standaviet.vn Cross Site Scripting vulnerability OBB-1192676

2020-06-11T14:51:00

Description

Following coordinated and responsible vulnerability disclosure guidelines of the **[ISO 29147](<https://www.iso.org/standard/45170.html>)** standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence. Affected Website:| **[standaviet.vn](<http://standaviet.vn>) ** ---|--- Open Bug Bounty Program:| **Create your bounty program now**. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| **[XSS (Cross Site Scripting)](<https://www.owasp.org/index.php/Cross-site_Scripting_\(XSS\)>)** / CWE-79 CVSSv3 Score:| 6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N] Disclosure Standard:| Coordinated Disclosure based on **[ISO 29147](<https://www.iso.org/standard/45170.html>)** guidelines Discovered and Reported by:| **xav0 ** Remediation Guide:| **[OWASP XSS Prevention Cheat Sheet](<https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.md>)** Export Vulnerability Data:| Bugzilla Vulnerability Data JIRA Vulnerability Data [ Configuration ] Mantis Vulnerability Data Splunk Vulnerability Data XML Vulnerability Data [ XSD ] Vulnerable URL: ![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAAA3CAIAAABVZQ1/AAAACXBIWXMAAA7EAAAOxAGVKw4bAAAO1UlEQVR4nO2df0gbZxjHrzbaQ6+tZmmaqmtTETuKZNI5F1hWxIlsRSQ4F1oJNitSbFklOHFVRhHZ0uJUSidShituk20MKUHK6ET2IxMZzkmqzrrMiqZpmg1NYxfam013++Pg5Xq/8iYm0c7n85fv3Xvv+32+eS/P3Xtvzi0MwxAAAAAAEAeS1lsAAAAA8L8FcgwAAAAQLyDHAAAAAPECcgwAAAAQLyDHAAAAAPECcgwAAAAQLzZEjtm/f/+NGzekipsccCMBgMn/b27cuHHq1CmZCo8ePTp27Niff/6ZMEmbh/XPMVNTU//+++/zzz8vWtzkgBsJAEz+32OxWLRarUyF5OTklJSUxsbGRCnaRITJMYuLi9u3bxfdtbKycv78eakiPoODgxUVFVJF+U7XwuLiYkZGRqSHSLnBJYYi5d2IEzJh3rt376233tq1a1dWVta777776NGjBGsTBfNzkSImJsdqbKB2ohifawcnihgO7/jBFbm8vDw5OWm1WtHef/7559ixY7xIrVbr8PBwQlVuEhhZFhYWKIrC2SVTU56ioqKhoSGpIr6eSFlYWEhPT4/0KJqmcVqOlUh5N+KEjP6Kiorq6mqPxzM7O2swGM6ePZtgbaKs0fBYmRyTsYEqRDc+107YKGI4vOMHVyRPME3TxcXFVVVVvCieirieRtZ5ruzu3bsul6u4uFi0uAHZtm1bwvraaG48fPhwYmLi448/zsrKOnDgQFdX18DAwHqLIgiCUCgUeXl50R0bQ5NjMjZQLGsJai0kcoSvCz6fr7S0tKOjY72FbBrkUxCb2y9evKjVapVKpdlsDgQCDMMEAgHUQl9fH7fY2dlJUVR7e7tarU5PT6+pqXnw4IFU+5cvXzaZTKLFsbExg8FAUVRmZmZlZeXMzAyvU7aOXq8nSVKlUlVVVXk8HqS5o6NDq9Wmp6dXV1ezmhmG8Xg8ZWVlFEXl5eXZbDZ0nSjajslkev/995E2vV7Phoa20DR94sQJiqL27t177ty5UCgkdAZVFrbW19cnIzWsGzIaZGyx2WwqlUqj0fT29jIMEwqFzp49q1arU1NTq6qqlpaWZD50Hl988cXhw4eRq6mpqTk5OV1dXayrwttc5LaoZqG87u7usrIy1EJLS0tNTY3EOHqC69ev41fAMVnoklCt8MJZeAoIx0ZYqVFEJBoFTgjMk3dRUYcgdaxoj8Fg8OTJkyqVKjs7u7W1lTsY2PMiNTXVZDItLS01NjaqVCqlUmmxWILBIL5I0RsU4Uap+xjMzwiQInyOIQjCYrF4vd65ubmSkpK6ujp21+zsLEVRNE2zwwIV5+fnCYKoqqpyu91zc3P5+fmtra1S7R85cqS/v1+0qFare3t7/X7//Px8V1fX/Py8sNPLly9fuXIlEAj4fD6r1Wo0GpHmmpoar9frcrkMBsPp06fZNo1GI1cY+tYTbWdgYKCwsJCt4PV6SZKcmprijsKWlpajR4/Oz8/PzMwUFxd3d3eLOsMibC0QCMhIxXFDSoO8LT6f7/r167OzswzD2Gy2wsLCyclJj8dTX1/vcDjkP3TE7OxsZmbm2NgYz1WdThc2x4hqFsrzeDwkSd6/f589Kj8/3263MwyjEsDTptFoSkpKxsfHBcONGRsbKykp0Wg0EZksdEmolpdjpE4B3tiQkRp1RKJR4ITAPJljog5B6ljRHk+cOFFeXu52u6enpw8dOnTp0iVU02w2ezwe9rxQqVTsgGRvOuvr6/FFRp1jhN4CUYCVY9B5Pjo6mpOTg3aJPo9hD3G73ez2q1evou9Wt9ut1WrRIcFgkKIov98vLPr9foVCIZwalpkznZubY0cDT/PIyAirORQKkSTJFSY6343aefDgwY4dO9j6PT09FRUVvN5VKhV7PcUwjNPpLCoqkhEpbE1GKqYbMhqkbEFus6jV6omJCd4hMh86i8fjycnJ+eqrrxhpV2VyjKhmUXl6vX5gYAC1xjrgEcDTHwwGbTabUqk0mUwul4vd6HK5TCaTUqm02Wyod0yThS4J1QpzjOgpwLNFVKoQ/IikosAJgcE7i8OGIHWssMdQKERRFMrlg4ODer0e1UR3zyMjI0lJSWg6ZHR0NDc3F19kFDlG1FsgOiJ75s/9ppDJMSRJou0zMzNqtZr9OxQKeb1etOvq1aslJSVSxaNHjxYUFDQ0NHR0dPzwww+inU5MTJSWlmZmZrI30fLfbuzdA1cYikW0HVYDe2FVWlra39/Pbdnv9xMEgS6llUolClMqEfJak7cXxw0pDTi2MAwTCAQUCgX3ZktUv/Dhs16vZwORcVWqESnNoqZduHDBYrEwDNPd3c2dU8XB7/cbjUaFQsEWFQqF0WjkTfrhmCzqkvw3lMwpIBomT+paIhKNAjMEBu8sDhuC1LHCA71eb0pKCiq6XC50PSQzAlERU2QUOUbKWyAKEvrMf+vWrXv27EFF+VXLX375ZW9vr06nW11dbWhoOHPmjLBBo9F4+PBhh8PhdDq/+eabqIVJtWMymex2+71798bGxnjLW2maTkpKGh8fdzqdTqdzcnLS6XTK9yLTmhAcN6Q0RGTL1q1b5SvwuHv37uTkpOjHgUNEvlVWVrL6r127VllZyW7cJUB44K1bt95++22Hw9HW1sZuaWtrczgcp0+fvnXrFqqGP+QidQkfoVTMaqIREdJRrHsITxFS3gLRIJ+CoruPITg3sHa7Hd3AcgmFQiqVCt0m84o8nE5ndnY2r9O//vqLe+nndDrlr6B5szp2u53dLtUOwzA0TSuVyosXL1ZWVgpbpihKONEkrIbgtSYvFccNUQ2YtrCo1Wqn0ymvn3cVGQqFuMKkXL1//35SUhJ3GhA1IuqblGn5+fnDw8Pp6emoqbBzZXV1dRRFNTQ0sEsYEEtLS1arlaIo9vESvslCl8Lex0idArwDpaRGF5FMFDghMHhncdgQpI4V9igzV4Z5H4MjMrrnMWG9BTCJPscEg0GFQoFmh1ERPYjzeDzT09MFBQXcZ/5optjhcOTn56PtvOLMzMxrr7323XffLS0tud3u2tra8vJyYadqtbqnpycQCLhcLqPRGPZJAPt0GglD20XbYamurt6xY8fXX38