spcex.ru Cross Site Scripting vulnerability OBB-1190905

2020-06-10T10:10:00

Description

Following coordinated and responsible vulnerability disclosure guidelines of the **[ISO 29147](<https://www.iso.org/standard/45170.html>)** standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence. Affected Website:| **[spcex.ru](<http://spcex.ru>) ** ---|--- Open Bug Bounty Program:| **Create your bounty program now**. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| **[XSS (Cross Site Scripting)](<https://www.owasp.org/index.php/Cross-site_Scripting_\(XSS\)>)** / CWE-79 CVSSv3 Score:| 6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N] Disclosure Standard:| Coordinated Disclosure based on **[ISO 29147](<https://www.iso.org/standard/45170.html>)** guidelines Discovered and Reported by:| **xav0 ** Remediation Guide:| **[OWASP XSS Prevention Cheat Sheet](<https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.md>)** Export Vulnerability Data:| Bugzilla Vulnerability Data JIRA Vulnerability Data [ Configuration ] Mantis Vulnerability Data Splunk Vulnerability Data XML Vulnerability Data [ XSD ] Vulnerable URL: ![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAAAjCAIAAADNIk3yAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAG8klEQVR4nO3cX0hTfRgH8OOcNfQMXc5N18Sti7KI6mKYhFpJBI0RZUUR6w8EBsNkDIlaUKsgRStIJLowMG/ySmJXIwShZBe21mpOTcPaxLliW87WmmNz78V5OYzt7Ci+Td3r93O153jO83ue383D+W2YE4/HCQAAgAzgrHUBAADwv4UZAwAAmYIZAwAAmYIZAwAAmYIZAwAAmYIZAwAAmbIuZoxcLv/48WO6MFusSdlZulcAsEGs/Yyx2+2Li4t79+5lDLPFmpSdpXsFABvHEjPG6XTy+XzGPwUCgdbW1nTh8hmNxuPHj6cLs8UKymbZ22XekKV7BQAbx8rfY+bm5h48eJAuXL4NO2MqKiq8Xu8qLwoAsJrW+KxsdnZ2YmLi0KFDjGG2WHHZmzdvXv1FAQBWzbJmzJMnT+RyeXFx8YULFwKBAEEQgUBAJpMFg8GcnJwXL14kho8fP+bz+R0dHWKxWCAQXLp06c+fP+kyG43Go0eP5uXlpYbv3r2rra3l8/lbt249derU2NgYdXbEmDkWi928eVMsFhcUFJw5c8bn81HXFxYWrly5wufzKyoq7ty5E4vFvn79WlBQ8OHDB4IgfD6fQCAYHBxMLIlapbW1taSkpKys7Pnz50lnVk6nUyAQMHbBUuHv37+vXr1aUlJSXl5+9+7dWCyWlDa138QlHA5HcXHx27dv020dAMA6tPSMCQaDNpvNbDYPDw+73e4bN24QBFFYWDg+Pk6SZDgcVqvVieHJkyeDweDw8LDFYrFYLFartb29PV1yloMylUp1+fJll8s1NDRUU1PD4/GoYhgzt7e3DwwMDAwMTExMSCSS0dFR6vq9e/dCodCnT59MJtObN2+ePXsml8v1er1WqyUI4vbt20ql8vDhw6ktj4+Pj4yM9PT01NTULLlFiWWnq7C5udntdlutVpPJZDQanz59mpSEsV9KIBBoaGhoa2urra1Nt3UAAOtRnNW3b98Igpifn6dCs9m8bds2+k8kSSbeSYXUIy6Xi7re39+vUCiozy6XSyaT0Y8Eg0GSJP1+f2ro9/u5XG44HE4thjGzSCSyWq2p9QuFwmAwSH222WxVVVXxeDwSiVRWVhoMBqFQ6PF4GFumq2LstKioiLGLdBVGo1GSJKempqjrRqOxuro6MW26fqkblEqlRqNJ/FPS1gEArE/cJYcQSZL0kY5EIvH7/Us+wuPxysvLqc+VlZUul4t+3Gw207e9fv26qqqKPndKDAUCwenTp6urq+vr6yUSiUKhOHjwYLrMgUDA7/fv2bMnqYyfP396vV6ZTEaFi4uLXC6XIIi8vLyurq4jR450dnaKxWLGlpNOw1gkdcFY4Y8fPyKRiFwup69T04iWrl+CIG7dumUymbq7u1kWBQBYn5aeMX9Rbm5uWVkZHbL/ouzly5fv378fGRlxu906ne7AgQMtLS3syZOuhMNhDodjsVio0UIQBIfz79mgx+PhcDgej+c/dpRa9oox9hsKhfr7+/v6+pqamhoaGgoLC//uogAAmcX+msNyTLTMs7JXr17RJ1qJotGoUCikj4+SwiQ2m00qlbJkFolENpst9UGSJFPP0Obm5kpLS/v6+rZs2TI6Osrecjwen5+f53A49IHh0NAQvQlJZaercMmzsnT9crlcqkKVStXU1LScvQIAWD9W/ttloVAYDocnJycZQ51ONzMz43A4DAaDSqWin1pYWKA+mM3m0tJS+vgoKRwbGzt27Njg4KDP55uenu7q6tq3bx9LZq1W29jYaLfbZ2Zmrl27Rv/+Sq1WazQah8MxOzvb0dFx//59giD0en1dXd3Zs2d1Op1Go0kqLBWfz1coFDqd7vv375OTk9SvHhjLTldhbm7uuXPntFrt9PQ0df38+fOJj6Trl8fj7dy5kyCIhw8fdnd32+32dIsCAKxH7COI/etug8GQn5/f09OTGD569Igkyba2NpFIVFRUdPHixVAolJqtpaVFr9fTqZLCSCRiMBi2b9++adMmkUikVqs9Hg/1OGPmaDR6/fp1oVDI4/FOnDjh9Xqp6+FwWKvVSqXS/Px8pVI5NTVlsVhIkqReNcLhsEwm6+3tTSyM8fXiy5cv9fX1JEnu2rWrs7OT3oSkslkqDAaDjY2NQqFQKpUaDIZoNJq4EEu/dPLm5ua6urrURQEA1q2ceDz+d4eW0+ncvXv3r1+/2G/bsWNHb2/v/v37GcP/knk1JZW9OhUuZ68AANaDVf3OP9Hnz59ZwmyxJmVn6V4BwAa09v93GQAA/q8wYwAAIFP+/vcxAAAAFLzHAABApmDGAABApmDGAABApmDGAABApmDGAABApmDGAABApmDGAABApmDGAABApmDGAABApmDGAABApvwDqzSBpYweHZ8AAAAASUVORK5CYII=) --- HTTP POST data: ![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAAAjCAIAAADNIk3yAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAIHklEQVR4nO3cb0gTfxwH8LNOXXYjXXOaCmoPrAdiPjArsoiUkJAYlJKwamCEhdEYEvYHkj2YYT7pSfSgwCLoSUj4IAosYoSQ2jjXMBsac5hZzDHtsM1m93tw/MZxd7udbjfN3q9H7rvP3X0+9zn8bF+jNJZlCQAAABVsWusEAABgw8KMAQAAtWDGAACAWjBjAABALZgxAACgFswYAABQyz89Y0pLS0dHR9c6C4hvdHT04sWLMgG/f/9ubm7+/v27whOi9QCp8e/OmI8fP/7582fPnj1rnQjEZzabS0pKZALS09MzMjLa29uVnA2tB0iZdTRjpqamtFqtGsGS+vv7T5w4kcgZFKYxPz/f1dWl5CRTU1M5OTkJprRSSSkhkZPHveLc3JzL5bJYLNF3w+Fwc3Oz4MwWi2VgYEDJyRNvvcK6Vn3fADaMdTRjUiwpM6a4uNjv98vHBINBu92e4IXUsz5L4F+RYZisrKzMzEzuZTgcrq+vj0QigkN0Oh3DMEpOnnjrldw0Yt23HiAF/tYZQ5JkWVnZqg//9u2bx+M5cuRI4plEf/etWrSWBItatcRLSKXZ2dm6urqenp7VHZ6s1v9dNw1grcSfMcPDw4cOHdJqtYWFhSdPnvz06RNBEOFwuKWlRavVFhcX37p1a3l5ORp84MCBLVu25ObmNjY2fv36ldtV6Orqys3N3bFjx8OHDwmCWF5evnbtWl5e3tatWxsbG+fm5qKXu3v3bmlp6fbt28+cOTM/Px8rq8LCwg8fPkRfvnr1Sr4KQUB/f/+xY8fS09NjFSjOULIQ/jaXVqu9c+dOXl5eTk7OuXPnfv36RRDE/Px8SUkJwzBpaWmPHj2STDVaS2Fh4fv37xVWxI9RWEI0T34VSSmBkGq9OEbysRGnJL4iX3Fx8Y0bN+LeHPFd4iSl9fy9sgTvG8DGFn/GNDQ0mM1mn8/37t27mpoajUZDEITNZltcXHS5XC9fvnQ4HPfv3+eCnU7nhQsXZmdn3W53UVFRW1sbQRAMw4yPj7vd7t7e3pqaGoIguru7BwYGBgYGPB5PQUHB2NgYdzjDMDRNDw4ODg0NzczMdHR0cOu5IoIkzWZzbW0tf+pEDQ8P19bWms1m/iJ/t0SyQMkMxYXwMQwzNDQ0MjIyMjLidDq7u7sJgti2bdv4+DhFUaFQyGQyyaeqsCJxUcpLkK8ikRIkWy8Q67ERpCS+4ur8pa0H2FBYWYFAgCTJUCgkWNfr9QzDcD/TNF1dXS0+dmJiIj8/3+v1EgQRCAT4bxkMBqfTKYjnIhcWFriXg4ODO3fu5H6eFhEcyzCM3W7X6XRNTU0ej4db9Hg8TU1NOp3ObrdHs+WCKYriUopVoDhDyUK8Xi9FUdF3fT4ft97X11dVVSWIkUlVLFaYuCjlJUhWoUYJXOvFB0o+NvI3VnySWIv8FbVbL0gvua0H2EjizBiWZU+fPl1ZWWm1Wnt6et6+fcuybCAQIAhC/z+dTmcwGLhgp9NZV1dXUFDArWdnZ4t/FwSDQZIkI5GI4EKCSK/Xm52dvaJiAoGA0WgkSZJ7SZKk0WgMBoOCsL6+vqNHj8oUKJmh/G86r9er0Wii62NjY9F7InmgIFWFFcUqSmEJkskkqwRx6wUHxnps4o6QVcwYtVsvSE+N1gNsDPH3yp4+ffrgwYOKioqlpSWr1Xr58uVQKLRp06aRkRGapmmadrlcNE1zwUaj8fDhww6Hg6bpFy9eyJx28+bNyr9sxd0rIwhicnKyra3N4XDYbDZuxWazORyOS5cuTU5O8iMF/6xIXOAqMlwRcarKwySLWg8lxG29zGOTdH976wE2jhVNJJqmi4qKWJalKEq8D/Pjxw/+pzOapiW/x7AsazAYaJoWLMp8j4m7V9ba2kpRlNVq9fv9/HW/32+xWCiKam1t5VYikYher//y5Yt8geIM436PIXgbJs+fP4+1YRIrVYUVSRalsATJKpJSgmTrxQdKPjZqfI9hVW69zF5Z4q0H2EjizJixsbH6+vo3b974/X6fz3f+/PmGhgaWZVtbW/fv3+92u2dmZrq7u202GxdvMBju3bsXDAY9Ho/RaIw1Y+x2e3V1tcvlmp6e5j7WsYntlZlMJq/XG+tdr9drMpm4nx0OR3l5edwCxRkqmTGnTp2anp52u92VlZWdnZ1cDMMwJElG99/lU1VYEb8o5SWwCmbMqksQt55l2YWFBZIkx8fHud0nycdG8sbyr+jz+fibUYK0oyYmJsQPjEqtF8+YJLYeYCOJM2OWlpY6OzvLysoyMjIMBoPJZJqdnWVZNhQKWSyWoqKirKys48ePRz8bOhyOqqoqjUaTn59vtVpjzZhIJHL16lW9Xq/RaIxGI/exLvG/xyjR3t5+/fr1uAWKM4w7YyiKun37tsFgyM7OPnv27OLiYjSss7MzKyurt7c36eWsqAQ23oxJpARx67n1jo6O6IGSj43kjeVfMRQKaTQawR/JxUc9e/asoqJC5kYlsfXir1lr0nqA9S+NZdm12aRbI7t27Xr8+PG+ffuSe9qpqany8vKfP38m97SptJ5LuHLlitvtfv36dayAcDi8e/fumzdvtrS0xIpB6wFSj1zrBFLt8+fPa50CrFhPT4/8PxDIzMx88uTJwYMHZWLQeoDU+1v/Lxn4p6Snp+/du1c+Rn7AAMCawIwBAAC1/HN/jwEAgJTB9xgAAFALZgwAAKgFMwYAANSCGQMAAGrBjAEAALVgxgAAgFowYwAAQC2YMQAAoBbMGAAAUAtmDAAAqOU/xiA6+lC8GnwAAAAASUVORK5CYII=) --- **Screenshot:** ![spcex.ru vulnerability](/twimages/screen-1190905.jpg) **Mirror:** [Click