Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:
      a. verified the vulnerability and confirmed its existence;
      b. notified the website operator about its existence.
Affected Website: |
seanwilson.org |
Open Bug Bounty Program: |
Create your bounty program now. It’s open and free. |
Vulnerable Application: |
Custom Code |
Vulnerability Type: |
XSS (Cross Site Scripting) / CWE-79 |
CVSSv3 Score: |
6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N] |
Disclosure Standard: |
Coordinated Disclosure based on ISO 29147 guidelines |
Discovered and Reported by: |
Tanzil |
Remediation Guide: |
OWASP XSS Prevention Cheat Sheet |
Export Vulnerability Data: |
Bugzilla Vulnerability Data |
JIRA Vulnerability Data [ Configuration ] |
|
Mantis Vulnerability Data |
|
Splunk Vulnerability Data |
|
XML Vulnerability Data [ XSD ] |
|
Vulnerable URL:
![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAAA3CAIAAABVZQ1/AAAACXBIWXMAAA7EAAAOxAGVKw4bAAAXpklEQVR4nO2df0wcx/XAN+cznPFy/CicbbiEH3EulkspohThhDoWiRyLInIlhLSEYkpcmyBCEHIT4liU4hQ7DkYOcRCycEQty3Yji1DLQi5FVnSl1MExPVNEqXW+ni+XM8ZXDORCznCw3z/mm9F2Zmd2OTg4rPn8dbv75s2bNzP7bmd33z4iCALHYDAYDIYfUK20AQwGg8F4aGExhsFgMBj+gsUYBoPBYPgLFmMYDAaD4S9YjGEwGAyGv2AxhsFgMBj+IiBiTEJCwo0bN0ibDCUEjtMCx5JVykIduBiHL0NnKakiEMZMINjwULLyMeaf//zn/Pz8D3/4Q8lNhhICx2mBY8kqZaEOXIzDl6GzlFQRCGMmEGx4WJGJMbdv3w4NDZU8NDk5efjwYdKmci5evJibm0vaXH7ETaY0P6AATgsEa+ndt/wW+lbj/fv3f/WrX0VHR8fGxr711luzs7NK9PznP/954YUXIiIiNmzY8Otf/3pyclLWqtu3b0dERIgPiR2IV4rvocvTgWUfkUKsSjy7F1SLkukMZb7++us33ngjLi5u3bp1Tz755HvvvTc3N6e8OQoNkzxTrfhp5yHG9+uYiYmJhoYG0qZyAi3GxMXFuVyuFTTAB1bcaZDAsWQxlJSUzMzMmM3mK1eu9PX11dbWKimVk5OzZcuWkZGRq1evulyu8vJyH6oGDrx79+7u3bvBOLx169Yrr7xCOtsuVB4vy3Gcx+PxeDwjIyPh4eGe7xDPgqWa3XSZ0tJSu93e3d1tt9tbWlouX748MDCgvC6FM1eyLQ/HuA1QBCo2m43neSWHKJIUnE5neHj4zMyM5OaK41ujlhnotBW3Vrb7lt9CH2qcnp7W6/Vutxts9vf3b968WVbP2NiYWq2Gm2azWa/Xk4QdDkdqair4kZ6eDveLHfjxxx9v3rxZrVanpKRcvnwZKahQngLeWTabLTw8XFJY3HzlLlUynaHM9PS0Wq2emJhQonkx4PYH2mnnIUPRdcwHH3yQkJDwve9975e//CVYAZicnIyPj3e73Y888sgf/vAH8WZTU1NoaOj777+/YcOGiIiI3bt3f/vttyTNFy9e3Llz59q1a/HNa9eu/eQnPwkNDY2NjX3xxRf/9a9/cRz34MGDV199NTQ0NC4u7re//S38s3bt2rVt27atW7cuOjr6pZde+uqrr7jvrp2PHTuWkJAQERHxyiuvAON/9rOfvf/++6DgjRs3goOD4bLGvn379u3bR7riljTpm2++2bdvX3R09KOPPvq73/0OmESqGoFS9vDhw9HR0Zs2bTp16hTHcXfu3PnpT38aGhqakJBw7Ngx8QIL4kMIyVckVXjrPvroo+effx4qfOedd3bv3k3yA24JSQwfTiRX0HvqN7/5DbQNOI006iRrJBVZt27dl19+uX79eiBmsVhiYmIkx4OY6Ohog8Hw0UcfcRz37bfftra2ZmZm4mJ//vOfOY6LjY29fv06+PH555/Do2IHzs/Pw/0q1f/PU1hQoTxetWRZHPG6EzLZEUnSMKNUIbYEygD71Wq1pD1zc3Nvv/32hg0b1q9f/9JLL/33v//Fpwm+yo13rmRb6K5gLBZ6CLLZbBzHlZSUOJ1Oi8WSlZVVVlYGDo2MjPA87/F4vF6veNNqtXIcl5+fb7fbLRZLUlJSXV0dSX92dvaZM2ckN3U6XVtb2/j4uNVqbWpqslqtgiAcOHDg5z//udVqHR4e3rFjx4kTJ4Bwa2vrxx9/PDExMTo6WlVVZTQaofHFxcVOp/PmzZuZmZnl5eWCILS1te3cuRMUfPfdd9Vq9fnz58FmYmLiuXPnSH/ZJE0qLS3Nycmx2+1DQ0OpqanNzc2UqhHoZUdHRy9fvjwyMiIIQl5entFoHB0dtVgsycnJ4v+b0GmItSRfkVThrXM4HBqNZmpqCggkJSV1dnaS/ID3Ji5GGU6SrqD31JUrV2BdQDM+6ig1koqIGRkZiYmJ6e/vR3wbhSEIgtVq1Wq1Go1GrVZv2bIFXgkB+vv7s7KyNm7ciA8DvCtHR0eLioq++OILnuctFkthYSGYZb7JS1aNdJbwv9cxSHvFk13hMJOsArdELJObm5uTk9Pb24u4ThCEhoaGtLS0wcFBh8NRWVlpMpnwaYJcbJE6FzlxSdrJWEIUxRh4lunr60tMTISHJNfKQBG73Q72d3R0pKWlgd92uz0+Ph4WcbvdPM+Pj4/jm+Pj42q12uPxIPZERUXB8Wc2m8XrDBCLxQIGMWJ8b28vMN7pdIaEhADl6enp1dXVhYWFQF6r1VosFskYI2mS1+vleR6eZC9evJiRkUGpWnlZ6BYgqdFooGRHRwc8F4idhp8HcV+RVJEcnpGRceHCBajc4/GQJJHelBQjDSeSK+g9hazzSI46+gAmDVSAw+FITEwEUQ3xrQNDEITKysrU1NT+/v7u7m69Xt/W1gaEb968WVBQEBkZ2dDQgJ89SQ7EK/VBnlQ1XlagxhjKWhlpSiJVSFqCyExNTdXU1BgMBrVavXnz5rq6OhgGdDrdwMAAYi0yTfAYI9m5iP2SrmAsIdJXpmJ4nodXoDExMePj47JFNBrNo48+Cn5v2bLFbrfD4n19fVCsu7s7PT0drtWINyMiIvLz8zMyMrKysmJiYtLS0p555pn79++7XK74+HggPz8/D6+s//GPf7z55pvDw8MzMzPz8/Nw3UBsvF6vB8Zv2rTJYDD09fVt3brV6XTW1tYaDIa5ubmenp7nnnuOdLUuadLY2NjMzExCQgJsLBjcpKrF0MuKV8PGxsbm5+fFkiQfQki+IqmSbB3HcUaj8dKlSy+++OKlS5eys7ODg4ODg4MlJRFLSAolhxPJFfSeQhY3SKOOMoBJRQD5+flVVVUvv/wyhxEbG4vsmZ2dbWtru3r16g9+8AOO444ePdrU1PTqq69yHLd169acnByr1RoWFoarguBdGRcX9/XXXy9GnlQ1adgsFMqURKqQtASRAWtfhw8ffvDgwcDAQHV1tdfrPXTo0OTk5Pj4eHJyMlI7Mk0Q6J1LsoGx5Czr+zFr1qzZtGkT3KQ/UXbu3Lm2trbk5OSZmZnq6urXX3/d4/GoVKovvvjCbDabzebBwUGz2QyEjUbj9u3bTSaT2Wzu6uqStSQ7O7unp+fSpUs5OTlhYWEpKSkmk6mnpyc7O5tSCjdpwS5YakjPw1B8RUKydXl5ecCfly5dysvLo0jiliyJu3zrqcVz586dwcFBks3RGOPj4zMzMyDAcByXkpLicDjA7/r6epPJVF5efuvWLUqNC320SYk8qeqleoyKMsyQKiQtIZkRHBy8bdu25ubmTz75BO5cs2bN4g3GYU+U+R36ZQ5+ySx7NY1cpXZ2diJLEACv1xsVFQWXR5BNBPiUDs/zyCWzIPVIDzCSYnxfX196enpubm5XV5cgCC0tLZWVlRs3bnQ6nQofoQEmUda7SFWLPaCkrPDdApfNZgObcIELcRpSUNJXJFWSrQO/k5KSenp6wsPD4YqTpB8o3QfFSG4huUKg9pRYP2nU0QcwZaB6vV5xc5SslWk0GovFAgQ6OjpgEwRBcLlcVVVVPM/Du0EIsg70WR6vmlTWt7Uy0jDDq0AswWWQhUSTyQQXNnU6ndlsRqxFpgllrUzcuWKxhbqd4QO+xxi3261Wq2/evIlswrttDodjaGgoJSVFfCsVLtCbTKakpCS4H9kcHh7etWvXlStXXC6X3W7fs2dPTk6OIAhlZWUZGRlDQ0NOp/Po0aP19fVAXqfTtbS0TExM3Lx502g0ysYYUESn0wF7HA6HVqtNSUlBSk1NTanV6pGREa/XSzJpz549ubm5+H17UtXiWxRKygLy8/ONRqPNZhsaGoI36hGnia2l+EpSFal1giDU1tYmJyfDTUlJxBKSGMUtkq6g95TYn6RRJxtjSAMV6SnEt5JUVFRkZWVZrdaBgQGDwdDe3o4I2Gy2oqIiybK4A+ksVF5cNaksJcaIJ7uSYUYxD1qCyIyMjOh0upMnTzqdzomJCXC0oaEBHG1oaEhPTwf3/CsqKsA9f9kYI9m54rYs1I0MH/A9xgiCUFdXFxISAucS2Dx27BjP80eOHNHpdOHh4cXFxdPT07i2/fv3HzhwAKpCNmdmZurq6gwGQ1BQkE6nKyoqGh0dFQTB4/FUVVXp9fqQkJDs7Gz4B8RkMqWlpWk0mo0bN1ZXVyuJMYWFhfn5+XAzLS0NGICUqqmpAW0kmeR2u/fu3RsVFaXX6+FdSlLV+NSVLQsYHR3NycnheT4+Pv7IkSNAG+I0sbUUX0mqIrVOEASw+gF7WVISt0RSjP6XBXcFvafEvgI/8FEneyEuOVAFbLQgvpXE4/FUVFTodLrHHnussbGRJCYJ7sCllVdSlhJjhP+d7LLDTIl5uExXV9eOHTu0Wm1ISEhycvLJkyfhIa/X++abb0ZFRWk0GqPR6HK5ZGMMpXNhWxbjRoZCZGKMDyh8RctgMFy9epW0yaAA/vEJS+E0qIqC2+3WaDT0B29WvPuUvxi4mCL+Y6EOXIzDl6GzlFThVzN8Owsx/IH8c2V+4t///jdlk0HBbDYnJiZyS+E0qIpCd3d3ZmYm/cEb1n2LZKEOXIzDl6GzlFQRCGMmEGx46Fn5vMuLwed03Ksuj/ehQ4dOnTp17969zz///MCBA2VlZTdu3HjttdeWRBVJcnZ2Nj8/v6mpqaCgAOyRrHTVOfMhIyEh4fr167/4xS/u3r270rYwGCirOMb4nI57Nebx3rFjR0tLi16vLyoqqqys3L17d0lJCXwvYZGqSJJr16799NNPb9++XVxcDPbgla5GZz5MAP//6Ec/CgoK2r9//0qbw2BgrPRine+8++67FRUV4Lfk8itpTVZckERzc3NiYmJQUFBKSgp4apYOXtdCNSDaSNkJAS6XS6VS4S/b001SCEhMC34PDAzAzB+SlYqdSWkyfL2U4ziVShUfH19fXw+fccCH5fHjx8EhlUplMpkQVcizYRC9Xl9TUwPf/5e8LSx2bHNzc3x8fEhISHp6ek9Pj6S1uFrZlpIqlW2O5AzleX54eBjKnzlzxmAwwGcioP/FPcVgBA6rOMakp6d3d3ePjo4WFxcjmZokdyIFKZrBqaenp2dsbOzs2bORkZHIeQEHObP4oAHRRo8xSuKHzzGG9DKEpELoTHqTYSoaj8czPT0Nko6A51zFhyDi8JOYmCh+cwJ//AmqHRoaeuqppw4ePEgyWFwWxAnwdPWFCxeioqJ6e3uVqFXSUslKZZsjmWO/qqqquLgYyicnJ4ufbYP+D6hHGBgMyGqNMbJZzUmpzpXk8Y6JiRHnWzx+/Dh8O4QEMsN90IBoWxUxRuxMepPxsr29vVu3bqXbabPZQkJCUlNTxa8u0h+x7evr27JlC+mouCxicGtrKzSYrnahLRXHGHpzJPc4nU6e58Frs11dXYmJifAPk9j/LMYwApOluR+DpA2ny+Ap319++eXf//73UHLbtm0g7bbChPaSWc1Jqc5l83hPTk46nU5xYvbt27cPDw+D30qS9tM1cIQvEXz11VfPP/98aGjok08+efbsWZJ5kkgqRJDMwY4nSKcnckeAzpRtMo5Go/F6vbJNU6lUp0+fbm9v/8tf/iIrzHFcUFDQzMyMrBhucGlp6YkTJ2TV+tBSMQttDsdxmzZtKikpOXr0KMdxR44cqampgVlVKINZyZRkMJaBpYkxJSUlzz77rPjLFmKuXbv27LPPlpSUgM2cnJySkhK73d7b25uZmanRaAoKCjo7O8HRO3fumM1mo9HIcVxFRUVQUJDFYunp6Tl9+rRYJ8wydPfu3c8+++z8+fMajebChQvt7e1zc3OSO5GCJMDrIOJ5q9Vqp6amxAKDg4N9fX39/f12u/3AgQML1TAwMLB3797R0dGhoSG9Xl9RUQEaq9Vqh4eHu7q6xDEGT42F2yypEKG+vn56enpwcPDy5csmk6m1tRVaOzIyMjQ01N7enpmZGRYWBpOfFxUVURzFiZwp22SEe/fuHTx4EPSyLN///vfr6upKS0spXy8G3L9/v7a2ds+ePbI6cYPXrl0bFxcnq3ahLcVR3hxITU3N2bNn//SnP9lsNjiPOOpgpk9JBmP5WJKrIbfb3dDQEBkZWVBQALPLCFIJvSVTvk9PT2u1WpBcqKWlJTc3V1Cc0B6g8J4/UhD51gCplNVqRW4y40n76WtKYg0I4EsEoLHiVORQXjI1FmVhRPxpA9kc7DYsQTqlLXiSAp7wWQG8yaAi8KmVyMhIjUZTVlYmTgMj/hYL/iiH1+vNyMgAtyXwe/5QrUql2rVrl2RD4B484cL+/fuBBiTtv6RaJS2VrZTUHEReTFlZmUajaWlpkfQ/Xi9pSjIYy4z8O5jiP8737t2T3LN+/fq33367rKystLR069ats7Oz4Cie0Fsy5fu6deuys7M7Oztff/31jo4O8E9tQQntJbOg4zuRgsi3BgBqtRpZwxFnLOcUJO2X1YB/iWBsbIzjOHEqciiMp5HHIX3aAELJwU5PkE5B7EzZJnMcFxISAtLSqFQqnU4nTqMLD8FNpK41a9acPn06JSUlLy8vJSVFUi3HcVartaqq6oMPPnjjjTfoxosNPnjwYFVVlcPh2LVrl6xaJS2VhdIcEuXl5e3t7aWlpXAPPSk9aUoyGMuM/NzAc8JLZom/detWbW2tyWSqr6+HO+vr6xsbG8vLy+vr6x9//HGw89y5c9evXwdJ9Kqrq5966qkPP/ywoKDgxIkTRUVF/f39HR0ddJN8TseNFES+NQAAy0Szs7NwPWRqakqr1SqvRVaD0Wjcs2dPa2urRqNBTm04+OIYiOtiZBXCHOzwbCj5Od4FIXamEqepVCpSvKQcgjzxxBMNDQ179+5Fvt0gLhsbG9vc3FxaWgpiDPi+2dzcHIxnbrcbBDCxwWFhYWFhYWNjY+LYRlIr21JKpUqaQ0Kr1arV6uDgYLhHdhZITkkGY7lZkquhsrIynuerq6tdLhdyiJ7VHOaQ93g8kZGRx48fz8vLA4cUJrRXjvKCyINDzc3NpCeOSMkuKRokv0SArJV1dnYqXytT+GkDyRzssmuMpN+4MylNJlXkw6EdO3ZkZGRQniu7evWq+JOjOp0OPpEsCEJLSwtc9YqJifnss8/gocbGRsqCmFgtvaWUSmWbA2vH18qQsrj/EQHKlGQwlpOliTFFRUUwGEhi+y6hNyWHfGFhoVar/eSTT2ApJQntlYMXdLvdkml04QsQLpfr/Pnz4hcgSDEGSXhO0SAQvkRgNBrFqcjpzy7b7XaNRkNXqCQHu+T5XZz83GKxQEvEleLOpDdZNpCQ3o/Bb37wPC/5fozH4xkeHt6+fXt5eTmUP3HihMFgMJlM4CWYyMhIePaH78eMjY2dOXMmMjKyr69PiVp6SymVyjYH1i4bY3D/i3tKUDAlGYzlYbnfj6HkkO/s7OR5XpyCW2FCe4XgBSknPtKL3KQYI2C53ymvgkt+icDhcOzcuZPneYPB0NjYSI8xHo9Ho9HAe7mSCgUFOdhJHoDJzy9cuJCcnIxXKtkLC3r7XXwIv7yG7/njpVpbW0nv+et0ur179yLfUmtqaoqPjw8KCkpKSuro6EAMBodSU1PFlyayamWTOEhWKtscKCYbY3D/i3uKwQgcVs07mItPaI8XXNWvrVVWVmZlZfm1Co/HEx8f39bWhlfKkqKvLIj/8Z5iMAKERwRClqRA449//OPx48f//ve/L6HO27dvNzY2fvjhh0uoc9mYnZ01m80//vGP/VrL3/72t6effnqZK2X4ANJTDEaAENAx5tChQzExMbm5uVartbCwsLa2lpIk2AcePHigVqvFD9EyGAwGYwkJ6Bjz17/+taqqamho6LHHHquoqJB96YHBYDAYAUVAxxgGg8FgrGpW8TfKGAwGgxHgsBjDYDAYDH/BYgyDwWAw/AWLMQwGg8HwFyzGMBgMBsNfsBjDYDAYDH/BYgyDwWAw/AWLMQwGg8HwFyzGMBgMBsNfsBjDYDAYDH/BYgyDwWAw/AWLMQwGg8HwFyzGMBgMBsNfsBjDYDAYDH/BYgyDwWAw/MX/Af2qRvj7xfM9AAAAAElFTkSuQmCC)
Screenshot:
Mirror: Click here to view the mirror
Coordinated Disclosure Timeline
Vulnerability Reported: |
10 June, 2020 15:28 GMT |
Vulnerability Verified: |
10 June, 2020 15:43 GMT |
Website Operator Notified: |
10 June, 2020 15:43 GMT |
a. Using the ISO 29147 guidelines |
|
— |
— |
b. Using publicly available security contacts |
|
c. Using Open Bug Bounty notification framework |
|
d. Using security contacts provided by the researcher |
|
Public Report Published |
|
[without any technical details]: |
10 June, 2020 15:43 GMT |
Vulnerability Fixed: |
5 July, 2020 17:43 GMT |
— |
— |