Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:
      a. verified the vulnerability and confirmed its existence;
      b. notified the website operator about its existence.
Affected Website: |
gleason.com |
Open Bug Bounty Program: |
Create your bounty program now. It’s open and free. |
Vulnerable Application: |
Custom Code |
Vulnerability Type: |
XSS (Cross Site Scripting) / CWE-79 |
CVSSv3 Score: |
6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N] |
Disclosure Standard: |
Coordinated Disclosure based on ISO 29147 guidelines |
Discovered and Reported by: |
badmaxx |
Remediation Guide: |
OWASP XSS Prevention Cheat Sheet |
Export Vulnerability Data: |
Bugzilla Vulnerability Data |
JIRA Vulnerability Data [ Configuration ] |
|
Mantis Vulnerability Data |
|
Splunk Vulnerability Data |
|
XML Vulnerability Data [ XSD ] |
|
Vulnerable URL:
![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAABLCAIAAAAphcDFAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAalUlEQVR4nO2df1BU1/XAX9ZlWZflh+uy4VcjYEIyxlJKDMVUHadxUocyzKY1xhKKJHUMcahSxlh0UkuxJWrQGnQYJmMy1mEIzWQY6jjUppTJbCk1qMxKd+hmi3Yhm8UCIpINXXHhff+439zevnfffW9/PEA9n7/23nffefec++Psu++9cx/ieZ4DAAAAABXQLHQFAAAAgPsW8DEAAACAWoCPAQAAANQCfAwAAACgFuBjAAAAALUAHwMAAACoxeL1MRkZGVevXpVKAvNAODZ/oNprdnb2yJEj//znPxe6IhHjgWo+JVy9evW1114TZIKVlLBIfczf//73ubm5b3zjG9QkMA+EY/MHrb2WLFkyNze3d+/eha5IZHjQmk8JZWVl6enpZA5YSSEyPmZoaCg2NpZ66Pbt22+++aZUMkzOnTtXVFQklVxAGAa5z6DafGhoaNmyZaGdqzaMprl169bLL7+cmJiYmpr6s5/97O7du6FJxuqLr7Vv3z6Px/PJJ5+EVslw+tUXX3yxZ8+eFStWLF269PHHHz9y5Mjs7Cyj/MmTJzMyMmJiYr71rW/9+c9/Fhcgm+/kyZMrV66Mjo7+5je/+Yc//EFJfSI1RoaGhh76iqioqK9//eu/+93vQpMTQn3ICe3mzZv9/f2VlZVkAUEnlzIUqcWSJUsyMjIOHTqEGog8hHn77bdD0HFRwzNxu91Go1HJIUbJEMjLy/voo4+kkgtIZNVczFBt7na7ExISQjtXbRhNU1RUVFxc7PF4nE7nunXrqqurQ5OM1Q+5G0idGE6/2rJli9VqdTqdo6OjnZ2dGzdu