Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:
      a. verified the vulnerability and confirmed its existence;
      b. notified the website operator about its existence.
Affected Website: |
hirdavatfirsati.com |
Open Bug Bounty Program: |
Create your bounty program now. It’s open and free. |
Vulnerable Application: |
Custom Code |
Vulnerability Type: |
XSS (Cross Site Scripting) / CWE-79 |
CVSSv3 Score: |
6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N] |
Disclosure Standard: |
Coordinated Disclosure based on ISO 29147 guidelines |
Discovered and Reported by: |
xav0 |
Remediation Guide: |
OWASP XSS Prevention Cheat Sheet |
Export Vulnerability Data: |
Bugzilla Vulnerability Data |
JIRA Vulnerability Data [ Configuration ] |
|
Mantis Vulnerability Data |
|
Splunk Vulnerability Data |
|
XML Vulnerability Data [ XSD ] |
|
Vulnerable URL:
![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAAA3CAIAAABVZQ1/AAAACXBIWXMAAA7EAAAOxAGVKw4bAAAPBElEQVR4nO2dfUwT5x/Az1JcVw6VWmsFJkgIGkKwcYw1WWcIEuMMIZ1jDTONdo4YXIZjzDDryELIUhcGzBhjzMIMm8u2LM4QsiyOuLeOkaUyUrFD1iHBWpEspRR30QKn9/vjssvt7rmXvhx2/r6fv3iee57n+/I8z33vee76sIKiKAwAAAAAFED1sBUAAAAAHlkgxgAAAABKATEGAAAAUAqIMQAAAIBSQIwBAAAAlAJiDAAAAKAUKRFjNm3adOXKFaEksJyA85MFeBIAsFSIMVevXn3w4MHWrVuRSWA5AecnC/AkANBIxJgbN25kZmYiL83Pzx8/flwoKZ/+/v6amhpOUkiuiD7IwllZWXGohIRv4BtvvPH44493d3fLVykmKTEZmxQ4fZE6zM3Nvfzyy+vWrcvJyXnrrbeWlpYUFZe45xP3pEwdJOcd005yp4NM5FgR960D+G9AiTI1NYXjuJxLIiXFKS8vHxgY4CRFWotGozJbnpqaWrNmTRwqCbXGVikUCqlUKq/XS5KkfJVilZLEluXA6YvUoaamZu/evcFgcHx83GKxHD16VFFxcQ9mhqR4Uk7vS6rKFEjudJCPpBWJextIZR7yXtnt27f9fn9FRQUyieSxxx5bBsUkIQhCq9Vu3bo1LS1NOZWW01g5zn8o3Lt3b2Rk5MMPP8zJydm8eXN3d/f58+cVlahWq4uKiuKunixPJqX3GVsSNCpuUmTCAg8N8RBEP2KcOHEiPz9fp9PZ7fZIJEJRVCQSYVro7e1lJ7u6unAc7+joMBgMa9as2bdv3927d4XaP3PmjM1m4yeF5LIfeei/XS6XXq83Go09PT0URQWDwZ07d+I4XlRU5HK5mAc3j8djNps1Go1er6+trQ0Ggzab7d1332VEm83m3t5eZEm+vaFQiGOviEoej8diseA4np2dvWfPnrGxMZlShJ7vSJI8evSowWDQarW1tbWhUIiiKIIgDh48qNfrc3Nz29raSJJk9Ons7MzPz9dqtTabLRQKHTlyRK/X63Q6h8NBEASyL5A6I61DKsMGaSlSBN2+5Mj57LPPtm/fzvS1VqstKCjo7u6m+5q/vGbGQDQaPXDgAI7jGzdufOedd2gXyeHixYsxFZD0JN9pfN/yhzrfM5wBI0dVmRaxy8g0gUKNEPYqKm4ThOoiB2QiE0HmCARiQjrGYBjmcDimp6cnJiYqKysbGhroS+Pj4ziOR6NRuheZ5OTkJIZhtbW1gUBgYmKipKSkra1NqP3du3d/+umn/KSQXM7EwzBs3759MzMzFy9eHB8fpyjKarWyRTP3lzNnzpw9ezYSiczMzDQ1NVmt1vPnz5eVldFXp6enNRoNHcb4JSXtFVfJYDD09PSEw+HJycnu7u7JyUmZUoRijMvlKisrGx0dDQaDhw8fdrvdFEUdOHCguro6EAj4fL5t27adPHmS0cdutweDQb/fb7FY9Ho97VX6Qfvw4cPIvkDqjLQOqQwbIUv5Iuj2xUfO+Ph4dna2x+Ph9HVpaalkjDl27FhdXd3k5OTY2FhFRcWpU6fofD0PjlCj0VhZWTk8PMzvC4/HU1lZaTQa2ZmSnuQ7je9b/lBHeoYzLEVUlWkR3yiZJlCoEcKOMXGbIFQXOSATmQhyRiAQK7JizJ07d+jk0NBQQUEBcwn5PoauEggE6PwLFy4wt/JAIJCfn89UIQgCx/FwOMxPCsnlTzymOkVRJElqNBq2aOQG9MTEhNFovHv37qpVq+jCp0+frqmpESopaa+ISuFwWK1Wi29JC0kRijEGg2FkZISdQ5IkjuP05Kcoqr+/32w2M/rQsZOiqMHBQZVKxTyaDQ0NFRYW0n+znS+kM986pDJyLEWKEBk5NMFgsKCg4IsvvqCE+1okxuj1embd5vV6y8vLmWY5cNQmCMLlcul0OpvN5vf76Uy/32+z2XQ6ncvlYi8H5XiS7zS+b/njCukZjr1IVfkIFeMbJd8EcSsSMUGoLvIOkMhEkByBQBzE9s6fPWNF7rkajYbJHxsbMxgM9N8kSU5PTzOXLly4UFlZiUwKyRW/BdPLEbZoRtuRkZGqqqrs7Gx6dUzn19XV0Y85VVVVzIMnsqS4veJRoa6uzmQyNTc3d3Z2/vjjj/KlIFuLRCJqtZqzzzM9Pb1y5Uom6ff76Vu5SPdxkpy+QOrM1wepDAchS/kiREYOjdlspvuLEu5rIZPD4TCGYcxKRafTcRqXJBwOW61WtVpNJ9VqtdVqZW5bDJKeRDqN71vOSBDyDHKQcFSVaZGQUTJNELciEROE6iLvAIlMBMkRCMTBsr7zT0tL27BhA5NEfrWskGir1bp9+3a32+31er/55hs602az9fX1zc3NeTweRjSyZCJ8/vnnPT09paWli4uLzc3NjY2NiUtJS0tLXDE2HOcjdY5PGSFLYxKBYdjt27dHR0cliwkRjUZVKtXw8LDX6/V6vaOjo16vl760jge/+vXr11977TW3293e3k7ntLe3u93uV1999fr16+ySMj2Z9B4UUVV+MaRRKWsC8N9APATFt47BWOvNvr4+5HqTJEm9Xs+sajnJ+NYxnP2Tvr4+utZff/3Ffljzer10fjQa1el0J06c2LNnD31JqKS4vZK7W+wGc3NzZUoR2Svzer0cw4W2COQ8vnGcj9RZSB++MmxELOWLEB85JEmyNRTq6zt37qhUKmaXdXBwkJGI4zhyW09yr6yhoQHH8ebmZs4XDaFQqKmpCcdx5iWlTE/ynSa5jhHyDKeikKoyLUIaJdMEcSsSMUGoLvIOkMhEkHnvAmIi/hhDEIRarWY2c5kk894sGAz6fD6TycR+b8Zs7Lrd7pKSEiafk4wvxlD/vAdmRDPaGgyG06dPRyIRv99vtVqZ/L17965aterLL79kWhAqybFXZowZGxvbtWvX999/HwqFAoFAfX19dXW1TCns1tgb4i6Xq7y8nH7dSj/uURRVX19fU1PDf9UpZ2pxnC+kM9LhSGXY2iItRYoQHzkU75cWQn1dXl5eX18/MzNDv91l8hsaGsxms8/nm56e7ujoaG9vp+Rht9unpqaErk5NTdntdvpvmZ7kO01OjEF6hjMsxVWVaRHbKPkmUDJiTHwmCNVFDshEJoLkCATiIP4YQ1FUW1ubVqulvzhkkvS3vO+99x7/+z92a0eOHDl27BjTFCcZd4xhf7vc2dnJaOt2u8vKyjQajdFobG5uZvL7+vpwHGd/oShUkmOvzBizuLjY1tZWVFS0cuVKg8Fgt9tnZmZkSkGKoCiKJMmWlha9Xq/RaKxWq+S3y0LdxyQ5zhfSGelwvjKcYkhLkSLoisiRw1ee+ve3y+y+pj9ExHG8uLj45MmT7G+Xm5qacnNztVrt7t27hVYbiSDTk5JOo1DjSsgznGmYXOSbQEnFmLhNEKqLHJCJTARxJYH4kIgxcSC5X0RTVFT066+/CiWB5SRFnC9z5AjVfSg/YuegkCcT8UyKkGDnLo/5j4CfUxD18r35+Td//PGHSBJYTsD5yQI8CQAcYvuu7MqVK4cOHRIpsLS01NjY+ODBA5kNwvnnAAAAjzCxxRiHw5Gfny9SID09