tbLmurk6v109PT3u93vb29ra2NqEzvJlxbmsyUjHdkNKAYwuLzWYrKipiHwWzl6LyBvI+RHlXi4qKamtrfT4f+9gWbRfVLJVjzp07p9PpULw4mM3mhYUFqb0LCwtms5mJxGShSzg5RvQU4A1geamRRiQTBU4IjCDHRBeC1LGiPdbW1lZUVAif+ePnmLAi3W43d0qNFylibm5O+ICW6y0QHdHnGIZhWltbU1NT0Qpdtsgu8L1w4YJw7TK3tcbGxpaWFtQUr7i6utra2pqXl5eSkqJWq81ms8/nE3bqcDgKCwtJktRoNA0NDWFzDHftckdHB9ou2g6L3W6nKIq7+BLtomnaarVmZ2enpqYeOXKEe0XMtYLrJ7c1Gan4bohqwLGFJRQKNTU1qVQqkiSNRiN37bKogcIi8+TaZa6r7Jo0iqIOHjx46dIl7t2hULNUjmFn0rirwGMFvslCl8LmGKlTgBGcNbFFKgqcEJgnc0zUIUgdK9qjzNplboNSOQZHJE3TJEnyllQIxQwMDOh0unAGAxETJsdEgdSXBY+8vLyff/5ZqrjJeXrdEGagNRIMBkmS5C1/ignxMxnzFNjIrCWEhIWP31F9fT13cYcQmqa1Wi37kx0gtigS+vCHw++//y5T3OSAG4ihoSGDwRCPN3eByZuHjo4O+SU527Zt6+/vf/nllxMmafMQwboyeP85kGBWVlbYVcvrLQR4uklOTn7xxRfl60CCiRO4OQbefw4kHjTPvt5CAACIki0Mw+DU++CDD3w+30cffRR1T4uLi/n5+X///bd8tZWVlZ6enubm5qg7AgAAADYIuPcxa/8fG/v27VtaWgpbLRAI2Gy2tXQEAAAAbBCwckys3n/+v39tOAAAAMAFK8cMDg6WlZUlJycTBPHLL7+88sor27dvz8rKeuONN27evEkQxOPHj5ubm3fv3p2Wlvbmm28uLy+z/1Dv/Pnzu3bt2rNnzyeffML9F3vs3x9++OHu3bszMjKOHz/+8OFDgiBWVla0Wm0wGNyyZcunn35KEMS3334br9ABAACAOIObY9BEWXl5ucVicbvdIyMjBoOBJEmCINrb24eHh4eHh10uV2Zm5szMDEEQwWBwdnZ2enq6r6/PYDDw2gwGg2NjY+Pj4+Pj4xMTE+3t7QRB7Ny5E72U22w2EwRhsVheffXVX3/9NYYxAwAAAAki7C9ocN5/vu4vPwcAAAA2IOHvY4aGhoqKitgfwWVkZFRVVen1+nfeeaezs/PHH38kCGJlZcXv9+t0Ot6BFEXJ/HSOJMlnn32W/fu5555zu92i1dLS0pqbm+fm5lZXVw8ePIiRNAEAAICNQvgcg/n+c3hzOAAAAMAjTI55/PjxtWvXeKuWX3jhhePHjzc3N1+5csVut+/cuVOpVEb6CgCapm/fvs3+7XK59u7dK1rt1KlTBQUFGo3G5XLBj2YAAACeLsLkmNHRUY1Gs3//frZ48+bN119//fvvv19eXr59+3Z3d3dBQQFBEFar9eTJk1NTU3fu3Dlz5sxPP/2E03dDQ8OdO3d+++231tbW8vJydqNKpaJp+o8//mCLwWBwenq6s7PzmWeeiTJEAAAAYJ0Ik2N4E2W5ubl6vb6uri4zM7OwsJCm6d7eXoIgmpqaiouLS0pKcnNzPR4PzoMTiqIKCwsPHTpkMBh0Ol1TUxO7PS0t7b333isoKGDXLn/++ef79u2LPj4AAABg/QjzLpkDBw589tlnL730Umx7xXyvDAAAAPBUE+bd/vD+cwAAACBqIni3PwAAAABEBOQYAAAAIF7gvtsfAAAAACIF7mMAAACAeAE5BgAAAIgXkGMAAACAeAE5BgAAAIgXkGMAAACAeAE5BgAAAIgXkGMAAACAeAE5BgAAAIgXkGMAAACAeAE5BgAAAIgXkGMAAACAeAE5BgAAAIgXkGMAAACAeAE5BgAAAIgXkGMAAACAePEfrfHx4CvHhL8AAAAASUVORK5CYII=) --- **Screenshot:** ![standaviet.vn vulnerability](/twimages/screen-1192676.jpg) **Mirror:** [Click here to view the mirror](<http://1192676.openbounty.org/mirror/>) ### Coordinated