here to view the mirror](<http://1190905.openbounty.org/mirror/>) ### Coordinated Disclosure Timeline Vulnerability Reported:| 10 June, 2020 10:10 GMT ---|--- Vulnerability Verified:| 10 June, 2020 10:21 GMT Website Operator Notified:| 10 June, 2020 10:21 GMT a. Using the ISO 29147 guidelines| ![](/images/done.png) ---|--- b. Using publicly available security contacts| ![](/images/done.png) c. Using Open Bug Bounty notification framework| ![](/images/done.png) d. Using security contacts provided by the researcher| ![](/images/done.png) Public Report Published [without any technical details]:| 10 June, 2020 10:21 GMT

{"id": "OBB:1190905", "type": "openbugbounty", "bulletinFamily": "bugbounty", "title": "spcex.ru Cross Site Scripting vulnerability OBB-1190905 ", "description": " \n\n\nFollowing coordinated and responsible vulnerability disclosure guidelines of the **[ISO 29147](<https://www.iso.org/standard/45170.html>)** standard, Open Bug Bounty has: \n\n&nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; \n&nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence.\n\nAffected Website:| **[spcex.ru](<http://spcex.ru>) ** \n---|--- \nOpen Bug Bounty Program:| **Create your bounty program now**. It's open and free. \nVulnerable Application:| Custom Code \nVulnerability Type:| **[XSS (Cross Site Scripting)](<https://www.owasp.org/index.php/Cross-site_Scripting_\\(XSS\\)>)** / CWE-79 \nCVSSv3 Score:| 6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N] \nDisclosure Standard:| Coordinated Disclosure based on **[ISO 29147](<https://www.iso.org/standard/45170.html>)** guidelines \nDiscovered and Reported by:| **xav0 ** \nRemediation Guide:| **[OWASP XSS Prevention Cheat Sheet](<https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.md>)** \nExport Vulnerability Data:| Bugzilla Vulnerability Data \nJIRA Vulnerability Data [ Configuration ] \nMantis Vulnerability Data \nSplunk Vulnerability Data \nXML Vulnerability Data [ XSD ] \n \nVulnerable