Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:
      a. verified the vulnerability and confirmed its existence;
      b. notified the website operator about its existence.
Affected Website: |
modelik.pl |
Open Bug Bounty Program: |
Create your bounty program now. It’s open and free. |
Vulnerable Application: |
Custom Code |
Vulnerability Type: |
XSS (Cross Site Scripting) / CWE-79 |
CVSSv3 Score: |
6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N] |
Disclosure Standard: |
Coordinated Disclosure based on ISO 29147 guidelines |
Discovered and Reported by: |
sardhara_badal |
Remediation Guide: |
OWASP XSS Prevention Cheat Sheet |
Export Vulnerability Data: |
Bugzilla Vulnerability Data |
JIRA Vulnerability Data [ Configuration ] |
|
Mantis Vulnerability Data |
|
Splunk Vulnerability Data |
|
XML Vulnerability Data [ XSD ] |
|
Vulnerable URL:
![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAAA3CAIAAABVZQ1/AAAACXBIWXMAAA7EAAAOxAGVKw4bAAASUUlEQVR4nO2dfUxT1/vAr6VAKZe30lakOMFtiIYoEobomGFsKiHMEJ3IHCqiYcgII8Q5ZY51jFXikDhkzhhnGCEbMYwQYoxzyjbmmEPEDitjFRFqrQwRQSsWKNzfH+f3PbnrfWlBytuez1895z73nOd57rn36Tmnfe4ciqIIAAAAALADgqlWAAAAAJi1QIwBAAAA7AXEGAAAAMBeQIwBAAAA7AXEGAAAAMBeQIwBAAAA7MX0jTEBAQF//vknV3E2MYtNAwDgP840jTHXr18fHR1dtmwZa3E2MYtNAwAAsBJjOjs73dzcWA/19/cfPHiQq/iM1NTUrF+/nqs4IXR2dnp5efELYNvxZx6H2NIj81x7mPYsjMPAhw8f7tixQyaTKRSKDz74YHh42E66TT6dnZ1z/oeDg0NAQMCnn346MjJCcDuqs7PTwcHh119/taikD7Zffvll+fLlrq6uK1euvH79ur2teBboI5//fpkQjh49GhAQ4OrqumLFiosXL9q7O2ASGP88pq+vT6VScRWfkUmIMWNiwYIFPT099mh5yk17dpKTk4eGhtRqdW1tbX19fW5u7lRrNJGQJGkymUwmk9ForK6uPnPmjNVxPjo6mpyc/OTJEy6BxMREpVKp1+tjYmJSUlImWuWZytGjR48cOXLq1CmdTrd3797ExMTffvttqpUCnpXpuFZ27949rVYbFRXFWpwqnJ2dJ7zNaWLas/D06dOmpqYTJ04oFIpFixYVFRVVVlZOtVITjLOzs7Ozs4uLy7Jly4qKiioqKvjlxWKxp6fnnj17uATMZnNYWJiXl1dYWNjQ0NBE6zuRCIXCwMBA+gf7UVBQcPLkyVdffdXb23vjxo35+fkFBQV27RGYBGyKMV988UVAQIC3t/fWrVv7+/sJgujv7/f39zcajXPmzPnmm2/oxaKiIjc3t88//3zu3LleXl7bt29/+vQpaufKlSuvvPKKm5ubQqHYuHHjX3/9xdpdTU3N2rVrHR0dLYpo2n748