PT09fXFxUU5rcP45AADAo410jGFO3p6dnR0dHW1qamIuLSwsvPTSS5yzu1tbW/V6vRzZSflBDBwe/siQl5f3999/x113bm4uufqkDol4JkVIsHOXx/xHwM8piHSMiUQiLpcL++ekYeYU1YWFhV27dpEkySmv0+kIgpAjOykxJi8vj31CJRLGBAAAAGA5if93/jMzM1VVVZ2dnfFVT+JJ8nB4OAAAQGoiEWPm5+fz8/MJglixYsVXX33FvpSXl/f222/HJOzbb79l/u7v79+5c2d6ejqGYZcvX3722WczMzNzcnJeeOGFa9euYRh2//59p9O5fv36jIyMF198cXZ2FvtnZ+z48ePr1q3bsGHDRx99xP43f5mZme+///769euzsrL2799/7949jgkff/wxRw0AAABAOSRizOrVq5mTt59//vm4xVy+fHnHjh0Oh4PJYW+UVVdXOxyOQCAwODhosVg0Gg2GYR0dHZcuXbp06ZLf78/Ozh4bG6MLEwQxPj7u8/l6e3stFgtbCkEQHo9neHh4eHh4ZGSko6ODY4LdbscwzOFw7Nix47fffovbHAAAAEAWkr+gEfq1OeeqUA7yCPT4zj+n/jnsIemHhwMAAABKoPi5y8XFxYuLi5OTk06nMyMjg84cGBgoLy/PysrCMCwrK6u2ttZsNr/55ptdXV0//fQThmHz8/PhcLi0tJTfII7jdEU+Go3miSeeoP/esmVLIBBAFsvIyHA6nRMTE4uLi8XFxYnbCAAAACBRPMYgTwv/r5x/DgAAACSC4jHG6XT6/X6DwWAymegzAu7fv//1119zvlp+8skn9+/f73Q6z54929fXt3r1ap1OF+sRANFo9ObNm/Tffr9/48aNyGKHDh0ymUxGo9Hv9zudzrjMAgAAAKSRjjF6vT4ajf75558qlYr/axg+JEmq1f86Bm3t2rUffPCBz+ejfzczNDRkNBo3bdpEX7127dpzzz33ww8/zM7O3rx589SpUyaTCcOwpqamgwcPXr169datW42NjT///LMce5qbm2/duvX777+3tbVVV1dzTKCTBEH4fL6urq61a9fKaRMAAACID+kYk5GR0draajKZBgYGMAxj7tRCeL1e5AIiLy/v3LlzGG+jrLCw0Gw2NzQ0ZGdnl5WVRaPRnp4eDMNaWloqKioqKysLCwuDwaCcFyc4jpeVlW3bts1isZSWlra0tHBMoL9dPnfuXF5enmRrAAAAQIKsoChKfunXX3/d5/N99913QgUWFha2bNnS2tr6yiuvCJXZvHnzJ5988vTTT8emqRQ3btwoKSmBoyAAAABSh9hizNLSktfrfeqpp0TK/PLLL88880zCisUMxBgAAIBUI7YYk8pAjAEAAEg1FP+uDAAAAPi/5dFZxwAAAACpBqxjAAAAAKWAGAMAAAAoBcQYAAAAQCkgxgAAAABKATEGAAAAUAqIMQAAAIBSQIwBAAAAlAJiDAAAAKAUEGMAAAAApYAYAwAAACgFxBgAAABAKSDGAAAAAEoBMQYAAABQCogxAAAAgFJAjAEAAACU4n9RjS9jXepJlwAAAABJRU5ErkJggg==)
Screenshot: ![hirdavatfirsati.com vulnerability](/twimages/screen-1192409.jpg)
Mirror: Click here to view the mirror
Coordinated Disclosure Timeline
Vulnerability Reported: |
11 June, 2020 13:09 GMT |
Vulnerability Verified: |
11 June, 2020 13:24 GMT |
Website Operator Notified: |
11 June, 2020 13:24 GMT |
a. Using the ISO 29147 guidelines |
![](/images/done.png) |
— |
— |
b. Using publicly available security contacts |
![](/images/done.png) |
c. Using Open Bug Bounty notification framework |
![](/images/done.png) |
d. Using security contacts provided by the researcher |
![](/images/done.png) |
Public Report Published |
|
[without any technical details]: |
11 June, 2020 13:24 GMT |