URL:\n\n![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAAAjCAIAAADNIk3yAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAG8klEQVR4nO3cX0hTfRgH8OOcNfQMXc5N18Sti7KI6mKYhFpJBI0RZUUR6w8EBsNkDIlaUKsgRStIJLowMG/ySmJXIwShZBe21mpOTcPaxLliW87WmmNz78V5OYzt7Ci+Td3r93O153jO83ue383D+W2YE4/HCQAAgAzgrHUBAADwv4UZAwAAmYIZAwAAmYIZAwAAmYIZAwAAmYIZAwAAmbIuZoxcLv/48WO6MFusSdlZulcAsEGs/Yyx2+2Li4t79+5lDLPFmpSdpXsFABvHEjPG6XTy+XzGPwUCgdbW1nTh8hmNxuPHj6cLs8UKymbZ22XekKV7BQAbx8rfY+bm5h48eJAuXL4NO2MqKiq8Xu8qLwoAsJrW+KxsdnZ2YmLi0KFDjGG2WHHZmzdvXv1FAQBWzbJmzJMnT+RyeXFx8YULFwKBAEEQgUBAJpMFg8GcnJwXL14kho8fP+bz+R0dHWKxWCAQXLp06c+fP+kyG43Go0eP5uXlpYbv3r2rra3l8/lbt249derU2NgYdXbEmDkWi928eVMsFhcUFJw5c8bn81HXFxYWrly5wufzKyoq7ty5E4vFvn79WlBQ8OHDB4IgfD6fQCAYHBxMLIlapbW1taSkpKys7Pnz50lnVk6nUyAQMHbBUuHv37+vXr1aUlJSXl5+9+7dWCyWlDa138QlHA5HcXHx27dv020dAMA6tPSMCQaDNpvNbDYPDw+73e4bN24QBFFYWDg+Pk6SZDgcVqvVieHJkyeDweDw8LDFYrFYLFartb29PV1yloMylUp1+fJll8s1NDRUU1PD4/GoYhgzt7e3DwwMDAwMTExMSCSS0dFR6vq9e/dCodCnT59MJtObN2+ePXsml8v1er1WqyUI4vbt20ql8vDhw6ktj4+Pj4yM9PT01NTULLlFiWWnq7C5udntdlutVpPJZDQanz59mpSEsV9KIBBoaGhoa2urra1Nt3UAAOtRnNW3b98Igpifn6dCs9m8bds2+k8kSSbeSYXUIy6Xi7re39+vUCiozy6XSyaT0Y8Eg0GSJP1+f2ro9/u5XG44HE4thjGzSCSyWq2p9QuFwmAwSH222WxVVVXxeDwSiVRWVhoMBqFQ6PF4GFumq2LstKioiLGLdBVGo1GSJKempqjrRqOxuro6MW26fqkblEqlRqNJ/FPS1gEArE/cJYcQSZL0kY5EIvH7/Us+wuPxysvLqc+VlZUul4t+3Gw207e9fv26qqqKPndKDAUCwenTp6urq+vr6yUSiUKhOHjwYLrMgUDA7/fv2bMnqYyfP396vV6ZTEaFi4uLXC6XIIi8vLyurq4jR450dnaKxWLGlpNOw1gkdcFY4Y8fPyKRiFwup69T04iWrl+CIG7dumUymbq7u1kWBQBYn5aeMX9Rbm5uWVkZHbL/ouzly5fv378fGRlxu906ne7AgQMtLS3syZOuhMNhDodjsVio0UIQBIfz79mgx+PhcDgej+c/dpRa9oox9hsKhfr7+/v6+pqamhoaGgoLC//uogAAmcX+msNyTLTMs7JXr17RJ1qJotGoUCikj4+SwiQ2m00qlbJkFolENpst9UGSJFPP0Obm5kpLS/v6+rZs2TI6Osrecjwen5+f53A49IHh0NAQvQlJZaercMmzsnT9crlcqkKVStXU1LScvQIAWD9W/ttloVAYDocnJycZQ51ONzMz43A4DAaDSqWin1pYWKA+mM3m0tJS+vgoKRwbGzt27Njg4KDP55uenu7q6tq3bx9LZq1W29jYaLfbZ2Zmrl27Rv/+Sq1WazQah8MxOzvb0dFx//59giD0en1dXd3Zs2d1Op1Go0kqLBWfz1coFDqd7vv375OTk9SvHhjLTldhbm7uuXPntFrt9PQ0df38+fOJj6Trl8fj7dy5kyCIhw8fdnd32+32dIsCAKxH7COI/etug8GQn5/f09OTGD569Igkyba2NpFIVFRUdPHixVAolJqtpaVFr9fTqZLCSCRiMBi2b9++adMmkUikVqs9Hg/1OGPmaDR6/fp1oVDI4/FOnDjh9Xqp6+FwWKvVSqXS/Px8pVI5NTVlsVhIkqReNcLhsEwm6+3tTSyM8fXiy5cv9fX1JEnu2rWrs7OT3oSkslkqDAaDjY2NQqFQKpUaDIZoNJq4EEu/dPLm5ua6urrURQEA1q2ceDz+d4eW0+ncvXv3r1+/2G/bsWNHb2/v/v37GcP/knk1JZW9OhUuZ68AANaDVf3OP9Hnz59ZwmyxJmVn6V4BwAa09v93GQAA/q8wYwAAIFP+/vcxAAAAFLzHAABApmDGAABApmDGAABApmDGAABApmDGAABApmDGAABApmDGAABApmDGAABApmDGAABApmDGAABApvwDqzSBpYweHZ8AAAAASUVORK5CYII=) \n--- \n \nHTTP POST data:\n\n![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAAAjCAIAAADNIk3yAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAIHklEQVR4nO3cb0gTfxwH8LNOXXYjXXOaCmoPrAdiPjArsoiUkJAYlJKwamCEhdEYEvYHkj2YYT7pSfSgwCLoSUj4IAosYoSQ2jjXMBsac5hZzDHtsM1m93tw/MZxd7udbjfN3q9H7rvP3X0+9zn8bF+jNJZlCQAAABVsWusEAABgw8KMAQAAtWDGAACAWjBjAABALZgxAACgFswYAABQyz89Y0pLS0dHR9c6C4hvdHT04sWLMgG/f/9ubm7+/v27whOi9QCp8e/OmI8fP/7582fPnj1rnQjEZzabS0pKZALS09MzMjLa29uVnA2tB0iZdTRjpqamtFqtGsGS+vv7T5w4kcgZFKYxPz/f1dWl5CRTU1M5OTkJprRSSSkhkZPHveLc3JzL5bJYLNF3w+Fwc3Oz4MwWi2VgYEDJyRNvvcK6Vn3fADaMdTRjUiwpM6a4uNjv98vHBINBu92e4IXUsz5L4F+RYZisrKzMzEzuZTgcrq+vj0QigkN0Oh3DMEpOnnjrldw0Yt23HiAF/tYZQ5JkWVnZqg//9u2bx+M5cuRI4plEf/etWrSWBItatcRLSKXZ2dm6urqenp7VHZ6s1v9dNw1grcSfMcPDw4cOHdJqtYWFhSdPnvz06RNBEOFwuKWlRavVFhcX37p1a3l5ORp84MCBLVu25ObmNjY2fv36ldtV6Orqys3N3bFjx8OHDwmCWF5evnbtWl5e3tatWxsbG+fm5qKXu3v3bmlp6fbt28+cOTM/Px8rq8LCwg8fPkRfvnr1Sr4KQUB/f/+xY8fS09NjFSjOULIQ/jaXVqu9c+dOXl5eTk7OuXPnfv36RRDE/Px8SUkJwzBpaWmPHj2STDVaS2Fh4fv37xVWxI9RWEI0T34VSSmBkGq9OEbysRGnJL4iX3Fx8Y0bN+LeHPFd4iSl9fy9sgTvG8DGFn/GNDQ0mM1mn8/37t27mpoajUZDEITNZltcXHS5XC9fvnQ4HPfv3+eCnU7nhQsXZmdn3W53UVFRW1sbQRAMw4yPj7vd7t7e3pqaGoIguru7BwYGBgYGPB5PQUHB2NgYdzjDMDRNDw4ODg0NzczMdHR0cOu5IoIkzWZzbW0tf+pEDQ8P19bWms1m/iJ/t0SyQMkMxYXwMQwzNDQ0MjIyMjLidDq7u7sJgti2bdv4+DhFUaFQyGQyyaeqsCJxUcpLkK8ikRIkWy8Q67ERpCS+4ur8pa0H2FBYWYFAgCTJUCgkWNfr9QzDcD/TNF1dXS0+dmJiIj8/3+v1EgQRCAT4bxkMBqfTKYjnIhcWFriXg4ODO3fu5H6eFhEcyzCM3W7X6XRNTU0ej4db9Hg8TU1NOp3ObrdHs+WCKYriUopVoDhDyUK8Xi9FUdF3fT4ft97X11dVVSWIkUlVLFaYuCjlJUhWoUYJXOvFB0o+NvI3VnySWIv8FbVbL0gvua0H2EjizBiWZU+fPl1ZWWm1Wnt6et6+fcuybCAQIAhC/z+dTmcwGLhgp9NZV1dXUFDArWdnZ4t/FwSDQZIkI5GI4EKCSK/Xm52dvaJiAoGA0WgkSZJ7SZKk0WgMBoOCsL6+vqNHj8oUKJmh/G86r9er0Wii62NjY9F7InmgIFWFFcUqSmEJkskkqwRx6wUHxnps4o6QVcwYtVsvSE+N1gNsDPH3yp4+ffrgwYOKioqlpSWr1Xr58uVQKLRp06aRkRGapmmadrlcNE1zwUaj8fDhww6Hg6bpFy9eyJx28+bNyr9sxd0rIwhicnKyra3N4XDYbDZuxWazORyOS5cuTU5O8iMF/6xIXOAqMlwRcarKwySLWg8lxG29zGOTdH976wE2jhVNJJqmi4qKWJalKEq8D/Pjxw/+pzOapiW/x7AsazAYaJoWLMp8j4m7V9ba2kpRlNVq9fv9/HW/32+xWCiKam1t5VYikYher//y5Yt8geIM436PIXgbJs+fP4+1YRIrVYUVSRalsATJKpJSgmTrxQdKPjZqfI9hVW69zF5Z4q0H2EjizJixsbH6+vo3b974/X6fz3f+/PmGhgaWZVtbW/fv3+92u2dmZrq7u202GxdvMBju3bsXDAY9Ho/RaIw1Y+x2e3V1tcvlmp6e5j7WsYntlZlMJq/XG+tdr9drMpm4nx0OR3l5edwCxRkqmTGnTp2anp52u92VlZWdnZ1cDMMwJElG99/lU1VYEb8o5SWwCmbMqksQt55l2YWFBZIkx8fHud0nycdG8sbyr+jz+fibUYK0oyYmJsQPjEqtF8+YJLYeYCOJM2OWlpY6OzvLysoyMjIMBoPJZJqdnWVZNhQKWSyWoqKirKys48ePRz8bOhyOqqoqjUaTn59vtVpjzZhIJHL16lW9Xq/RaIxGI/exLvG/xyjR3t5+/fr1uAWKM4w7YyiKun37tsFgyM7OPnv27OLiYjSss7MzKyurt7c36eWsqAQ23oxJpARx67n1jo6O6IGSj43kjeVfMRQKaTQawR/JxUc9e/asoqJC5kYlsfXir1lr0nqA9S+NZdm12aRbI7t27Xr8+PG+ffuSe9qpqany8vKfP38m97SptJ5LuHLlitvtfv36dayAcDi8e/fumzdvtrS0xIpB6wFSj1zrBFLt8+fPa50CrFhPT4/8PxDIzMx88uTJwYMHZWLQeoDU+1v/Lxn4p6Snp+/du1c+Rn7AAMCawIwBAAC1/HN/jwEAgJTB9xgAAFALZgwAAKgFMwYAANSCGQMAAGrBjAEAALVgxgAAgFowYwAAQC2YMQAAoBbMGAAAUAtmDAAAqOU/xiA6+lC8GnwAAAAASUVORK5CYII=) \n--- \n \n**Screenshot:** ![spcex.ru vulnerability](/twimages/screen-1190905.jpg)\n\n**Mirror:** [Click here to view the mirror](<http://1190905.openbounty.org/mirror/>)\n\n### Coordinated Disclosure Timeline\n\nVulnerability Reported:| 10 June, 2020 10:10 GMT \n---|--- \nVulnerability Verified:| 10 June, 2020 10:21 GMT \nWebsite Operator Notified:| 10 June, 2020 10:21 GMT \na. Using the ISO 29147 guidelines| ![](/images/done.png) \n---|--- \nb. Using publicly available security contacts| ![](/images/done.png) \nc. Using Open Bug Bounty notification framework| ![](/images/done.png) \nd. Using security contacts provided by the researcher| ![](/images/done.png) \nPublic Report Published \n[without any technical details]:| 10 June, 2020 10:21 GMT\n", "published": "2020-06-10T10:10:00", "modified": "2020-09-08T10:10:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://www.openbugbounty.org/reports/1190905/", "reporter": "xav0", "references": [], "cvelist": [], "lastseen": "2020-09-12T08:06:19", "viewCount": 4, "enchantments": {"dependencies": {}, "score": {"value": -0.1, "vector": "NONE"}, "backreferences": {}, "exploitation": null, "vulnersScore": -0.1}, "openbugbounty": {"patchStatus": "unpatched", "mirror": "http://1190905.openbounty.org/mirror/"}, "immutableFields": [], "cvss2": {}, "cvss3": {}, "_state": {"dependencies": 1645777257, "score": 1659818015, "epss": 1678895942}, "_internal": {"score_hash": "a045faac548ab4130c3d456d957f4c1d"}}