GE0m968efODBw/ef/99mUzm7e29Y8cO/M3xyZMn77zzjkwmmz9//ieffIIWNwiCuHv37rp169zc3BYtWvTtt9/iHgcHB3fu3Onm5rZgwYKPP/4Yy2NYF0Zu3Ljh7e1tsSqChVk9wGMpqw6oqYMHD8pksnnz5n399dfMGi57WSVtVJJ5xbnkXVxc7ty54+rqik5sa2vz9fUlCGJkZGT//v1z5851dXXdtGnTgwcPmG7Eyy82msnjIjQqvLy83n77baQwqw5ffvnlunXrsAIffvjh9u3bWS8NFyKRyGw288sIBIKysrLS0tIff/yRVSA9PT02Nvbdd9/Nycmhj0PEJI8EzO3bt11dXa9du0YQxIMHD7y8vH766SeFQnH16lWCIBQKxR9//IEkf/jhB6uOwjLMu37z5s2fffYZlly5ciV6hhgMhsjISFyfkpJSUlJitSNgukPx0tHRQRBEcnKywWBoa2uLjo5OS0tDh1pbW9Eygtlsphfb29sJgnjzzTd1Ol1bW1twcLBSqUSnyOXykydP9vb2tre3FxUVtbe3s3YaGxtbXl7OLCJlkpKS9Hq9VquNjIyUSqVINzQbyMzMRKekpKTExcXpdDqNRhMaGlpcXIzq4+Pj6Yp5enqi+pycnMTExPb29paWlqioqJKSEtQdSZLYD+gz/tDX1xcYGHjixAkupzE9QG+QaSmXDgRBbNu2raur69y5c62trcwaLntZJW1RkvWKc8nTaW1t9fX1bWhooChKpVKFhYU1Nzfr9frMzMy6ujqmBzo6OtAlsNFMfhehYRAZGZmeno7aZ+qg1+tFItGjR4+QQHBwcHV1NUVRUgYW1x3R3d0dExOzd+9e1qtpcUpBQYGfn19fXx/dUsShQ4dIkhSLxQaDgdnC5IwEVpPz8/NXr15NUVR6evqWLVuYuiF8fHyio6MbGxtZjzY0NERHR/v4+KAi866vrKwMCwtDRw0Gg0gk6uvrQ5eGq0dg5mJTjMH3ZH19/cKFC/Ehi+cFfgoTBKHT6VB9VVUVGk+9vb1CodBkMjF70el0/v7+6LPRaCRJsre3l1lELaOblqKoS5cuCQSCgYEBrNsLL7xAUZTZbCZJEgewmpqaiIgIVC8SieiK4dteKpUajUb0Wa1Wh4eHU9ZiTGxsLH6WsTqN6QELj1lYyqUDQRBYhrWGy16mpI1Ksl5xLnmMXq9fuHBhRUUFKsrl8qamJmanPDGG30x+F2GFL126hIcoqw4RERGVlZVYGTQg9QzoaqBHsEQiEYlEaWlp6BSrMcZsNkdERGzbto36d4w5efLk0qVLu7q6oqKiYmJiKIpqa2uTy+W2mDmBI4HV5KGhoaCgIKVSKZVKu7q6mNYhjEajSqWSSCQJCQlarRbXa7XahIQEiUSiUqmQCax3/cDAgLu7OxpLx44dW79+vYU/9+zZg3yOLyUwc7EeY1gfCqyH8FOY/n2kpaUF3z+JiYkhISHZ2dmFhYU///wzljGbzfgLXVVVVXR0ND5EL/IoQy8aDAYnJydcr9Vq0Vcq9I2JrhiS7+3txc8R9ChBCvPEmJycHIFAcOrUKS6nsXrAQn+6abbowOoEHnu5HoJjUpIeBrguKyIiIgLPF/v6+oRCIZrg8ihPb9yqmTa6CLfJpUNBQUFycjJFUSUlJQkJCVz+wa2JxWL0CDYYDPTWrMYYiqK0Wq1YLK6urqaPVRz5DAaDVCpVqVSXL18OCQkZk5msNeMbCRZcuHCBIAh8KXno7e2Nj48XCoW4RigUxsfH42+BCNa7PjExEXXx+uuvo6k8fR6DpjWXL1+m3+DADEX4LOtsY+W77767evWqRqMxGAzZ2dmrVq06evQoQRAODg7z5s1DMpP/izKTySQQCBobG4XC//eGQMC3TTUwMFBVVVVRUZGRkbFhwwYPD4/x9Us3baw6TDfu3bvX3Nz8+++/0ysdHBwmsIvxuYipw4YNG9Ci/5kzZ5KTk1GlTCazELt