Open Bug Bounty ID: OBB-1188903
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:
      a. verified the vulnerability and confirmed its existence;
      b. notified the website operator about its existence.
Affected Website: |
mybroadbandaccount.com |
Open Bug Bounty Program: |
Create your bounty program now. It’s open and free. |
Vulnerable Application: |
Custom Code |
Vulnerability Type: |
XSS (Cross Site Scripting) / CWE-79 |
CVSSv3 Score: |
6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N] |
Disclosure Standard: |
Coordinated Disclosure based on ISO 29147 guidelines |
Discovered and Reported by: |
Tanzil |
Remediation Guide: |
OWASP XSS Prevention Cheat Sheet |
Export Vulnerability Data: |
Bugzilla Vulnerability Data |
JIRA Vulnerability Data [ Configuration ] |
|
Mantis Vulnerability Data |
|
Splunk Vulnerability Data |
|
XML Vulnerability Data [ XSD ] |
|
Vulnerable URL:
![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAAA3CAIAAABVZQ1/AAAACXBIWXMAAA7EAAAOxAGVKw4bAAAXdklEQVR4nO2df0wUR/vA1/PEEw7EE1CBViCWGmsooZZgq4aqUWsJuVJFq1TRGksNGmOopdZQqhbRoqHUEmO0ocZYaoi5moaoJdZckCoiPSmhSNCeFE9EVMCTnnC67x/z7XznnV+7d9zBvXY+f93OzjzzPDPP7NzO7j4zQpZlSSAQCAQCL6AZbgUEAoFA8Mwi5hiBQCAQeAsxxwgEAoHAW4g5RiAQCATeQswxAoFAIPAWYo4RCAQCgbfw3TkmOjr66tWrrEOBQBoqrxC+9+zhap+67QPCeXx0jvn999+fPn368ssvUw8FAmmovEL43rOHq33qtg8I55EU55ibN28GBgZST/X09OzevZt1OEhOnTqVmprKOnQDjiEe5ObNm+PGjfNedVC+r+HZ3lcJ8Io333xzz549aPqZM2ciIiI8W4sbHeq9znJDmQcPHqxZsyY0NDQiIuLjjz8eGBjwuEocYwczHNwuCwuSuqHXE0w+tTpOfj6w4Agabhj1v4j79zHd3d0FBQWsw0Hi8TlG4FU82/sqAV6RlpZmMpnQdJPJZDQaPVvL5MmTu7q6PCVz6MnMzOzv77dYLOfOnaupqcnLyxtujdTijZYHfXrnzp3Vq1cD4devX1+5cuWTJ088kh8rKEmSw+FwOBzNzc3BwcGOf/CsUb6LzMVqter1ejWnODldxWazBQcH9/f3Uw/dw4Pq8WsJDg72XnVQvq8xNM2LAr2io6NDq9V2dHTAU+Hh4VVVVZ6txY2y3ussV1u7r68vMjLSbreDw9ra2ilTpnhcJY6xQ+8esiy3t7cnJCSAH4mJiTAd7dNvv/12ypQpWq02Pj7+9OnTaCmV+TmQzuOz49erqLqP+eqrr6Kjo8ePH//ee+/19PRIktTT0xMVFWW320eMGPHdd9+hh/v37w8MDPzyyy8nTJgwbty41atX//3330DO5cuXZ8+eHRgYGBER8c477/zxxx/U6k6dOrVgwYJRo0Zhh+Audd++fdHR0QEBAcuWLbt3795HH30UGho6fvz4NWvWPHr0SJKkb775ZuHChVDap59+unr1avB7z549mFZA5u7du0NDQydNmnTkyBFJkh49evTBBx+EhoY+99xzn3/+Ofy3cvny5ZkzZ44ZMyY0NHTp0qW3bt2SJOnWrVsLFy4MDAx88cUXjx8/jhpCVscSgpo2bty4lStXgnbmyKfKkSTpyZMnn3zyyYQJEwICApYuXXrv3j1OOtVScvUAXQAklcScAetNV+tV7F/MKyZMmJCUlARvZS5duuRwOJKTk6lusGzZsi+++AImzpw5Eyj8+PHj999/PzAwcPLkyZ999hnsccz3YIO42llU+X/++WdAQMBvv/0mSdK9e/fGjRv3yy+/oE0HKqIOJYk2Kln5x4wZ89dffwUEBICCra2t4eHh1K5xqQs4ns+HNb5u37791ltvBQYGRkdH79u3D1t25jQ7xpkzZyRJioiIuHLlCvhx6dIleBa9vDx9+hSmazQatJTK/NSqyYL/ZpTnGLvdbrFYampqamtrbTZbbm6uJEljx45tbm7W6/UOhyMjIwM9fPvtt+12e21tbV1dXV1dXX19/d69e4GolJSUzMzMtra26urqWbNm6XQ6ao2chTKgTHV1tcVisdlsU6dO7erqamhouHjxotVq3bZtmyRJRqPRbDY/fPgQFk9LSwNl6/4B1cputzc3Nzc2NpaVlc2aNUuSpE2bNtlstvr6+tOnT586daq0tBTkrK+vX79+fUdHR2NjY2RkZHZ2tiRJ2dnZQUFBTU1NlZWV6EhjVUcVAvI3NDSAdm5rawO2cOSz5Ozdu7eqqqqqqqqlpSU8PLypqYmTzrKU4wykkpgzYEVcqldN/5JegS6XmUymlJSUkSNHUt0gPT0d5rx9+7bFYgGrajt27Ojr62toaDh9+rTZbD548CBZi2I7cDqLKj86Onrbtm2bN2+WJCkvL2/x4sVvvPEGWRF1KFFHJSc/5Nq1azk5OUVFRayuUd8FLGNDCTAdWL2fnZ3t5+fX2tpaVVV19OhR9c0OuXz58rx58zIzM8myENind+7cOX/+fHl5uU6nq6ioKCsro659qcxPVi1W+P8P/m2O1WqVJKm3txcc1tTUxMTEwFPUtTJQpK2tDaSfPHlyxowZsizfv39fq9U6HA6ylra2tqioKPDbbrfr9fr79++Th0Byd3c3OFVdXa3RaPr6+qBucAUgKSmpoqICauVwOFhagXRYnSzLTqdTr9ffuHEDHJ46dSopKYnUubW1deLEiU6nU6fToWLhWhm1OqoQsp2rq6tBO7Pks+TIshwWFlZfX0/mIdNZlpI9ixpFKkkWcbtelf2LOYnVatXpdECxqVOnmkwmkE66QV9fX1BQEGjP0tLS1NRUkDMkJAQuJVksFrC0gvkeNNCNzqLKl2W5v79/6tSp+fn5ISEh6HIfWhHLaclRqeh17e3tMTEx5eXlrK5R3wUcY9sJ0NZj9T4QCNPRoYReWKjuJ8tyS0tLenq6wWAoKCiATU2CeY6stI6nJj+1arKg/G9dK3PteQzaRpw5RqfTwfSmpqawsDDwe/ny5fHx8Vu2bCkqKjp//jzM43Q6bTYb+H3y5Mm5c+fCU+ghRxnssLCwMDMzU5blAwcOpKenc7QiPcZms/n5+cHDlpYWePmur6+fP39+eHh4SEiIwWAIDg622WyYWDgwWI1ACuGYxpLPktPd3a3Vap1Op/zfUNNZlnLmGJXO4Nl6yUPMSWRZjo+PLy8vB7dT8JpIuoEsy8uXLy8pKZFlef78+ceOHZNl+f79+5IkhfyDwWAAncXyPVc7iyUfUFVVJUkSUAlDpdOiHcTyOkBSUhKsiNo16ruA45lUQ6BYVu9j6ehQghcWjm5ardZoNMLZkQXpOYPPT62aWvDfOccM6fcx33///eHDh+Pi4vr7+7ds2bJx40aQPnLkyEmTJoHfHnmjLC0trbKyUpKkn376CSyUeQSj0Thnzhyz2WyxWID84RLClzNy5EhqEVa6t/F4vaRXgOUyk8m0aNGiMWPGwETSDcBy2YMHD2pra+E7PxqNpq6uzmKxWCyWhoYGi8VCrcU9WPIBHR0dGo2mo6Nj8BXxuX37dkNDAxx0AG+4hOJamTfYsWOH2WzesGHD9evXOdlc7VM1+alVi4Wy/4c/Bbl3HyMhN+wmk4m6TGSxWCIjI7FEp9MZEhIC75exQ/V/smRZnj59elVVVXBwMLi5ZmlF/gFn3ct3dnZqtVpU/+DgYGzFwGQyUdfKYHVUIRzTWPJZcmRZDgsLs1gsZIOT6SxLe3t7NRoNuijh9n2MS/Wq7F/MKwCNjY1BQUEJCQng1gSCuYEsyw6Hw2AwFBcXp6WlwWx6vZ5c0GP5nqudRZUP6O7unjhxYnl5ucFgaGpqws6qdFpsMZM19JxOJ9ZoZNeoH2IcYwezVma1WkE6da2Mo5ssy11dXZs3b9br9VlZWTINqudwUJ8fq5pV8N95H+P+HGO327VabUtLC3YIHH3JkiXt7e2NjY3x8fH5+fmyLDc1NS1atOjcuXNdXV1tbW3r1q1LSUmBksFzGrPZPH36dJiIHbo0x+Tl5cXFxcEqWFpRL47r1q1LTU1ta2trbGxMSEiAywthYWGlpaXd3d0tLS1GoxFUZzQaUbHoaCerYwnhmEaVz5Ijy3JBQUFiYmJDQ0N7e3t2drbZbOaksyxNTExct25dR0dHS0vLrFmzFJXEnAF96qa+XpX9i3kFJDY21s/PD1uywNwAsGLFiqCgoBMnTsCUrKyspKSkxsZGm822d+9e8M+U5XtudBYpH6Rv2LABLOLt2rUrOTkZaz2VTovNMVSvI/uF2jUuDTGWsSS9vb1arba5uRkszbG8bsmSJUaj0Wq1NjY2xsXFuTrHwPSMjAyqGizPYeFqflg1q6CYYyjw+zU/P9/f37+srAw93Ldvn16vLywsDAsLCw4OXrVqFVgf7+/vz8/PBxeCsLCwjIwM+JAT1pKTk7Nt2zYoHzt0aQCA5QioGyi7d+9eTCvqHGO329evXx8SEhIZGZmfnw/XrM1m84wZM3Q63cSJE7ds2QKqa29vX7BggV6vj42NLSoqQgcGWR1LCMc0qnyWHFmWnU7n1q1bQ0JCdDqd0Wjs6uripLMsbW1tnTt3rl6vnzZtWklJiaKSqDNg2dTXq7J/Ma+AbN26ddGiRVgi5gYAk8mEPraRZdnhcGzevDkyMtLf33/x4sU3btzg+J4bnUXKl2W5rq5Or9eDWwGHwxEVFXX06FGyInIo8R+Ykfmp7UntGpeGGMtYKrm5ufBawfK6jo6OlJQUvV4fFRVVWFjo3hzDgeU5nsqvWFDMMZ6Bs2yiSGxs7MWLF1mHLmG323U6HfZeh+AZwCWvcNsNBuN7nsLVoTSYoedrNDc3Yy8sDB5X+9RtH/AF5/EdtEP57EeRa9eucQ5d4uzZs7NmzfLN6F6CweCSV7jtBoPxPcHgsVgsMTExnpXpap+67QPCeVCG6L0yNQGuPRgEu6enB7yu6mpB3w/EPRgNfd86PlevXv3www/V53fPDQYGBt599907d+5wKv1fb0nfZOfOnUeOHLl79+6lS5e2bduWlZXFyRwdHX3lyhW0pwS+yVDMMWoCXHs2CDZcj3aplO8H4h6Mhr5vnSKZmZlRUVHq87vnBqNGjfLz88vJyWFV+gy0pG+SnJxcWloaGRmZkZGxadMmGAKKBHTBK6+8gvaUwEfhL6WhK7wgti6ZrsiuXbuys7NV5unt7d20adPzzz+v0+liY2