Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:
      a. verified the vulnerability and confirmed its existence;
      b. notified the website operator about its existence.
Affected Website: |
entone.com |
Open Bug Bounty Program: |
Create your bounty program now. It’s open and free. |
Vulnerable Application: |
Custom Code |
Vulnerability Type: |
XSS (Cross Site Scripting) / CWE-79 |
CVSSv3 Score: |
6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N] |
Disclosure Standard: |
Coordinated Disclosure based on ISO 29147 guidelines |
Discovered and Reported by: |
xav0 |
Remediation Guide: |
OWASP XSS Prevention Cheat Sheet |
Export Vulnerability Data: |
Bugzilla Vulnerability Data |
JIRA Vulnerability Data [ Configuration ] |
|
Mantis Vulnerability Data |
|
Splunk Vulnerability Data |
|
XML Vulnerability Data [ XSD ] |
|
Vulnerable URL:
![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAAAjCAIAAADNIk3yAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAH4UlEQVR4nO3cf0gTbxwH8OerZroup3aNOX8wYyyRUDGxFaNE/MNkiIVIyErpDwmhMBGxCJECg1UwKsI/JKx/gsAwkRAZJTaGiMnyV2uFzTMn1FxqQy7R7fvH0TH246bmSuv9+uv57J7nPs89J/vs7jb/83g8BAAAIAwi/vQEAADgr4UaAwAA4YIaAwAA4YIaAwAA4YIaAwAA4YIaAwAA4bJ9a0x6evrbt2+DhQAAsP1t0xozNjbmdruzs7MDhgAAsCOEqDHT09N79+4NuGlxcfHmzZvBwl/U3d1dWloaLNyetnYFfqfOzs6zZ88SQp4/f15VVeW96fLly7GxsY8ePfpDUwOAnW3z1zELCwutra3Bwl+0E2vM1q7A7/Tx40elUkkIsVqtXIMzPz9/9+7dwcFBrVb752YHADvYdrxXNjc3Z7VaCwoKAoaw5fjSYrFYvGuMy+USiUTZ2dmRkZF/bnYAsJN5BNlsNoqi9Hq9XC5PTEzUarULCwsej2dhYYHfQ0dHh3d4584diqJ0Op1EIomPjz937tzy8jK3t6GhIbVaTVGUTCY7ffr05ORkwKRtbW0VFRX+YVlZmU6n4140m83R0dHcZDweT01NTUNDg3AHhUIhPNxnGizLnj9/nqKotLS05ubm1dVVbjVu374tl8vj4+MrKyv5PfgsiMfjcblcNTU1NE2npKS0tLQIDw+Yzmc+q6urTU1NEolEJBKVl5c7HI6AWfizxiUSiUQVFRUOh6OhoYGm6cTExOrqapfLxe822F+Fw+HwPiKBRK2trTRNS6XS9vb2DaUGgL9e6OsYl8tlNptNJtPQ0JDdbm9qaiKEiMVii8VCURTLslqt1js8deqUy+UaGhoaHh4eHh4eGRnR6XTcrjQaTXV1NcMwRqNRrVbHxMQEzBjsRplGozEYDNyLPT09bre7t7eXCw0GQ0lJiXCHsrIy4eE+07h+/fry8vLo6Ghvb+/AwEBbWxu3GqOjo9xqMAxz9epVrrPPghBCLl26ZLfbR0ZGent7u7u7Hzx4IDA8WDpvOp3OYDAYDAar1SqTySYnJ4Nl4c+a0Wg0m812uz0jI8PhcIyOjg4ODtpsNu+8LMumpaXZ7XbvBiFk37593kckkMhisYyPj3d0dKjV6g2lBoC/n3AJstlshJClpSUuNJlMBw4c4DdRFOXdkwu5IQzDcK8/e/YsLy/P4/E4nc6oqCiWZf2zMAwjl8u5tsvloijK6XT6h3a7XSQScXvIz8+vr6+vrKzkMsbFxa2srAh3YBhGeLjPrGia5j90m83m/Px8n9UwGo38avgsyOrqKkVRU1NTXNjd3a1SqYSH+6fzmY9EIhkZGfF+JWAW/hTwF0lGozEiIoK/mjSZTAqFgt8Jy7I0TXs3/I9IOBF/sjaaGgD+elEhixBFUfxXy2QymdPpDDkkJiYmNTWVa2dkZDAMQwhJSEgoLy9XqVSFhYUymSwvL+/EiRP8bk0mE9fu6+vLz89PSEjwD5OSkpRKpclkyszMtNvtzc3NSqVybW3NYDAUFRXt2rVLuENqaqrwcO9D+Pbtm8PhkMvlXOh2u6OionxWIyUlJdhqfPnyZWVlJT09nV8E7s032PBg6XiLi4tOpzMrK2s9WbhEYrGYTxQXFxcbG8uvNn8fbP/+/W63e2lpybvx9evXdR4Ol4g/WRtKDQD/gtA1Zgs9efLkzZs34+Pjdru9vr7+2LFj9+7dI4RERkYmJSVxfYS/UVZSUmIwGKampjQajVgszsnJGRgY8L7TJdwh5HAey7IRERHDw8P8e31ERMTKykqYViZgOv9uW/7s3Ww29/X1vXjxQq/Xv3z58unTp/736AAANi0s3ytjWXZmZoZrW63WtLQ0ftPhw4erqqquXLny8OHDrq4un4Fra2s9PT18UfEJyc9HMnzhKSsr6+rq6u/v54uEcIeQw3lJSUkikcjpdCb/xFfB9ZBIJNHR0Z8+feJCi8XCX6MEFDKdWCxOTEz0+U8HG83iLzk5eXl5WalUco2MjIzk5ORfPxwAAM7mawxN0yzLfvjwIWBYX18/Ozs7MTHR0tKi0WgIIe/evTt58uSrV6/m5+dnZmbu37+fk5PD7+3Hjx+EEJPJJJVK+XsyPiEh5OjRozabbXBwsLCwkBBSWlra0dEhlUr5d2ThDiGHc9PgaLXa2traiYmJubm5W7du3bhxY/0LEhkZeebMmbq6upmZGW4RKisrhYcHTOc9n7q6upqamrGxsdnZ2YsXL75+/XoTWfwxDMN9COAb/rYkEQD8gzZfY/bs2XPt2rWcnBzuR+B82NnZSVFUXl5ebm6uWq3OyspqbGwkhCgUCpVKdeHCBe5hDMuy7e3t3K6mp6dpmibr++llUVHR8ePHd+/eTQhJTk5WKpU+VyHCHQS28tPg6PV6lUpVXFysUCj6+/tD/g7RZ0H0er1UKs3NzS0uLi4tLa2trRUe7p/OZz6NjY0FBQWFhYUKheLz58+ZmZmbyOLPZrNxpYVvBJveLyYCgH/Qf54gv5DYtOnp6UOHDn3//n0TYw8ePPj48eMjR44EDAEAYGf5rc/8Q3r//r1ACAAAO8t2/F8yAADwd0CNAQCAcNn65zEAAAAcXMcAAEC4oMYAAEC4oMYAAEC4oMYAAEC4oMYAAEC4oMYAAEC4oMYAAEC4oMYAAEC4oMYAAEC4oMYAAEC4/A/awfTr5GhN+AAAAABJRU5ErkJggg==)
HTTP POST data:
![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAAAjCAIAAADNIk3yAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAIaUlEQVR4nO3cX0hT7x8H8PPVqWOcyOZpDH+jNEK6Mi8shCQivaiQWCFDRWJ0ISYqY0iEFzEMVtikmygvvPAi6CYkvAgvhGINEbNxnNNsZfgn/xRzzDjI0UbP9+LwO+y3nXN2nJ7Z/L1fV55nz3PO5/P0sM95zrb+IYRQAAAAGsg56AAAAODQQo0BAACtoMYAAIBWUGMAAEArqDEAAKAV1BgAANDK/0WNKS0tnZqaOugoQBNTU1N37txR6PD79+/GxsYfP36oPCFWC8A+Ovw1Znp6+s+fP2fPnj3oQEATdru9pKREoUNeXl5+fn5XV5eas2G1AOyvLKgxi4uLR44cSXv48PDw9evXMxDD5ubmw4cPVZ5ncXHx2LFje4xqV1ROo5osDpwY5MbGRiAQcDgc8a9ub283NjbGJ+twOEZHR9WcOWOrhcqSqQbYoyyoMXu0L+8aJ0+eDIfDyn2i0ajb7d7jhbSjJgXqr89CIAbJcZzBYCgoKBBf2t7evnLlSiwWi+9vNBo5jlNz5oytFipLphpgj7Kgxuh0urKysvTGrq2thUKhS5cu7T2M+DeytIm57CWptO1LCn+59fX12tpaj8eTxti/bbUAHAZE0cLCAk3THo+npKSksLCwqakpGo0KL01MTFRVVen1eoZh6uvrv3//ntDfYDDYbLZwONzV1cUwjNFotNvtHMcJw3mev337Nk3TJ06cuH//fiwWU45EMDIysqs+/f39NptNDLi6upqm6eLi4ps3b87OzhJCYrHYvXv3TCaTwWCor68Ph8NiFm63m2EYs9k8MDAgtIgv9fb2mkymwsLCW7dubW1tEUKi0ag4pYODgypDVZmU2EEyBcksFFJQn4VkYHJjk69ICOE4rqWlhWEYi8XicrmEf2WVi0RNkH19fWJSyUHKHcpNfsrVkuGpBjgEUu9jOI4LBAJjY2MTExNLS0vd3d1Cu9/vb2lpWV9fDwaDFoulvb1d7M+yrM/nY1l2dXX1zJkz4XA4EAiMj48vLCyIw3t6era2tgKBwMjIiNfr7e/vpyjqeJKEYOx2e01NzcePHyVD/fDhQ01Njd1uF1viH33U1dXZ7falpSWfz1ddXa3X6ymK6u3tHR0dHR0dDYVCxcXFs7OzYhZzc3PBYHBwcLC6ujphQiYmJiYnJycnJ/1+f29vL0VRR48enZubo2ma5/nm5uaUoapMKiEjyRTkslBIQWUWcoFJjpW8Ymdn5+rqqt/vHxkZGR4efvbsmdhTzSJJGeSNGzdSTq+cNFZL5qcaIOspl6CFhQWKon79+iUc+ny+U6dOJXf7+vWr2WwW+4t7HZ/Pl5OTI9y4EULGxsZOnz4t/M0wjLinYVn2/PnzhJDvSRIuxHGc2+02Go02my0UContoVDIZrMZjUa32y2eluM4mqYjkQghJBKJ6HQ6nucTTmgymfx+v2TWwkCxRdzHUBS1tLQktA8NDVVWVib0UQ41mWTP5IzkUpDMQiEF9VlIBiY3NvmKsViMpulv374Jh8PDw1VVVUT1IlETpNwGRXkfk/ZqyfBUAxwCqp6VxR8WFhYKf/v9/tra2uLiYuERh9Cu0D/+MBKJUBTF/JfRaDSZTOqDjkQiVqtVp9OJLTqdzmq1im9bgqGhocuXL4uHDQ0NFRUVTqfT4/G8e/eOEBKNRnU6XfJjuuR3rvg3Nb1eL7bPzs6KkUu+3yWHqjIpyYySU5DLQiGF3WaREJjc2OSBq6ur+fn54mEoFBJvRNQsEjVBpldj0lstJONTDXAIpP+Zv9VqvXjxotfrZVn2zZs3uxrL83xOTs7k5CTLsizLBgIBlmUpFc/KKIqan59vb2/3er09PT1iY09Pj9frbWtrm5+fFxsTviP08uXLgYGB8vLynZ0dp9PZ0dEhtOfm5u4qePUkQ1XZUzIjuRQozbJQn0IW2ctqoTDVALuiXILkbjl//vwZf7fFsuyu9jGEEJqmkx9SpXxW1traStO00+kUPpyPFw6HHQ4HTdOtra2EkFgsxjCM+KAmAcuyFouFEGIymViWVc6a/O+NMxX36OP169dyz8oUQlWZVEJGcilIZpHy5lpNFpKByY1NvqLCszKV+5iUQaa3jyHprhaS2akGOATS3MccP37caDQ+f/58c3Pzy5cvLpdrt2dobm5ua2ubmZlZW1t7/PjxgwcPKIr6T5KEURzHBYPBvr6+oqKihJeKioqePHkSDAaFX0KMjY2ZzebS0lLh1U+fPl29evXt27cbGxvLy8tPnz6tqKigKMrhcLS0tExPT6+srHR0dLx//15N8E6nc2VlZWZmxuVy1dXVCY0Mw/A8/+XLl5ShqkwqISO5FLTLQiEFybEJcnNzGxoaHA7H8vKy0LOpqUlNYOqDzMnJSfgpjKRYLKbT6eJb0lst1EFMNUB2Uy5BCrecXq+3srJSr9ebzWan07nbfQzP8w6Hw2KxGAyGa9euyd1Cpq2rq6u7u1s83NnZcblcZWVl+fn5JpOpubl5fX2dEBKLxe7evcswjF6vt1qt8d9dlpwH4Y9Hjx4lfBVV4HK5DAaD8N3lfSeXgmQWKW+u085CbqzklkLhu8vxJ5Tbx6QMcmBgQK/XJ39InnCJV69elZeXK8ytytVCMjvVAIdAihqTvcrKysbHx/f9tAq/tMgie8kiYzOg8kKdnZ3xn9Un43m+pKRE+L2OHI1WCzksCwYgbbrUO53s9Pnz54MOATLB4/EIXxiRU1BQ8OLFiwsXLij0wWoB0EgW/F8yAAry8vLOnTun3Ee5wACAdlBjAABAK/8QQg46BgAAOJywjwEAAK2gxgAAgFZQYwAAQCuoMQAAoBXUGAAA0ApqDAAAaAU1BgAAtIIaAwAAWkGNAQAAraDGAACAVv4FC67MFH+4+6IAAAAASUVORK5CYII=)
Screenshot: ![entone.com vulnerability](/twimages/screen-1190921.jpg)
Mirror: Click here to view the mirror
Coordinated Disclosure Timeline
Vulnerability Reported: |
10 June, 2020 10:11 GMT |
Vulnerability Verified: |
10 June, 2020 10:23 GMT |
Website Operator Notified: |
10 June, 2020 10:23 GMT |
a. Using the ISO 29147 guidelines |
![](/images/done.png) |
— |
— |
b. Using publicly available security contacts |
![](/images/done.png) |
c. Using Open Bug Bounty notification framework |
![](/images/done.png) |
d. Using security contacts provided by the researcher |
![](/images/done.png) |
Public Report Published |
|
[without any technical details]: |
10 June, 2020 10:23 GMT |
Vulnerability Fixed: |
1 July, 2020 14:40 GMT |
— |
— |