//z7uRaFQjE/nF198UaVSpaamnj17Fjfb29u7fPlygiDmzZtXWloaHx/f2NiI9yEmbSRwmdzV1SUQCLq6uvhPv3XrVm5ubl1dXV5eHq7My8srLCxMT0/Py8t7/vnnUSXrXZ+QkFBSUpKUlNTQ0FBVVUX87/d7w8PDjo6OHh4eHh4e3d3dYrF4Im0GpgT+EDS+eQxBW1Sprq62WFRBqNVqPz8/i0qz2SyVSvFk36Jo4zzGxrWy6upqfDpJkvwLO3TrhEJhS0sLRVFxcXEZGRmsTmP1AL1BC9Ns0YGrhmeFhH8eY1VJirGcxXVZzWazxe6aXC5Xq9UWnT569EggENDXtWyfx1C2uchixsDUgaKo4ODgCxcueHp6Yk141sq4fGjLPAYRFRUVERGBB6dIJKKvL6WmphIEodFoxmQma82YRgKryX19fT4+PhUVFRKJBA1yVtLS0kiSzM7O7unpsTjU09OTlZVFkiTeuKWD73qTySSRSI4cObJhwwZ81NfXl768UVhYiNYSgRnN+GOM0WgUCoX4bsFFvDms1+s1Gk1ISAjaHG5paYmJiamtre3p6dHpdLt27YqLi8MtoxXburq64OBgXGlRtDHGUBS1a9eu9evXc+35Y8WwfFpaWkREBPqqdejQoby8PIqiHj16JBQKW1tbzWYzcz+GoqjW1laRSNTc3Ew3gaJtj1t4gN6ghWlcOtj48GW1l1XSqpL8MYYpz2wZoVKpwsPD0X57RkYG2vOnKCo8PHzXrl1dXV1of35MMcYWF9GHAZcOubm5S5cupQ8/LqzGGNO/oQ8VTHt7O0mSWKv09PRVq1ZpNJqenp7S0lKpVOrj43PgwIExmcmlm+0jgZX09HS0fpifnx8VFcUllpSU1NHRwdNOR0dHUlISxXvXb9myxd3d/fTp0/is4uLihQsX1tbWdnd3l5eXSySS+vp6W9QGpjPjjzEURSmVSrFYXFpaSi8ePnyYJMmCggK5XO7p6blt2za0LT80NKRUKgMDA52cnORyeVJSEt5UxL3s2bMnJycHt29RtD3GGI3G1NRUqVTq5+enVCrxMrper1+7di1JkoGBgYWFhVjeZDJlZWX5+fmJxeLY2Fj8TXDfvn3IQNYYQ1FUZmYm+h0Oc9LD9AC9QQvTuHSw8cnCai//uVxK8m+ZsBrFvBYURZnN5r1790qlUpFIFB8fj7/wot+qkSS5ZMmS4uLiMcUYW1xE14RLB7VaTRAEHrc88McY5qrA8ePHWU85fvw4fbDt27fP399fJBKFhoaWl5e3t7eLxWIcAidhJLDS2NhIkiSaqppMJn9//7KyMqtn8cNz11dXV5MkSR9FFEUVFxf7+/s7OTmFhobW1tY+Y+/AdGAORVETu/jW2dkZHBz8+PHjcZy7aNGisrKyFStWsBZnCrZ4YMpNG+tlepbLOt148uSJVCo1GAyTkBwFAP7jTOqev1X+/vtvnuJsYhabNv05f/58ZGQkBBgAmARm0o+XZhAjIyO7d+/mOjo8PPzWW2/9888/k6kSgOjv70e/Wp5qRQDgPwHEGLswODjo7+/PddTR0dHJyYknnxVgP/B+0lQrAgD/CWZGjJmcvOLPAv3VBiRJEgSRlZWFig8fPty6dau3tzc99X1WVhb6s9tUsWDBgjFtroxVftoyODj4/fff2yPDKQAATGZGjJn+0F9tYDQaxWIxfoqlpKSMjo42NzdfuHChrq4OiUkkEqPROGXqAgAATAoQY+zL4ODgmTNnjh07plAoFi9eXFhYePr06alWCgAAYJKwHmOY2cJ5sqmPqR1Uf+XKlZUrV7q4uMhksk2bNt29exfVc+XhZ8KVdn6syc+tvjWAqyOLNx3QdTOZTKOjo05OTqgoEokGBgaYJtiSLB0AAGDGYT3GZGZmGgyGpqamc+fO1dTUHDt2jCAIo9HY3NxcX1/f0NCg0+lycnLG1w5BEE1NTampqV1dXRqNxs/PLyMjA9VnZGS4u