Disclosure Timeline Vulnerability Reported:| 11 June, 2020 14:51 GMT ---|--- Vulnerability Verified:| 11 June, 2020 14:59 GMT Website Operator Notified:| 11 June, 2020 14:59 GMT a. Using the ISO 29147 guidelines| ![](/images/done.png) ---|--- b. Using publicly available security contacts| ![](/images/done.png) c. Using Open Bug Bounty notification framework| ![](/images/done.png) d. Using security contacts provided by the researcher| ![](/images/done.png) Public Report Published [without any technical details]:| 11 June, 2020 14:59 GMT Vulnerability Fixed:| 10 September, 2020 06:43 GMT ---|---

{"id": "OBB:1192676", "type": "openbugbounty", "bulletinFamily": "bugbounty", "title": "standaviet.vn Cross Site Scripting vulnerability OBB-1192676 ", "description": " \n\n\nFollowing coordinated and responsible vulnerability disclosure guidelines of the **[ISO 29147](<https://www.iso.org/standard/45170.html>)** standard, Open Bug Bounty has: \n\n&nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; \n&nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence.\n\nAffected Website:| **[standaviet.vn](<http://standaviet.vn>) ** \n---|--- \nOpen Bug Bounty Program:| **Create your bounty program now**. It's open and free. \nVulnerable Application:| Custom Code \nVulnerability Type:| **[XSS (Cross Site Scripting)](<https://www.owasp.org/index.php/Cross-site_Scripting_\\(XSS\\)>)** / CWE-79 \nCVSSv3 Score:| 6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N] \nDisclosure Standard:| Coordinated Disclosure based on **[ISO 29147](<https://www.iso.org/standard/45170.html>)** guidelines \nDiscovered and Reported by:| **xav0 ** \nRemediation Guide:| **[OWASP XSS Prevention Cheat Sheet](<https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.md>)** \nExport Vulnerability Data:| Bugzilla Vulnerability Data \nJIRA Vulnerability Data [ Configuration ] \nMantis Vulnerability Data \nSplunk Vulnerability Data \nXML Vulnerability Data [ XSD ] \n \nVulnerable