MLCwvJLwpVKswBtcUlPYcXTEOqsawWULSupKQkJibGz88vPj6+srJSURmyIlclkAI5T0S7uro0Gg01TgRHJZVg/lBfXw8+DKRWirYkx2TwlhdAo9FERUXt2LEDvt1AjsTi4mJwSqPRwLcBoSj0NXG0VGRkZG5uLgy8SLYA1qolJSVRUVH+/v6JiYlo5FC+WEVLOZUqWkS9LqFvch87diw2Nha9DsAugD0l8FmUn/mjb1KyXq3hk5iYePbsWZV5wPuLzc3NnZ2dVVVVycnJtbW1KivCFOZA1V+NnsML1LCjo2PVqlXgxaTW1tYVK1Y4nU5qIlmWCrj0VFVVdXZ2Hj9+3GAwYBcFEqwN3ZBAClT5rfhg8qgpyHqXCQBbkm+y9Z8ANiCGDQghA95aRk9B0OknJiYGDYhCfooExTY2Nr722mvbt29ntQBaFswT4PuBioqKkJCQ6upqNWLVWMqqVNEiMu79xo0bV61aBTPHxcVhbwbCLniWXnN4VnHhvTL35hg10dFhnr6+Pq1WqxgQYvCQ+ntkBwGvgmlIDTPOij2uaF14ePi5c+fgYXFxMfZNCQnWhm5IIAX6/hyDtiTfZLJsdXX1tGnT+HparVZ/f/+EhAT0Q0JyjkGL1NTUTJ06lXUWLYspfPDgQfQDMo5YVy3FFOZbRKbYbDa9Xm+1WmVZrqysjImJQf8toV0g5hjfR+0+mPz47azQ6BI7wDU1CDYIna3V0t92Y4UiRyPzkzHYyVDnVFvcCMSNmsDPQN3UgBpnnhrenKohNcw4K/Y437qenh6bzQZiTgPmzJkDAzarianOlyCxdyJwOz48SyAK1S1Jn+H7NgZsSUWTSXQ6ndPpVDRNo9EcPXq0rKzs559/VswsSZKfn19/f79iNlLhtWvXHjhwQFGsG5ZiuGrRpEmTMjMzQdDowsLC3NxcNOaNmkuKwHdQ+8yfH7+dFRpdosXt4QTBDggIWLx48fLlyy9cuIDuVAFghSLHIvOjUEOdU21xI75QZmbmvHnzsN0mqDZSNzWgxpnnhDdHNaSGGefEHudbBz4iQQdtUFBQb28vmoEfU11RAmsnArfjw7MEorDcEvMZvm9jwJZUNBnj7t2727dvV7lB50svvZSfn7927VrWFimQBw8e5OXlrVu3TlEmqfCoUaMmT56sKNZVS6motwiQm5t7/PjxH3/80Wq1YrH6Wc7MGY+C4YR/m8NaH8NuUVmhy7EA12qCYPf29ubm5sbGxmq12ilTpqCfAbNCkbMib1vZoc4x/amBuBWx2+0FBQUGgyE9PR2GUSFtZG1qQMaZZ4U3Z2mo8pk/VhbdSYFV5MaNG9h6OhlTnb92ikrAgDsRuB0fniVQjVuSPkMWZK2VsaL9U00GFcFYyzqdLisrC7gBegoAXyKAYp1OZ1JSEngsQT7egGI1Gg0a3YCzbIWeysnJARLQ3RlYYtVYyl8r41tEFgFkZWXpdLrS0lI0kdzWAVZNHY+CYccDcwwndDkW4Fp9EGxZlh0OR01NTVJSEnjwqCYUOakkK9Q5VhDTAR38rBTI/fv3jUYjjFBJtZG1qQEWZ54V3pzTSmrAyqI7KQDa29vRhpJlubW1FVrKj1yiRoLM2InA7fjwLIFq3FLNxMyaY9CWVDQZPIcAE6TNZkNdFz0FoF40W1pa/P39TSYT+XgDFjSbzQkJCeCdNKp1sCyqcHd3d3t7+8WLF9WIVWOpmjmGZRFZBNDQ0KDT6bA/Z5gzk1Vj41Ew7Hjg+xhO6HLsrtalINijR4+eOXNmSUnJiRMnYKKXotNjOlgQWCmA69evg2CCO3bsAClUG1mbGpBx5lVqOBjr0J0UAGCZaGBgAKb09vYGBQWpr0JRgqs7GiiulSkK5EfUdw+0JdU0mkajiYiIiIiImDRpEua68BSAGonghRdeKCgoWL9+fVdXF6vs7NmzS0pK4FaS/v7+DocDfSBqt9v9/f0xhceOHRsREeHn5wdO8cUqWsqpVKVFVIKCgrRa7ejRo9FE/kAgx6Ng+OFPQSrXyvS00OXUANeKQbCxPezMZjO8nVcMRU4qKTFCnaPZXI34DcnKytLr9Vu2bIFxJ6k2YqCbGmBx5lnhzd3WUH1Z7MWhkpIS1htH1PsYvgTWTgRux4dXuUUC1S3dvo8hW5JjMqsiN04lJycnJSVx3iu7ePEiuiNkWFgYfCNZluXS0lK46hUeHo7eRhcVFXEWxFCxfEv5lSpaBLORKVhBsgvQPKzxKBheXJhj0PjtWLBuauhyTmRsKyMINgiEd+jQIZvN1t3dDc7Cj+MUQ5HLtDmGGuoctcXVCN6QjIwMOB9wbORvaoDFmaeGN3dbQ2pZu92OfW0gIx9AdHV1ge1M4AcQrDkG8wGOBJm9E4H6+PBtbW3oig1VoBq3pF7fsb0JWltbgUC0UrIl+SYrTiSs72PIhx96vZ76fYzD4WhqapozZ86GDRtg/gMHDsTGxprNZvARjMFggFd/+H1MZ2fnsWPHDAZDTU2NGrF8S/mVKloEsynOMWQXwJ6SlcajYLhwLbY/GswfDdZNDV2uJjI2maeysjI5OTkoKMjf3z8uLu7QoUPwlGIocpmYY/TsUOfQFrcjeKuEs6mBTMSZp4Y3H4yGZFnWtY/1ITdrjpH/2wc4EmT2TgTq48M7HA6dTgenAZZARbdkmY/6dkVFRVxcHFYptRdc+vodPUWuKMDv/MlSBw8eZH3nHxYWtn79evhGBmD//v1RUVF+fn7Tp08/efIkpjA4lZCQgN6aKIpVDOLAqlTRIphNcY4huwD2lMBn8Xxsf4iaANdeDYLNGeRDpsNggOHNB6MhWVZls/ggmzZtcvvFB/WArVwOHz6MVeqzfvLvAesCrKcEvskImREv6Bng5s2b06dPf/jw4XAr4iY//PBDcXHxr7/+6lmxN2/eLCoq+vrrrz0rdggYGBiwWCyvvvqqtyu6cOHC66+/PsSVCtwA7SmBbyLmGN9i586d4eHhqampN27cWLFiRV5eHif6rHs8fvxYq9V66Q09gUAgQBmi/WMEKlEf3txtRo8eLSYYgUAwNDzL9zECgUAgGF7EfYxAIBAIvIWYYwQCgUDgLcQcIxAIBAJvIeYYgUAgEHgLMccIBAKBwFuIOUYgEAgE3kLMMQKBQCDwFmKOEQgEAoG3EHOMQCAQCLyFmGMEAoFA4C3EHCMQCAQCbyHmGIFAIBB4CzHHCAQCgcBbiDlGIBAIBN5CzDECgUAg8Bb/ARJfr97s7R6TAAAAAElFTkSuQmCC)
Screenshot:
Mirror: Click here to view the mirror
Coordinated Disclosure Timeline
Vulnerability Reported: |
8 June, 2020 15:44 GMT |
Vulnerability Verified: |
8 June, 2020 16:00 GMT |
Website Operator Notified: |
8 June, 2020 16:00 GMT |
a. Using the ISO 29147 guidelines |
|
— |
— |
b. Using publicly available security contacts |
|
c. Using Open Bug Bounty notification framework |
|
d. Using security contacts provided by the researcher |
|
Public Report Published |
|
[without any technical details]: |
8 June, 2020 16:00 GMT |
Vulnerability Fixed: |
18 July, 2020 20:04 GMT |
— |
— |