7u3tLScPXuWHmNkDJA+DQ0NjY2NjY2NTU1Nhw4dQsJGo7G1tVWj0ZSWlqKUUFxqGI1GtVp96dIltVptMBiCgoJ6enqam5svX77c0dGBDWTtyMPDA7/aICkpiW61h4dHaGhoTk7O8PDw48ePlUplWFgY0znJycmvvfYaelEHAADA7IH/L5qsGZA6uLOpUxx/KubKpGRBW1sbyhTLk4efmWepgzdNve3Jz62+NYCrI4rtL/S405aWlpCQECcnJ5Tg7/z580wZrmTpAAAAMxor85ju7u6hoaGAgABUDAoKQs9ZkiTxCw39/PxQQvJxtEMQxLVr19asWaNQKGQyWXh4uMlkQvIEQcyfPx/L46YUDAiCEIlEdGGdToc+kyRJ/0EajxokSeIMyn5+fu7u7i4uLqjo6+vb09ODPnN1xMPixYuvXbvW3d2dn58fFha2Zs0apoyrq+v+/fvb2tqGhoaWLFlitU0AAIAZwdTv+cfHx69evbqurk6tVuMU6DywrpVNf8Ri8ZEjR3Jzc7kEbt26hfI20pOlAwAAzGis5JKRy+VOTk63b99G3/1bW1t5/lo4jnbu379vMBg++ugjJIanC3K5nCCIO3fuoEmDVqvFTaGEhnTMZrPJZKILP/fcc3Yyx8aOmKAMu2+88Qbr0d27d5eXl6empmq1Wm9v7zGpBAAAMG2xMo9xcHBITEzMysq6c+fOjRs3lErlli1bbGl38N8QBMHajkwmk0gkX331VX9//82bN5VKJe43JiYmOzv77t27SB63zLpWRhAEXTguLm5izaHD2pFUKjWZTDdv3iQIQiAQmM1m+ikjIyMFBQV0K8xmM34JFUEQRqNRo9EcPnwYAgwAALMKqzs2zGzhVnPsM3s5fvw4V779urq6sLAwkUjk4+OTnZ1N39tnzcPPxMY09VzmMCW53hrAn98ev+nAZDJZvIeqrKwsNDSUrkZlZeXSpUut+R4AAGBmM/G5/SefSUs7b3tH7733nkajuXjxIuvRwcHBoKCgAwcO7Ny5c6J1BAAAmEZMr9z+s4bCwkLmvhHG2dm5vLz85ZdfnkyVAAAAJp+p/13ZrMTR0fGll17iEYAAAwDAfwGIMQAAAIC9mA37MQAAAMD0BOYxAAAAgL2AGAMAAADYC4gxAAAAgL2AGAMAAADYC4gxAAAAgL2AGAMAAADYC4gxAAAAgL2AGAMAAADYC4gxAAAAgL2AGAMAAADYC4gxAAAAgL2AGAMAAADYC4gxAAAAgL2AGAMAAADYC4gxAAAAgL34PzwtN4+fz84OAAAAAElFTkSuQmCC)
Screenshot: ![modelik.pl vulnerability](/twimages/screen-1188167.jpg)
Mirror: Click here to view the mirror
Coordinated Disclosure Timeline
Vulnerability Reported: |
7 June, 2020 17:26 GMT |
Vulnerability Verified: |
7 June, 2020 17:41 GMT |
Website Operator Notified: |
7 June, 2020 17:41 GMT |
a. Using the ISO 29147 guidelines |
![](/images/done.png) |
— |
— |
b. Using publicly available security contacts |
![](/images/done.png) |
c. Using Open Bug Bounty notification framework |
![](/images/done.png) |
d. Using security contacts provided by the researcher |
![](/images/done.png) |
Public Report Published |
|
[without any technical details]: |
7 June, 2020 17:41 GMT |