7O3tlSrc0NCQmZnZ1dU1Pj7+4Ycfms3m7u5uQRncfA0NDenp6Z2dnaOjoy0tLSaTyWazydYnUmMEyfH7/X6/f3R0tLW11Ww2nz9/PjQ54ZxFlUB2coahSC2mp6ftdnteXl5tba3gECYQCARb1UXOYvQxXq83ISFhZmaGmlxYHhAfI2VzJT5modpLqmmmp6fT0tJ8Ph9K9vb2Pvroo0FJ9ng8ubm56EdeXh6ZE6lKhtyvpqentVrt5OSkwvIpKSldXV042dTUVFhYSBYgm09Q+MSJE4LCVCLrY8icpqamgoKC8OUEe5ZYgqCTMwwlPre7u3vVqlUhV+yeQ9HzmLfffjsjI2P58uU/+tGPbt++zXHc7du309PTfT7fQw899Nvf/pZMHj9+PDY29q233nr44YeXLVu2ffv2//znP0jOpUuX1q9fHxsbm5qa+oMf/OAf//gH9XLnzp177rnnoqKiBMnnn3/+rbfeQplXr16Njo5GleE47tVXX3399dfZBR577DH26YJqjIyMfO9734uNjc3IyDh27Bh1jejOnTs//vGPY2NjV6xY8Ytf/AKvUVy6dGnt2rVLly5NTEx84YUXPv/8c4b6X3755auvvpqYmPi1r33tl7/85ezsLLq7P3bsWEZGxrJly1566SVcVZLZ2dn9+/c//PDDMTExL7zwws2bN5UIjImJefHFF2/evPn6668nJiYuX7785Zdf/vLLL6Wa4PPPP//ud78bGxv7+OOPt7S0yOouaD6q1srthmr+5ptvJiYmJicnv/vuuwzFOVpfXbp06WeffRYTE4MKDA4OpqSkYL1iYmJWrlz5m9/8hrEGmJqaeuXKFfQDrYbhHAZ//OMfpQ4dOXJEPDpIqP2HKn9ubo7jOK1WKy7w4osv/vrXv8bJtWvXNjU1eb3edevW4cxXXnnl1KlT5Fm4+W7fvi0ovGHDhoGBAe6r1SfZ/ilA3C2VK4vIy8tzOByMSygRJe574j4mmN/EQshOzjAUFb1eHwgEGFrcZ8j7GJ/PZ7fbe3p6ent7vV5vdXU1x3Hx8fFOpxPd6JWUlJDJ559/3ufz9fb2Xr58+fLly319fUePHkWiCgsLy8rKhoeHu7u7161bp9frqVeUehhTWFjY2dmJMs+fPz83N3fhwgWU7OzsLCgoYBewWq3s0wXVqKio0Ol0g4ODnZ2dZ8+epVa1trZ2enq6v7//woULNputqakJ5ff19e3cufPGjRsOhyMtLa2iooKh/u7du71eb19f34ULF86dO9fY2IjM3t/fj8w+PDx84MAB8dWPHj3a2dnZ2dnpcrlSUlJwt5YSaLfbu7u77Xa71+t94oknxsfH+/v7L1686Ha7BfLJJqioqIiLixsYGOjo6CB9jJTuguajah2U3Xw+n9PpdDgcZ86cQSNZSnFqXyX59NNP9+7dW19fj/VyOp0fffTRmTNncJlEEdSml6WsrOzZZ58VuyKfz3f5K8jRQUK1A+bSpUvPPvtsWVkZx3ExMTEFBQXbtm3761//KvijsHXr1vb2dvR7ZGTEbrdv3LhRr9dj989xXFRU1IoVK8izcPP5fD5B4bi4uKmpKayFbP8UQO2WssqSmEwmXAFqMykRRe17gj4mmN/EQshOzjaUgLGxsTfeeMNqtcqa6/6BfZvjdrs5jpuamkLJnp6ezMxMfIi6VoZOGR4eRvltbW1r1qzheX5iYkKr1fr9fvFVhoeH09PT0W+fz2c0GicmJsRJr9drMBiQhLy8vKqqquLiYnTFuLi4mZkZdoHh4WH26WSVAoGAXq+/fv061oK6EG82m/