URL:\n\n![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAAA3CAIAAABVZQ1/AAAACXBIWXMAAA7EAAAOxAGVKw4bAAAO1UlEQVR4nO2df0gbZxjHrzbaQ6+tZmmaqmtTETuKZNI5F1hWxIlsRSQ4F1oJNitSbFklOHFVRhHZ0uJUSidShituk20MKUHK6ET2IxMZzkmqzrrMiqZpmg1NYxfam013++Pg5Xq/8iYm0c7n85fv3Xvv+32+eS/P3Xtvzi0MwxAAAAAAEAeS1lsAAAAA8L8FcgwAAAAQLyDHAAAAAPECcgwAAAAQLyDHAAAAAPECcgwAAAAQLzZEjtm/f/+NGzekipsccCMBgMn/b27cuHHq1CmZCo8ePTp27Niff/6ZMEmbh/XPMVNTU//+++/zzz8vWtzkgBsJAEz+32OxWLRarUyF5OTklJSUxsbGRCnaRITJMYuLi9u3bxfdtbKycv78eakiPoODgxUVFVJF+U7XwuLiYkZGRqSHSLnBJYYi5d2IEzJh3rt376233tq1a1dWVta777776NGjBGsTBfNzkSImJsdqbKB2ohifawcnihgO7/jBFbm8vDw5OWm1WtHef/7559ixY7xIrVbr8PBwQlVuEhhZFhYWKIrC2SVTU56ioqKhoSGpIr6eSFlYWEhPT4/0KJqmcVqOlUh5N+KEjP6Kiorq6mqPxzM7O2swGM6ePZtgbaKs0fBYmRyTsYEqRDc+107YKGI4vOMHVyRPME3TxcXFVVVVvCieirieRtZ5ruzu3bsul6u4uFi0uAHZtm1bwvraaG48fPhwYmLi448/zsrKOnDgQFdX18DAwHqLIgiCUCgUeXl50R0bQ5NjMjZQLGsJai0kcoSvCz6fr7S0tKOjY72FbBrkUxCb2y9evKjVapVKpdlsDgQCDMMEAgHUQl9fH7fY2dlJUVR7e7tarU5PT6+pqXnw4IFU+5cvXzaZTKLFsbExg8FAUVRmZmZlZeXMzAyvU7aOXq8nSVKlUlVVVXk8HqS5o6NDq9Wmp6dXV1ezmhmG8Xg8ZWVlFEXl5eXZbDZ0nSjajslkev/995E2vV7Phoa20DR94sQJiqL27t177ty5UCgkdAZVFrbW19cnIzWsGzIaZGyx2WwqlUqj0fT29jIMEwqFzp49q1arU1NTq6qqlpaWZD50Hl988cXhw4eRq6mpqTk5OV1dXayrwttc5LaoZqG87u7usrIy1EJLS0tNTY3EOHqC69ev41fAMVnoklCt8MJZeAoIx0ZYqVFEJBoFTgjMk3dRUYcgdaxoj8Fg8OTJkyqVKjs7u7W1lTsY2PMiNTXVZDItLS01NjaqVCqlUmmxWILBIL5I0RsU4Uap+xjMzwiQInyOIQjCYrF4vd65ubmSkpK6ujp21+zsLEVRNE2zwwIV5+fnCYKoqqpyu91zc3P5+fmtra1S7R85cqS/v1+0qFare3t7/X7//Px8V1fX/Py8sNPLly9fuXIlEAj4fD6r1Wo0GpHmmpoar9frcrkMBsPp06fZNo1GI1cY+tYTbWdgYKCwsJCt4PV6SZKcmprijsKWlpajR4/Oz8/PzMwUFxd3d3eLOsMibC0QCMhIxXFDSoO8LT6f7/r167OzswzD2Gy2wsLCyclJj8dTX1/vcDjkP3TE7OxsZmbm2NgYz1WdThc2x4hqFsrzeDwkSd6/f589Kj8/3263MwyjEsDTptFoSkpKxsfHBcONGRsbKykp0Wg0EZksdEmolpdjpE4B3tiQkRp1RKJR4ITAPJljog5B6ljRHk+cOFFeXu52u6enpw8dOnTp0iVU02w2ezwe9rxQqVTsgGRvOuvr6/FFRp1jhN4CUYCVY9B5Pjo6mpOTg3aJPo9hD3G73ez2q1evou9Wt9ut1WrRIcFgkKIov98vLPr9foVCIZwalpkznZubY0cDT/PIyAirORQKkSTJFSY6343aefDgwY4dO9j6PT09FRUVvN5VKhV7PcUwjNPpLCoqkhEpbE1GKqYbMhqkbEFus6jV6omJCd4hMh86i8fjycnJ+eqrrxhpV2VyjKhmUXl6vX5gYAC1xjrgEcDTHwwGbTabUqk0mUwul4vd6HK5TCaTUqm02Wyod0yThS4J1QpzjOgpwLNFVKoQ/IikosAJgcE7i8OGIHWssMdQKERRFMrlg4ODer0e1UR3zyMjI0lJSWg6ZHR0NDc3F19kFDlG1FsgOiJ75s/9ppDJMSRJou0zMzNqtZr9OxQKeb1etOvq1aslJSVSxaNHjxYUFDQ0NHR0dPzwww+inU5MTJSWlmZmZrI30fLfbuzdA1cYikW0HVYDe2FVWlra39/Pbdnv9xMEgS6llUolClMqEfJak7cXxw0pDTi2MAwTCAQUCgX3ZktUv/Dhs16vZwORcVWqESnNoqZduHDBYrEwDNPd3c2dU8XB7/cbjUaFQsEWFQqF0WjkTfrhmCzqkvw3lMwpIBomT+paIhKNAjMEBu8sDhuC1LHCA71eb0pKCiq6XC50PSQzAlERU2QUOUbKWyAKEvrMf+vWrXv27EFF+VXLX375ZW9vr06nW11dbWhoOHPmjLBBo9F4+PBhh8PhdDq/+eabqIVJtWMymex2+71798bGxnjLW2maTkpKGh8fdzqdTqdzcnLS6XTK9yLTmhAcN6Q0RGTL1q1b5SvwuHv37uTkpOjHgUNEvlVWVrL6r127VllZyW7cJUB44K1bt95++22Hw9HW1sZuaWtrczgcp0+fvnXrFqqGP+QidQkfoVTMaqIREdJRrHsITxFS3gLRIJ+CoruPITg3sHa7Hd3AcgmFQiqVCt0m84o8nE5ndnY2r9O//vqLe+nndDrlr6B5szp2u53dLtUOwzA0TSuVyosXL1ZWVgpbpihKONEkrIbgtSYvFccNUQ2YtrCo1Wqn0ymvn3cVGQqFuMKkXL1//35SUhJ3GhA1IuqblGn5+fnDw8Pp6emoqbBzZXV1dRRFNTQ0sEsYEEtLS1arlaIo9vESvslCl8Lex0idArwDpaRGF5FMFDghMHhncdgQpI4V9igzV4Z5H4MjMrrnMWG9BTCJPscEg0GFQoFmh1ERPYjzeDzT09MFBQXcZ/5optjhcOTn56PtvOLMzMxrr7323XffLS0tud3u2tra8vJyYadqtbqnpycQCLhcLqPRGPZJAPt0GglD20XbYamurt6xY8fXX38tbLmurk6v109PT3u93vb29ra2NqEzvJlxbmsyUjHdkNKAYwuLzWYrKipiHwWzl6LyBvI+RHlXi4qKamtrfT4f+9gWbRfVLJVjzp07p9PpULw4mM3mhYUFqb0LCwtms5mJxGShSzg5RvQU4A1geamRRiQTBU4IjCDHRBeC1LGiPdbW1lZUVAif+ePnmLAi3W43d0qNFylibm5O+ICW6y0QHdHnGIZhWltbU1NT0Qpdtsgu8L1w4YJw7TK3tcbGxpaWFtQUr7i6utra2pqXl5eSkqJWq81ms8/nE3bqcDgKCwtJktRoNA0NDWFzDHftckdHB9ou2g6L3W6nKIq7+BLtomnaarVmZ2enpqYeOXKEe0XMtYLrJ7c1Gan4bohqwLGFJRQKNTU1qVQqkiSNRiN37bKogcIi8+TaZa6r7Jo0iqIOHjx46dIl7t2hULNUjmFn0rirwGMFvslCl8LmGKlTgBGcNbFFKgqcEJgnc0zUIUgdK9qjzNplboNSOQZHJE3TJEnyllQIxQwMDOh0unAGAxETJsdEgdSXBY+8vLyff/5ZqrjJeXrdEGagNRIMBkmS5C1/ignxMxnzFNjIrCWEhIWP31F9fT13cYcQmqa1Wi37kx0gtigS+vCHw++//y5T3OSAG4ihoSGDwRCPN3eByZuHjo4O+SU527Zt6+/vf/nllxMmafMQwboyeP85kGBWVlbYVcvrLQR4uklOTn7xxRfl60CCiRO4OQbefw4kHjTPvt5CAACIki0Mw+DU++CDD3w+30cffRR1T4uLi/n5+X///bd8tZWVlZ6enubm5qg7AgAAADYIuPcxa/8fG/v27VtaWgpbLRAI2Gy2tXQEAAAAbBCwckys3n/+v39tOAAAAMAFK8cMDg6WlZUlJycTBPHLL7+88sor27dvz8rKeuONN27evEkQxOPHj5ubm3fv3p2Wlvbmm28uLy+z/1Dv/Pnzu3bt2rNnzyeffML9F3vs3x9++OHu3bszMjKOHz/+8OFDgiBWVla0Wm0wGNyyZcunn35KEMS3334br9ABAACAOIObY9BEWXl5ucVicbvdIyMjBoOBJEmCINrb24eHh4eHh10uV2Zm5szMDEEQwWBwdnZ2enq6r6/PYDDw2gwGg2NjY+Pj4+Pj4xMTE+3t7QRB7Ny5E72U22w2EwRhsVheffXVX3/9NYYxAwAAAAki7C9ocN5/vu4vPwcAAAA2IOHvY4aGhoqKitgfwWVkZFRVVen1+nfeeaezs/PHH38kCGJlZcXv9+t0Ot6BFEXJ/HSOJMlnn32W/fu5555zu92i1dLS0pqbm+fm5lZXVw8ePIiRNAEAAICNQvgcg/n