948aNuHNi/m128u0bN2689tprwk6E8ijJeE9L7Y4hCkDMQ040DtECtHT0QjxNZU/LXi4VVVqjPJk/UR1aVnkhCsUT5XuX9iN1tEajEeZC9ff37+7uprVvb2/Pzc1NSEiQ7ZnjuBdeeCEvLy8lJYXxnQlx7969PXv2pKamDkHg8ePHT58+XbZbTzWVolwdDG2pAs8cyi95RK8Ze5oDipiN3E7/7YAWCag+PT1do9GUlJQI+5Hm32Yk325oaHj77bd1Ol1BQQE6SrjHwinLeE9L7Y4hCmCnJH4nGkdqATslHb0QT1PZE61HFFVawx5LpCbNoRhhVnnZ5OrEITzaK5O2aWpqEiU74DgO5YXT6XQajSY9PR05VPgRAqdcw9263e5Fixah2xLSOxy4W5VKFRsby5CK+J5/dnY26kH4Wxu0btmayu6VsdWRHoIhLlUisFf2FDPEdzAZ+dKJ0LKRc/Q05uHh4cSutm7dWlpampKSgmuI+bcZybdnz54dFxfX1NSEc/2K5FGS8Z6R2h1BE0Cah5xmHKkFmpubienohXiayp6Rnl0qqqiGPZboWKJDZRO5eySeR6jVatHGlzQ1va+vL0parFKp9Hq9cMMHf4SLov7HjRtXVlYWHR29evXq6OhoYrccxzU1NWVlZR07dmzbtm3KBc7Nzc3KyhKlJaZ1q0RTWRjq0JAuVeAZZETf8/doT1b4oxcI9NMX/v7+arVa+HvdtPzbtOTb+fn5hw4d2rp1a35+/vPPP/+YSjGQCsB4CUBqHKkFqqurh11I5enZHxOiQ2UTuXtPPLSr1t/fjzeRuru7/f39hW1UKhXtuw7jI8zMmTMLCgrS0tIuXbpEOzY8PLy4uDglJQXFGPQTcAMDA3g+uFwuFMCEAgcEBAQEBLS1tQljG61btqaMERWqQ0O6VIFnkCHGGL1e7+Pj88cff6DvsDabDX3T1Ol0PT09//zzD/q+3NLSgtoHBATodLqbN2/OmzdP4RCyP3qBCQ0N9fX17ezsfPHFF0UfLViwYMGCBRzHoV9iRjFm165daWlp+/bti46OTk5O/uyzzxQOJESv16tUqubmZrQhbrPZiM1EAhBjDM04UgsoueFMcw0NhvWGdyypOu3t7U6n86OPPkJFfI04XOKxCQgICAsLq6qqevXVV1ENemxseEfZtm3bhQsXiPeZMMLrjJCQEJ1Od+3atZdffhnVVFZWomtcJLDFYsFX5FeuXCHuDYi6ZWvKGHFo6gDAf5DdTcN3FEQpr4n50nl6xmxiNnJ29l8ixK1baf5tJcm37XZ7cnIyT9/Hp2UjRhBTu2OIAtD2nYnGkdWdZi5Pk/kTs5cTt+mlwitM5k+DmMhdSfZ44hB4ijocDo1GIzs6fmuko6Pj7NmzxPdjiAey34+R3vzQarXE92N6e3vr6+tjYmKEPzh9/PjxqKioyspK9BKMTqfDL8Hg92Pa2tpOnz6t0+ksFouSbtmaMkaUVQc3IyYIVzgNGhsbZRc+8ITiWW5/YcprYr50np4xm5iNfLhijDT/tkfJt4cWY4ip3TFEAWirjmgcWd1p5vI0mT8xe7nCGKMwmT8NWiJ32ezxtCHQFD158qRGo8Hfhxiw3/NnxBjp1zX8nr/0qBMnTtDe89fr9WlpafhZDMSRI0eMRqOPj8+cOXPOnz8vEhh9NH/+fOErL7LdMjRljCirDm72ODHm3Llzc+fOVdISeOJ4jqdkgwA84vbt2zExMZDXb+ywbds2q9X6/fffj7YggAyPHj2aNWtWbm7u5s2bR1sWYPgZW7n9n1wgtftY49ChQ8pv6QGjyIQJE06fPo3vBgFPGXAdM3T27t0bFhYWHx/f1NSUlJS0Z88eyLwLAAAgBGLM0Ll69WpWVpbVav3f//6XkZEh+34DAADAswbEGAAAAMBbwG+UAQAAAN4CYgwAAADgLSDGAAAAAN4CYgwAAADgLSDGAAAAAN4CYgwAAADgLSDGAAAAAN4CYgwAAADgLSDGAAAAAN4CYgwAAADgLSDGAAAAAN4CYgwAAADgLSDGAAAAAN4CYgwAAADgLSDGAAAAAN7i//SvAWa0R4QGAAAAAElFTkSuQmCC)
Screenshot: ![jigsaw24.com vulnerability](/twimages/screen-1185758.jpg)
Mirror: Click here to view the mirror
Coordinated Disclosure Timeline
Vulnerability Reported: |
5 June, 2020 23:10 GMT |
Vulnerability Verified: |
5 June, 2020 23:21 GMT |
Website Operator Notified: |
5 June, 2020 23:21 GMT |
a. Using the ISO 29147 guidelines |
![](/images/done.png) |
— |
— |
b. Using publicly available security contacts |
![](/images/done.png) |
c. Using Open Bug Bounty notification framework |
![](/images/done.png) |
d. Using security contacts provided by the researcher |
![](/images/done.png) |
Public Report Published |
|
[without any technical details]: |
5 June, 2020 23:21 GMT |
Vulnerability Fixed: |
14 July, 2020 16:41 GMT |
— |
— |