EiDFppFWs3ODiYlJQkpX4gEDAajfhC586dy8/PF5i9u7sbm53EYrH09fUpF4hXVLq7uzUazfT0NEr29PSQy0ekzZEdyNbEa2VU3QXNJ6W1cruhmmOBDMUZfRXh8XgyMzNbW1vZenlEiOumBJ/PV1dXZzKZtm7d6nK5yEqKRwdj2QTZAf12uVxbt241mUx1dXXYgFNTU9XV1VlZWVqt9tFHH62pqUFr+tPT06jb8zzf2NhYVFREXmXv3r1ms9lsNpNWIptPXKXr16/jUcDon1RdqN2SraxYDrlUK9tMWJTsmKX2McZamaCTMwyFbYVMbTKZ9Hp9eXk5GhHkIURFRYXYJvc6wT2PIduY4WP0ej3OHxgYsFgs6Pe2bdtycnKqqqrq6+s//vhjXCYQCHi9XvS7ra3tO9/5Dj4kSObk5HR1dd24cSMtLW1yctJisQQCgdOnT3//+99XUkD2dIzX69XpdKQWYh8zMTFBdhGTyYQ17evr27RpU0pKCspH51LVF1zI5XKhiVXK7JjJyUmtVit+QhiCQEGStLnX6xW0JioppbugvahaB2U38QCWUlzWaPn5+Q0NDWy9Is7ExITVatVqtbhW1NEhqDy1//A8r9VqrVar1NMXv9/f09OTn5//xhtvoJxt27YhlTdt2tTc3OzxePDVJycnPR7PxYsXpZqeLIwYHBw0m83i2oq7k9jHULslW1m2j6FCFSU7ZqkVZvgYQSdnGAqdazAYkBf0er1kvyUPIQR+7v6AsoyrHu+///6VK1ccDofX662qqnrmmWdOnjzJcdySJUuSk5NRGfZbywUFBZ2dndevXy8sLIyPj8/JybHZbORKF7uA7OlB4ff7NRrN5cuX8Wq4RvP/a49Wq3XHjh1NTU16vd7j8WzevJmhfjgsWbIkTAlilLx5LKW7+Fyx1gcOHAjKblSCVXxkZKS/v/9vf/ubbEnx4tjY2FhQ18Jcu3bt4MGDNputtrY2qBOl7FBbW1tfX79r167a2tqVK1cKzoqOjl67dm1DQ0NJScmhQ4c4jtu6deupU6dKSkp6e3vb2trm5ub8fv/du3ejoqLi4+Pj4+NHR0cNBgOWQDYfWilChVHO1NRUXFxcaKYIQVkxExMTuALUZpIVRe23MzMzQVVY0MllDaXRaFJTU6miGIfuH9guKLT7GI5YDWhvb0erAQLsdntaWpogMxAImM1mfEMtSPI839PTk5eXV1RU1NHRwfN8Y2Pj7t27k5KS8G0Qu4Ds6WRN9Hq92+1GSam1MqPRKF60GR0dxf9bkabiP19YfamlLdn7GJ7nLRaL3W4X1zxYgWRS3ATkmlJ7ezsuKdZd3F5SWiu3G/U/JlVxto6BQICsGEOvSK2VlZeXG43Gqqqq8fFxslbU0UFWnt1/xsfHKysrjUZjeXk5ysErPwibzYZXrvx+v8lkOnHiBL5TT0lJIZcQ6uvrN2/ejG0iaD7B61INDQ3odakQ7mOk1soYyrLfKxM3k5Qo2TEb1H0MtZNLGUpKuOyh+4nQfYzP59NqtXihGSfRKNqyZYvH43E4HDk5OTU1NTzPDwwMbN68Gb2YPzw8vGPHDvI9SLRAabPZVq9ejTMFSYTFYrFYLKi8x+OJi4vLyclRXoB9lHxygD47cLvdDocjOzsbKT41NaXVap1OJ7rnLS8vz8/PR3/Sjx49il57R1dpbGycnJx0uVxWqzUhIYGh/o4dO4qKioaHhx0OR25ubkNDA3sM40rW1dXl5eX19/d7PJ6Kigr8Sn6wAsmk2OZWq5VsTVxSrLv4XCmtlduNOg6piss6ZsFjISm9IkVJSQn+j0LWijo6BP1KbAexnJKSEp7nnU6nxWJ55513vF7v5OQkaoK6ujpcsri4OC4u7oMPPkBJ/H3M6Ohoc3OzyWTq6elBh8TNhz/7GB8fb21txZ99KPEx4s8+xN0SlZdSlpSDKiD7fQxVlOyYpfYxcn4bHh7Gq2HUSUnKUGJbkcD3MTwv15lqamoMBsOZM2fI5LFjx4xG4+HDhy0WS0JCQmlpKXq2PDMzU1NTk5WVpdPpLBZLSUnJjRs3BFfZu3fvgQMHsHxBElFcXLxlyxacXLNmjaAMuwDjqEDZGzduFBYWGo3G9PT0w4cPY8Wrq6ux1n6/v7KyMi0tzWAwFBQU4H83NpttzZo1er0+KSmpqqoKvUovpb7P59u5c6fZbE5LS0MPbBXePgYCgX379pnNZr1eb7Va8f/loAQKkmKbezye5557zmg0ZmVl1dfX45Ji3cXnSmmt3G5Sf4rFigf1zAnrZTAYMjMzSb1UBVXy6NGjgtHB/2+/EtuBIbOjo2Pjxo1xcXEGgyE7O/udd94hj7a3txuNRnwV/qsJUafT5ebmkv++qcMN+SSdTpeTk4Pu/nkFphavlzQ1NYm7JSovpSwpR6vVrlq1Cr2vwUBKFHvMSrkBPL/5/X69Xo/8DdVKUoYS24qEaqgTJ06wdbznkPExIRDODWBWVtbFixelkgsI+re40LWYD8Kx+eJpr2CRfZj8IHDvNt88sHv3bvScH6wULPP6zF+WTz/9lJFcQOx2e2Zm5kLXYj4Ix+aLp72AEIDmY1BfX2+32zmwUvAs0rjLi4FDhw69++67Y2Njn3zyyYEDB8rLyxmFMzIyrly58sMf/vDf//53ZKsB8cPDBAwYJhDWnuO4qKiop59+eqFr8V+Q/e/evavGnBNZwMdIsnHjxsbGxrS0tJKSkt27d2/fvl2qJIry/dRTT+l0usgGeIf44WECBgwfCGu/2MD2j4qKivicE3lkV9PcbrdGoxHEW3UTAWhJaWlpadXV1fibedmvqNDjR4PBkJeX19nZKSjJkCz1hE32omx1eJ6nWsloNA4MDODyzc3NWVlZ+KHlr371K/SBbl9fH/6yTMqYggi+bLBkqbYjlVVSRlwf8SlBPXWUEr5I3svEBqQi27eVq4BenGWEJZ7PRz6VlZV6vR69fROmqPHxcY1GI3glj7QqeyTiTqXRaNLT02tra9GoYXQ82RGq0pzDFiurqdRFVZ1weAVzjgBZNSOOIh/DcVxmZib5Gr5gHOLI1Q6H45lnnsGfGbPbmx1mnCGZHXJc1scw1OF5Hl3R6XQmJCTgFworKytLS0tx+ezsbPw2HU9E+ZadlYL1MVgytVaCKyopQ61POG9PLnIfw95lQEnfVnihhoaGhIQE/M0K9Vrz42OQV7Db7YFAgBq6KSioRlAY/F8whBWGtZcdoSrNOWyxIc85qk44Ug3EgK2mGijyMQaDITc3lxw/jHHY09PzxBNP4GKM9maHGWdIZoccl/UxDHWkcrxer9FoRJ87dHR0ZGZm4omYjPIt297iKPEMxEHyqfWUjbch62PY1WCzmH2M7C4DwfZtBvn5+c3NzUlJSVKXmzcfE1nLi6UpD/4vPldJWHvZEarSnMMWG/Kco+qEQ700G7aaaqDoeYxGozl79uyZM2f+9Kc/yRbW6XRKYjOIA2KLw4xTJQcbSVtMUOogkpOTy8rKUIjcw4cPV1dX41gmglD2GGpod3GUeMZZUpLnB2r9peLVRzBYPSexHYA4Uj0Kus7YgoE0oFRgeeWdQUoCx3HXrl3zeDwvvfRSbm5uR0cHzpfaFoFKaDs1CELr37x5U7DLBsoXh68PdrsHsVVDGIkKw9oHO0JVmnOw2DDnnPmZcDjmdhIMFFovZJQ+83/yySdrampeeeUV9kYRt27dOnjw4I4dO2QFigNii8OMUyUHFUlbCoXqkFRXV7e0tPz+9793u90orDpCKrqXVGh3KciA7WzJ8wO1/tTMyAar5yS2AxBHqkcB0hlbMJAGlAoszynuDAwJzc3NxcXFHMeVlJSQvkRqWwRqXPpgd2qghtZfvnw5ucuGoJkEWyQEtd2D2KrBjsSgwtorH6EqzTmk2PDnnHmYcLjg5xwuGOuFjuydDr63CgQC+fn5aJVQsNqIg5hqNBoc/oiXu4XEh6hhxqUki2WSkbTZF5VVh3oKpry8XK/XNzY24hxGlG9qaHcq1IDtAslStQp/rYyTiC5Orb840x3pYPVS2wGII9Xz0lsw8KIdCqjBsmT7NhlSgSoBkZWV5XA4UCUtFgsKeh/s9gHB7tQgG1qfrL9bFL7erWy7B0E7Kgz+T14i2LD2siNUpTmHITacOUfVCYdXMOeQO6fIWk8NgvAxPM+7XC6DwdDe3i5YbcRDxWaz5ebm4heTGKaXDTMuJZkdSZt9UVl1qKdg+vv79Xo9Of0JonyLLy0I7U6FGrBdHCSfWqvwfQw7uji1/mSmW4Vg9VJ7QAgi1fPSWzDwoh0KqIHlZfs2PsoITd/b20vuu1xaWooezwa1fUBkd2qg+hhxP1ESekdQTGHwfywkhLD2siNUpTmHITacOUfVCYd6acGYJXdOkbWeGgT3fcxjjz1WV1e3c+fO8fFxnInCUyPWr1/f0NCAlxHQnmDkyrXP50OxxI1fBcTmOC4+Pj41NVWn05FhxqUkkyciBJG0GRdVog6DuLg4rVYbHR2Nc9jLWdeuXUMRG9mh3VE0yV27dl27dk2h5AhCGjk1NZV8nkGtv0KlBFit1g0bNthsNrvdTj6xoOr+/vvvnz59Ojs7e2Zmpqqq6ic/+QnKR8tlt27d6u3tlTVOsAYMtjNgmpubBwYG8KpXW1tbc3Mz+xSprTbV2KkhslCD/+Oj4uD/uHclJycLtGN0PIxUo6g050iJjdSco/aEw9GGJ7lzCltNlQj6G8w9e/asWrWKsR8q+juGficmJppMposXL+KjNpstOzub47j4+PiUlJSenh58qKurCx1iS0Yndnd343z0sgpOMi4agjoMZmdnz58/L9Xkr732Wk5OTlJSksvl2r9/P0PO/v37XS6XxWLJyclBH1SzJc8P1PpTM/1+/2effYZ+u1yuRx55RCBqbGzM6/X+/Oc/X7lyZWpqKrnHtlh3xFNPPbV9+/b9+/e/9957+DFMQUGB3W4/e/bspk2b0NNsi8Wi0WiGhoZQAafTiX4IDGixWHQ63b/+9S9cTPBRIYLRGaQkzM7OfvDBB8h3IgYGBi5fvjwyMmKxWDiOIy2DpdlFxMfHm0wm8ZfzCms+PwisKjsSI4KSEarSnIPFRnDOUW/C4YKZc0hI66mC7J0OdS3SaDSKv4/x+/0DAwMbNmzYtWsXLnzq1KmsrCybzYZeSDeZTPiFdEaYcbZkRiRt2Yuy1SGvTg2oTp4rjvI9ODiIz6KGdmfj/ipgOzV+OLVWytfKpL5FkDpErb840x3pYPXsPSAEkep5iS0YxAakBpZndwaBClQJFy5cQC/jkmzZsuX48eN8kNsHRHCnhgiulbHD2rNHInuRlt0nycKCEarSnMMWG/Kco+qEwyuYc3w+H/ltjaz1Ik4oPobn+aamJup3/haLZefOnfhpJOL48eMolvjq1avb2trIQ1