+c3hzOAAAAMAjTI55/PjxtWvXeKuWX3jhhePHjzc3N1+5csVut+/cuVOpVEb6CgCapm/fvs3+7XK59u7dK1rt1KlTBQUFGo3G5XLBj2YAAACeLsLkmNHRUY1Gs3//frZ48+bN119//fvvv19eXr59+3Z3d3dBQQFBEFar9eTJk1NTU3fu3Dlz5sxPP/2E03dDQ8OdO3d+++231tbW8vJydqNKpaJp+o8//mCLwWBwenq6s7PzmWeeiTJEAAAAYJ0Ik2N4E2W5ubl6vb6uri4zM7OwsJCm6d7eXoIgmpqaiouLS0pKcnNzPR4PzoMTiqIKCwsPHTpkMBh0Ol1TUxO7PS0t7b333isoKGDXLn/++ef79u2LPj4AAABg/QjzLpkDBw589tlnL730Umx7xXyvDAAAAPBUE+bd/vD+cwAAACBqIni3PwAAAABEBOQYAAAAIF7gvtsfAAAAACIF7mMAAACAeAE5BgAAAIgXkGMAAACAeAE5BgAAAIgXkGMAAACAeAE5BgAAAIgXkGMAAACAeAE5BgAAAIgXkGMAAACAeAE5BgAAAIgXkGMAAACAeAE5BgAAAIgXkGMAAACAeAE5BgAAAIgXkGMAAACAePEfrfHx4CvHhL8AAAAASUVORK5CYII=) \n--- \n \n**Screenshot:** ![standaviet.vn vulnerability](/twimages/screen-1192676.jpg)\n\n**Mirror:** [Click here to view the mirror](<http://1192676.openbounty.org/mirror/>)\n\n### Coordinated Disclosure Timeline\n\nVulnerability Reported:| 11 June, 2020 14:51 GMT \n---|--- \nVulnerability Verified:| 11 June, 2020 14:59 GMT \nWebsite Operator Notified:| 11 June, 2020 14:59 GMT \na. Using the ISO 29147 guidelines| ![](/images/done.png) \n---|--- \nb. Using publicly available security contacts| ![](/images/done.png) \nc. Using Open Bug Bounty notification framework| ![](/images/done.png) \nd. Using security contacts provided by the researcher| ![](/images/done.png) \nPublic Report Published \n[without any technical details]:| 11 June, 2020 14:59 GMT \nVulnerability Fixed:| 10 September, 2020 06:43 GMT \n---|---\n", "published": "2020-06-11T14:51:00", "modified": "2020-07-11T14:51:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://www.openbugbounty.org/reports/1192676/", "reporter": "xav0", "references": [], "cvelist": [], "lastseen": "2020-09-12T07:47:44", "viewCount": 2, "enchantments": {"dependencies": {}, "score": {"value": 0.7, "vector": "NONE"}, "backreferences": {}, "exploitation": null, "vulnersScore": 0.7}, "openbugbounty": {"patchStatus": "patched", "mirror": "http://1192676.openbounty.org/mirror/"}, "immutableFields": [], "cvss2": {}, "cvss3": {}, "_state": {"dependencies": 1645482692, "score": 1659818015, "epss": 1678895942}, "_internal": {"score_hash": "994ee61154245556dd6cb9ec3eb0324f"}}