Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:
      a. verified the vulnerability and confirmed its existence;
      b. notified the website operator about its existence.
Affected Website: |
risquesnaturels.re |
Open Bug Bounty Program: |
Create your bounty program now. It’s open and free. |
Vulnerable Application: |
Custom Code |
Vulnerability Type: |
XSS (Cross Site Scripting) / CWE-79 |
CVSSv3 Score: |
6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N] |
Disclosure Standard: |
Coordinated Disclosure based on ISO 29147 guidelines |
Discovered and Reported by: |
xav0 |
Remediation Guide: |
OWASP XSS Prevention Cheat Sheet |
Export Vulnerability Data: |
Bugzilla Vulnerability Data |
JIRA Vulnerability Data [ Configuration ] |
|
Mantis Vulnerability Data |
|
Splunk Vulnerability Data |
|
XML Vulnerability Data [ XSD ] |
|
Vulnerable URL:
![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAAAjCAIAAADNIk3yAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAHdklEQVR4nO3aX0hT7x8H8ONcteZZOdumroXOoCKivBj2B6PwwiwkjPKq9QcKL8JAhoh50yjI0Cz6A3kTrG66C/EqRAhMdmFrLf//I3I5NZmz2cHmmNv34sDhsHPOs6Nfj+v3/b1fV3vOzvM+n/Px1LM9mpFIJCgAAAAFqNJdAAAA/GdhjQEAAKVgjQEAAKVgjQEAAKVgjQEAAKVgjQEAAKX8FWuM1Wr9+vWr1BA2B9oOABsu/WvMwMBAPB4/cuSI6BA2B9oOAEpIscZMTU3pdDrRt8LhcHNzs9RQvs7OzvPnz0sN5VTyd1p3Q0QpfftSbV8T5Yr8n/vpAwBr/d9jfv369eDBA6mhfDLXmIKCgmAwuI78dFl3Q9JiQ9YYAIAkad4rm52dHR8fP336tOgwybZt2zatsP8r5LYDAKybrDXm6dOnVqt1165dV65cCYfDFEWFw+HCwkKGYTIyMl6/fs0fPn78WKfTtba25ubm6vX6a9eu/fnzRyq5s7OzvLx8y5YtSUN2b6S5udloNObn57969Yq/W/Lp06eTJ0/qdLrdu3dfvHhxZGSEPR4IBM6cOZOVlbV3794nT57o9XpKsM0yNTXFHqcoamVl5caNGzqdrqCg4O7du6urq1L5bEhbW5vVatXr9ZcvX2b7wJ58/Pjx7du3G43G6urqQCAg7I9UDcLbJFTFJ9UBLn9NsYS2Eyaurq7euXMnNzc3Kyururp6YWFB6mmR6rbo5aRipZLltAsA0iX1GsMwjM/nc7vdfX19MzMzjY2NFEXt3LlzdHSUpulIJGK32/nDCxcuMAzT19fn8Xg8Ho/X621paZEKJ2yUMQwzOjo6ODjocrlKS0v5syorK69fv+73+3t7e0tLSzUaDXu8trZ2x44do6OjXV1dLpcr5a3du3dveXm5v7///fv3PT097e3thHyGYfr7+9k++P3+pqYm9mSv11tTUzM3Nzc4OGixWGpra4X9Ibc36TalqpLTgfXFktsuNbGlpaW7u7u7u3t8fNxsNg8PD1MSTwuh28LLicYSkuW0CwDSJkH0/ft3iqKWlpbYodvtLioq4t6iaZp/Jjtkp/j9fvb4u3fvbDYb+9rv9xcWFnJTGIahaToUCgmHbAj3Fj8/FAqp1epIJJJUaiwW02g0/OtmZ2eL1skeTyQSBoOBYRj2tc/nKykpkcpP6kNvby/XB77Jycm8vDxhf6RqEN6mVFX8BKkOJFUrJzaRqu2EiSaTyev1ErrEf1pEc0QvJ4wlJ0uVBwB/A3XKRYimaW6fx2w2h0KhlFM0Gs2ePXvY1wcOHPD7/dx0t9vNndbV1VVSUsLtXCUNaZrmXvPp9fpLly4dO3asrKzMbDbbbLZTp05RFDU/P09RFP+65CIXFxeDwWBhYSE7jMfjarWakM/vg8Vi4frw5cuXhoaG4eHhaDQaj8fj8XjK/vAl3aZUVXI6sL5YctulJobD4VAodPjwYeF1RZ8WqZyky0nFSiXLaRcApNGm/oPMzMzMz8/nhjL/okzo7du3nz9/HhwcnJmZcTgcJ06ceP78+VqLiUQiKpXK4/Fw/yupVCqp/Pr6eqmcqqqqmzdvtre3azSa6enpioqKtVYisyq+tXaAEEtuO7mezMzMf3Nf0WhU9OR/GStzLgBsBvLXHMJGk8y9so6ODm6vjC8WixkMhm/fvokOk8JFj7B8Pp/FYkkI9so6OjrYUpeWllQqFX+bi7sFmqaF2zKi+VJ9mJ+fV6vV/JNF+yNVg+hNiVYldfv8DpBPFo1N2XapiYlEwmQy+Xw+wnX5T4tojujlhLHkZDk/RABIl/V/6DMYDJFIZGJiQnTocDgCgcDQ0JDT6aysrORmrayssC/cbndeXp7VahUdEoyMjJw9e/bDhw8LCws/fvx48eJFcXExRVGZmZkVFRX867Ln63Q6m83mcDh+/vw5MTHB/y203W6/devW0NDQ7Oxsa2vr/fv3CfmijEZjTk7Oy5cvw+HwxMQEd9GkhhBqEBKtKicnJxKJjI2Nra6uEirk2iszVk7bRSdSFFVXV1dTUzMwMBAIBG7fvv3x40dCCCEniUKxAJAe5CWI/MnU6XRqtVqXy8UftrW10TT98OFDk8mUnZ199erV5eVlYVp9fX1TUxMXlTQkfI+JRqNOp3Pfvn1bt241mUx2u31ubo49Z3p6ury8XKvVFhUVPXr0iCt1cnKyrKyMpumDBw8+e/aMOx6JROrq6iwWi1arPXfuHPtxXjSf0Ieenh6bzabRaPLy8hwOh1R/RGsQ/SAvWlUikWhsbGTTpDrA/yopMzZl2wn1xGKxhoYGg8Gg0WiqqqqCwSD5aRHmiF5OGCssjJ8sVR4A/A0yEonExi5aU1NThw4d+v37N/m0/fv3v3nz5ujRo6LDDSmjuLh4cXFxowL/kza87QAAfGn7I5yxsTHCEDYH2g4AisIf4QAAgFKwxgAAgFI2/vcxAAAALHyPAQAApWCNAQAApWCNAQAApWCNAQAApWCNAQAApWCNAQAApWCNAQAApWCNAQAApWCNAQAApWCNAQAApfwD9hkzO7Uka9kAAAAASUVORK5CYII=)
HTTP POST data:
![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAAAjCAIAAADNIk3yAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAI80lEQVR4nO3cb0gTfxwH8G8253A30m3ObIZ/EulBmESJkEGkhISIUFnSskVSK0qWWJQFrRFTzB7kg+iBgUHUkxDZIwMJGSKmJudaZiNlDllGc2icutnsfg+O33Hsbue57abZ5/XIO7/3vc/729d93E3aRpIkAgAAAESQsNEFAAAA2LKgxwAAABAL9BgAAABigR4DAABALNBjAAAAiAV6DAAAALFAj4lcTk7O2NjYRlcBxDI2Nnb16tVw3/39+3dNTc2PHz8Ezga7BfyboMdE6NOnT3/+/Nm/f/9GFwLEotfrs7Ozw303MTFRKpU2NjYKmQp2C/hnbeoeMz09rVAo1nXJz58/z507p1KptFrtzZs3A4FADCdnslqtlZWVEV8uvIaFhYXm5maB80xPT6empkZZ1boIXEYhKTYcs8i5uTm73W40GunvBgKBmpoaZlij0djb2ytk5rjtFvSXLDX4d2zqHhOB2tpamUzmcDhsNpvdbr9//75IN4rJq0ZWVpbX6+UfMz8/b7FYoryReIREQJs+BYVZJEEQycnJSUlJ1GEgECgvLw8Gg8zxSqWSIAghM8dtt6C/ZKnBv2NL9ZjFxcW+vr729vaMjIw9e/a0tLR0d3eHGyyRSPLz8yO70ffv351O59GjRyMslIF+FYsGnSWaUBGLSYRNbnZ2tqysrK2tLYJrN9tuASCe1ugx1Nvz5ubmtLS0jIyMFy9eIIQCgcClS5cUCkVWVtaDBw9WV1cRQsPDw0eOHFEoFFqt9uTJk1++fKFmYA/mnHN1dfXu3bvp6elyufz06dNzc3N0DU+fPs3JyVGpVOfPn19YWAg3LUJILpcvLy/L5XJqzMrKilQqDRdNq9V+/PiR+vrdu3drrhRzjNVqPX78eGJiIk9wdiJ2cOYzLoVC8fjx4/T09NTU1AsXLiwvLyOEFhYWsrOzCYLYtm3by5cvw5VKZ9FqtR8+fBAYih4QkwhRpgh3LeduWVxcvHLlSlpa2u7dux8+fEj961Mjnzx5kpOTI5fLz5w5Mzc3d+vWrbS0NJVKdfHixcXFxXUVyZSVlXXv3j3+9eRcWyTCbolyqQGIp7XfxxAEMTEx4XA4Ojs7S0pKEEJms3lpaclut/f09NhstufPnyOEKioq9Hq92+3u7+8vKSmRyWTU5ZyD2XO2trb29vb29vY6nc5du3aNj4/Td8dxfGBgYGhoyOPx3Llzh2faEI8ePaqtrUUIpbGEjNTr9aWlpXTLCTE8PFxaWqrX6+kzzEcf4YJzJmIHZ67z0NDQyMjIyMjI6Ohoa2srQmjHjh0TExMYhvn9fp1Ot2apAkOFJIpVhChTcF7Lecf6+nqPxzM6OtrT02O1Wp89e0aPxHG8v78fx3GPx7N3716v12u32wcHB10uV1NT07qKjEx8dkuUSw1A/JC8XC4XQsjn8zFPqtVqgiCor3EcLyoq8vl8EonE7/ezZ2AP5pxTo9GMjo5y3v3Xr1/U4cDAQG5ubrhpQ641mUxlZWXBYJAkyRmWkMEEQVgsFqVSWV1d7XQ66fNOp7O6ulqpVFosFvp2BEFgGEbVzxOcnYgd3OVyYRhGf8vtdlPnu7q6Dh48GDKGv1Q2zpHsRLGKEGWKcNey7xgMBjEMm5qaog6tVmtxcTE9cn5+njrf39+fkJCwtLREHQ4MDOTl5QkvMqRgzpMhh3HbLVEuNQDxtHaPCflJ8/l8CCH1/5RKpUajIUny7NmzhYWFDQ0NbW1tfX19PIPZc87Pz0skEqof8Nzd5XKlpKTw1EDr7u7Ozc31er3rWgufz1dVVSWRSOgzEomkqqqKftmidHV1HTt2jD7kDM6ZiB2c2WNkMhl9fnx8nE7E+WLHLlVgKM5EMYkQZYpw17Iv9Hg8UqmUPnQ6nTt37mSPpHdLyKHAIiPoMXHbLcJT0IRvGABia92f+fv9/oSEhJGRERzHcRy32+04jiOE3rx509HRUVBQsLKy0tDQcOPGDZ7BnLZv3x5lDZTPnz8bDIauri6VSkWdWfNZGUJocnLy+vXrNpvNbDbTJ81ms81mu3bt2uTkJH0y5G+EOIOvN9G6cJYqcCRnovhH4Kztb7c5dwvaiksN/ib8LYjzdyIMw9jPtZhwHM/MzAw3mHNOjUaD4zj/3Zm/mYarwefz5eXlvX79mnlyzWdlBoMBw7CGhgb2Wx+v12s0GjEMMxgMJEkGg0G1Wk0/qOEJzk7E/z4GMR59dHd3h3v0wVOqwFAhiWIVIcoU4a5l35HnWZnA9zFCiozgfQwZr90iPAW5ng0DgBgi6TEGg6G4uNjhcHg8ntbWVrPZPD4+Xl5e/v79e6/X63a76+rqKioqwg3mnNNisRQVFdnt9pmZGep3Lvbdma8a7GlJkgwGg2VlZfX19X4GIaug0+lcLhf/Ouh0OpIkbTbbvn376PM8wdmJ1uwxp06dmpmZcTgchYWFJpOJGkMQhEQioZ+kr1mqwFB0olhFiDJFuGs5d0tdXV1lZaXb7XY4HAcOHGhvb2eP5O8xaxbpdruZD6PYYUmS/PbtG/MW7LUVabdEudQAxFMkPcbv9xuNxszMzOTk5BMnTkxNTa2srJhMpvz8fKlUqtFodDrd7OxsuMGccwaDwdu3b6vVaplMVlVVRf3OxfOqwZ6W/P8Hj4nzJSAajY2NTU1N9CFPcHYi/h6DYVhLS4tGo0lJSamtraU/rCZJ0mQyJScnd3Z2xjZLbCNEmSLctZy7hSCIy5cvq9XqzMxMk8lEfZIhvMcIKdLv98tkspAPyUNu8fbt24KCAp61FWm3CE/BUxsA8bFGjwEh8vPzBwcHYz4t5yvpXyeaFHFbAeE3qq+vZ35cH8Lv92dnZ3d0dPDMINJuIbfKhgH/AonYn/dsMV+/ft3oEkCctLW18fyJSlJS0qtXrw4fPswzA+wWALbU/yUDQAwlJiYeOnSIZwB/gwEAIOgxAAAAxLONJMmNrgEAAMDWBO9jAAAAiAV6DAAAALFAjwEAACAW6DEAAADEAj0GAACAWKDHAAAAEAv0GAAAAGKBHgMAAEAs0GMAAACIBXoMAAAAsfwH7ftQCOB/CgUAAAAASUVORK5CYII=)
Screenshot: ![risquesnaturels.re vulnerability](/twimages/screen-1192930.jpg)
Mirror: Click here to view the mirror
Coordinated Disclosure Timeline
Vulnerability Reported: |
11 June, 2020 15:31 GMT |
Vulnerability Verified: |
11 June, 2020 15:44 GMT |
Website Operator Notified: |
11 June, 2020 15:44 GMT |
a. Using the ISO 29147 guidelines |
![](/images/done.png) |
— |
— |
b. Using publicly available security contacts |
![](/images/done.png) |
c. Using Open Bug Bounty notification framework |
![](/images/done.png) |
d. Using security contacts provided by the researcher |
![](/images/done.png) |
Public Report Published |
|
[without any technical details]: |
11 June, 2020 15:44 GMT |