Open Bug Bounty ID: OBB-1187860
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:
      a. verified the vulnerability and confirmed its existence;
      b. notified the website operator about its existence.
Affected Website: |
oilsjt.be |
Open Bug Bounty Program: |
Create your bounty program now. It’s open and free. |
Vulnerable Application: |
Custom Code |
Vulnerability Type: |
XSS (Cross Site Scripting) / CWE-79 |
CVSSv3 Score: |
6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N] |
Disclosure Standard: |
Coordinated Disclosure based on ISO 29147 guidelines |
Discovered and Reported by: |
geeknik |
Remediation Guide: |
OWASP XSS Prevention Cheat Sheet |
Export Vulnerability Data: |
Bugzilla Vulnerability Data |
JIRA Vulnerability Data [ Configuration ] |
|
Mantis Vulnerability Data |
|
Splunk Vulnerability Data |
|
XML Vulnerability Data [ XSD ] |
|
Vulnerable URL:
![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAAA3CAIAAABVZQ1/AAAACXBIWXMAAA7EAAAOxAGVKw4bAAAO5UlEQVR4nO2dcUwb5RvHb12HHRwZxVJYYYEywxZC2LIQJAYjsmVbkJDKEKfiVieZhMwFidGNJYi4sImAimiMwbgRk+2PZVkaYpAQTZoFlXVYkWAlUEut0MxSVjw3YB33++Pye3Peve/1WlrKxvP5q+/bu+f9vu9749k9d32eDSzLUgAAAAAQARTRFgAAAAA8tICPAQAAACIF+BgAAAAgUoCPAQAAACIF+BgAAAAgUoCPAQAAACLFmvAxer3+l19+ITXXJg+ESAAAgOgSfR/z66+/Li8v79q1C9tcmzwQIgEAAKJOAB8zNTUVHx+P/crn8507d47UlI/JZCorKyM1SXokhGGPJ8mTaUdC89zc3CuvvJKUlJSamvr222/fu3cvWGsURb3xxhubN2++ePFiUGfxV0OtVocwbsjIXLeQrwoAAB4SWEkcDgdN03K+kjhSmvz8/P7+flJTzMLCQlDDSR8fmmy+yLKyshdffNHlctlstsLCwlOnTgVrzePxKBQKq9Xq9/uDOhGJdzgcCQkJwY67QriFlSbkqwIAgIeDKMfKZmZmxsfHi4qKsE0sjzzySFBDBHt8QPgi7969Ozw8/MUXX6Smpu7YsaOjo+PKlSvBGmQYJjY2dteuXRs3bgzqRKVSmZWVxf+wmoR9YQEAePiQ5WM+/vhjvV7/6KOPvvzyyz6fj6Ion8+XkZHBMMyGDRsuXrzIb3Z0dMTHx3/wwQfJyclqtfro0aN3794lWTaZTPv379+0aZO4+e+//7722mtJSUnbtm17991379+/T5FDNDdu3HjyySfj4+NTU1MPHTr022+/cf3c8QK14tPff/99sdrFxcVXX301Pj4+PT39nXfe4QQIRG7evPnPP/+Mi4vjvpqYmNDpdBRF/fXXXwcOHIiLi9u+ffuHH34oEcianZ3la8POmrQaqampN2/e5D789NNP3JHffvstaSzxAdh1u3///unTp5OTk+Pi4p577rnZ2VluGc+dO5eUlLR169Yvv/ySvxHcZ/GOB1x2AAAefqRvcxwOB0VRRqNxenp6YmKiuLi4pqaG+8pms9E0vbCwwEV4UNNut1MUVVFR4XQ6JyYmcnJympqaSPZLSkq+/vprbPPYsWOlpaVOp3N0dHTPnj2dnZ3sf6ND/CCMVqvt7u72er12u72jo8NutyP93GECtYIJYtU2NDQcPnzYbrePjY0VFRV1dXVhNSNsNptOpxsaGmJZ1mAwIJu5ubkokKURIdCGnTVpNbCkpKQUFxdbLBbxV0NDQ8XFxSkpKdLr1tLSkpeXNzIy4nK5Tp48aTabuVU6cuSI2+3u6+uz2Wz89ZdYQ9KyAwCwTpDlY+bn57nm4OBgZmYm+gr7PIY7xel0cv1Xr17Ny8vjPjudzoyMDHQKwzA0TXu9XnHT7/fTNI1chclkKigoYAk+xuv1KpVK7OMBkk8STBCrVqPRMAzDfbZarfn5+WLNCJfLlZmZefnyZU68SqXi20Q+xiWCr400a1I/FoZhWlpaEhMTKysrx8fHuc7x8fHKysrExMSWlhY0KdK6abXa4eFh8SrxZy32Mdg1hOcxALDOUQa80aFpGkVFdDqd1+sNeIpKpdq2bRv3eefOnU6nE50+ODiIDuvv78/Pz0dxJH7z1q1bS0tLer0eGeH+kGFRq9UVFRUFBQXFxcU6nS4vL++pp54KKFJa7dzcnMfjycjI4PqXl5eVSqVYM6KioqKuru7555/nxFMUxbeJDktNTZVQQpp1UKsRFxd3+vTpmpqaY8eOZWdnc++5ZWdnl5aW2u32LVu2oCOx6+bz+bxeb25ursAsTdMSET/SjgMAsM4J7GPCyMaNG7du3YqaQb21LM2lS5du3rw5Ojo6PT1dX1//xBNPfPLJJyuRurCwoFAoLBYL51ooilIoFCSRMzMzIyMjP/zwQ0CzSUlJgp6///57JTqxTE5ONjY2ms3m5uZmrqe5ubmtra22tra5uXn79u3oSPG6nT17lqKoYN8+AAAAwCN9myMOiKGwj8xY2bVr11DkhI/f79doNCj+I27Kj5UJsFqtaWlpYlVyYmV8tTRNC0JGApH8fn6nIFZ27dq11YyV1dTU0DRdX1/v8Xj4/R6Pp66ujqZp9ERNAFo3rVZrtVoFqyRYPYlYGX8NIVYGAOuc0H0MwzBKpRJF/FETPQF2uVyjo6O7d+/mP/NH0X+z2ZyTk4P6BU2WZaurq8vKykjP/Ofn55VKpc1m8/v9Y2NjBw8e/O677zwej9PprK6uLi0tFegXqEUyJNTW1NQUFBRw/8dvbW1tbm4WixTPi4N75o9sSv94hb/I2FlL9IupqqpyOBwSY1VVVXGfSevW0tKSn5/PPfM/ceIE98w/oI/BrqFg2QEAWG+E7mNYlm1qaoqNjb1w4QK/2d7eTtP0+fPntVptQkLCkSNH7ty5I7b25ptvNjQ0IFOCJsuyDMMcP35co9GkpaU1NTVxLybxLZw6dYobfWlpqampKSsrKyYmRqvVVlVVud1u8YhIreDvI03Tra2tYrULCwt1dXVpaWmxsbElJSV2u10sErssLMu6XK79+/fHxsZmZma2tbXJ9zHYWUv0rwTSuvn9/rfeekuj0ahUKoPB4PF4AvoY0o6zoosEAIB1xQaWZcMbfJuamsrJyfnnn3+kD9uxY0dPT8/jjz+Oba6yGJmEJnJqamr37t1zc3Nh0bAGCe8iAwDwMLGqz/z5/P777xLNtckDIRIAAGDtEOVcMhHN6n/v3r3BwcG0tLRwGVwnRL1sQdQFAAAQLqJ2H0NFPqv/8ePHTSZTd3d3uAyuB6JetiDqAgAACCPhv49JT0+XGZoP4+9jsHz11Vezs7PPPvssvzO0ZP5i5NtJT08P7WFMVBLj83dhcXHxhRdekJgmtwjydzxYASEjZ3dWYXmjWHwBANYI0YyVRdrHPOjcvn27paVllQdFu7C4uHjw4EG/3y9xcHp6usfjiZCAlSBHWFSWFwDWG1HzMSFk9QciDX8X3G73vn372trapE8Jb4b/MF4Ga6H0QHSLLwDAWiCwjxGnfxdneqdwCeGlzYaW1R9bMkCchJ87uL29Xa/Xq9Xql156iStJgBAn8xdEV/jBjZmZmWeeeSY+Pl6v17e3t/ODHtiiAHKqEiD7JKmCxPiffvrpgQMH0Olnzpw5evSoYEnF42J3SmI6/F1IT08/c+aM9CbyJ4UtExBUoQGBgJDrDlCieqly6g7Il/rHH3/ExcX9/PPPFEXNzs6q1ervv/8eewq2+AIArCsC+5jS0lKj0eh0Oq9fv15YWKhSqSiKYhjGZrONjo5euHChsLCQoqjW1taBgYGBgYHx8XGdTjc2NkZRVJIIZFYiUHby5Mnp6enh4eG+vj6TyfTZZ59x/QzDDA0NWSwWi8UyPDzc2trK9Tc3N9+5c2dkZKSvr89sNn/++efcwSMjI4ODg0NDQ06ns6GhAY3FMIzl//DtkDhx4kRMTMzExMTAwEBPT09AOyT9JLBSt2zZghLjV1VVGQwGs9mMHnuYTKby8nKBHey44p0iTUe8KUGBvU6MRuPevXu5v7MCbty4sXfvXqPRSBKANYi9zMRz5IO9bATLG5RUvV7f0NBQV1dHUVRjY2NJScnTTz9NSV7tALB+kf6JJjb9uzjTO4tLCM8S0nOxoWb1p2Qn4ReUJLh+/Tq/JAHWDimjAZd8DOlBifpJdgJmWhPYl5bKP6WgoODKlSuoX7Ap2HHFO0WajnhTsBoEoG9JZQLkFxoQCFhJ3QG+MPl1B4KSurS0tHPnzqamJo1Gg5JKkK52AFjPBHh3mZQ2X5DpnZQQnpTKPrSs/kEl4eeXJEhLS+OXJAgqEf2tW7eWl5f5eqTtBJWHn0NCKh+DwdDb23vo0KHe3t6SkhLB8wbSuIKdkpgOqWyBHEjXifxCAwIBq193ICipmzZt6urq2rdvX2dnZ3JyMtcpXbgBANYngWNlly5d6u7uzs3NXVpaqq+vf/3110lHihPCk6IHYXyjDCXht1qtVqt1ZGTEarWGZmqNU15e/s0331AU1dvbKw6UrZwVvtBFuk4mJye5xJr8QgNms7m2tnZyclJCAMlg5OoOyJdKUZTb7VYoFG63G/VArAwAMAR118Olf8fGT8QJ4VlC9CDkrP6U7CT80iUJsHbm5+cVCgU/ZsWPlaFMxqRYGbJD0k+yL796AsuyOTk5AwMDCQkJyA6CFCsTWCBNh1S2QGasTAAqEyC/0ABJgMCgnLoDLDlWJlF3IKiaCLdv305JSbl8+XJiYuLY2BjXCbEyABATwMdg079j/1WLE8KTbIac1Z+SnYQ/oI/B2snPz6+urna73ePj44WFheiUiooKg8HgcDhGR0dzc3P5PgZrh5SHH2tffvUElmUbGxtzc3NR5QL2vzUFxONidwo7HVLZArEF/ojoW1KZAPmFBgQCVlJ3gBX5GDl1B+RLZVm2tra2srKSZdmzZ88WFRWRzgIAIICPwaZ/x/6rFieEJ9lcSVZ/bAJ5cRL+gDcH2GT+ExMTxcXFNE1nZ2d3dnaiU9xud2lpKU3TGRkZ58+f5/sGrB1SHn6s/aCqJ3BhQNQUP7UWjIvdKex0JMoWYCvRCZoS5RVkIhCwkroD7H99TNjrDlgsFpqmuXujhYWFjIyMnp6eoCwAwPohuFhZWMjKyvrxxx9JTRJrpKKizWbTarXRGp1hGJVKJXiHaiWg6cjcBQFh3JTQBARkjVw2ALBuiUJOzAcxqz/CarVmZmZGa/T+/v7CwsIwZr5C04n6LkRdAAAAkSCaeZcfFN577z2dTldWVma32xsaGhobG6Miw+fzdXV1HT58eIV2wjUdKJ0AAEBgon0jJZcoBj3MZvOePXtiYmIee+yxjz76KCoaWJaNiYkpLy8X/ywxWMI1HaPRmJiYePXq1RXqiSgQKwOA6BL+WssAAAAAwBHlOpgAAADAQwz4GAAAACBSgI8BAAAAIgX4GAAAACBSgI8BAAAAIgX4GAAAACBSgI8BAAAAIgX4GAAAACBSgI8BAAAAIgX4GAAAACBSgI8BAAAAIgX4GAAAACBSgI8BAAAAIgX4GAAAACBSgI8BAAAAIsX/ADWLQYH/O3YUAAAAAElFTkSuQmCC)
Screenshot: ![oilsjt.be vulnerability](/twimages/screen-1187860.jpg)
Mirror: Click here to view the mirror
Coordinated Disclosure Timeline
Vulnerability Reported: |
7 June, 2020 13:48 GMT |
Vulnerability Verified: |
7 June, 2020 13:57 GMT |
Website Operator Notified: |
7 June, 2020 13:57 GMT |
a. Using the ISO 29147 guidelines |
![](/images/done.png) |
— |
— |
b. Using publicly available security contacts |
![](/images/done.png) |
c. Using Open Bug Bounty notification framework |
![](/images/done.png) |
d. Using security contacts provided by the researcher |
![](/images/done.png) |
Public Report Published |
|
[without any technical details]: |
7 June, 2020 13:57 GMT |
Vulnerability Fixed: |
1 July, 2020 17:43 GMT |
— |
— |