JhxmUlM765ZV+UrQ5ZTLbJxVG+P/zww+zsbHFlgkUqfnjIPkb836KpqUnqUAjf+UcwWD1jEwSeFqmeugWD2IDUwPKynYFUgSqhtLR03759Agnvvfce/gqKui0ClQju1BBBH+OXC2sf1Nfv5CGpjifbKCrNObJiQ5tzVJ1weAVzjrihZa0XWSIf2//BQRDl2+/3p6ennz59OuKSAYXgLRjAgBEEwtovEsT2VzLnMDz9/LC4YvvfWwiifEdHRzc3N3/729+OuGRAIXgLBjBgBIGw9osEsf0Vzjnk5zXzz0O8RFA2ALgnOHToUEpKSlFR0fXr14uLiw8ePMiIkA0ADxp37tzRarUL+Moi+Bjg3uYvf/lLZWWlw+F45JFHKioq9uzZs9A1AgDgv8j7mKGhodWrV3/xxRfUo2NjYyha3Pr161WoHgAAAHAPE+4eZa2trUajUTbeHwAAAPAAEq6PaWlpOXXqVHt7O/kRLAAAAABwYfoYqZDmAAAAAMCF6WOkQpoDAAAAABemj2lpaSktLeU4zmq1fvzxx1LvBQAAAAAPJqH7mEuXLhmNxieffJLjuKVLl27evLmtrQ0dEgeUlcoEAAAA7mNC/84fhzRHSb/f7/V60edv6KtgAdRMAAAA4D4mRB+DQ5qnpKSgnLm5uezs7JGRkeTk5NTUVPEp1EwAAADgPkapj7lz5w6Z7OrqMplMTz/9NJm5adOm1tbWn/70pxGrHQAAAHAvo+h5jM/n0/8vtbW1hYWFgmIFBQWyOwACAAAADw4QrwwAAABQi3C/8wcAAAAAKcDHAAAAAGoBPgYAAABQC/AxAAAAgFqAjwEAAADUAnwMAAAAoBbgYwAAAAC1AB8DAAAAqAX4GAAAAEAtwMcAAAAAagE+BgAAAFAL8DEAAACAWoCPAQAAANQCfAwAAACgFuBjAAAAALUAHwMAAACoBfgYAAAAQC3AxwAAAABqAT4GAAAAUAvwMQAAAIBagI8BAAAA1AJ8DAAAAKAW4GMAAAAAtQAfAwAAAKjF/wGTGy7mg2OSFgAAAABJRU5ErkJggg==)
Screenshot: ![gleason.com vulnerability](/twimages/screen-1191567.jpg)
Mirror: Click here to view the mirror
Coordinated Disclosure Timeline
Vulnerability Reported: |
10 June, 2020 14:19 GMT |
Vulnerability Verified: |
10 June, 2020 14:33 GMT |
Website Operator Notified: |
10 June, 2020 14:33 GMT |
a. Using the ISO 29147 guidelines |
![](/images/done.png) |
— |
— |
b. Using publicly available security contacts |
![](/images/done.png) |
c. Using Open Bug Bounty notification framework |
![](/images/done.png) |
d. Using security contacts provided by the researcher |
![](/images/done.png) |
Public Report Published |
|
[without any technical details]: |
10 June, 2020 14:33 GMT |
Additional notification email sent: |
5 August, 2020 05:47 GMT |