Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:
      a. verified the vulnerability and confirmed its existence;
      b. notified the website operator about its existence.
Affected Website: |
grantlawoffice.com |
Open Bug Bounty Program: |
Create your bounty program now. It’s open and free. |
Vulnerable Application: |
Custom Code |
Vulnerability Type: |
XSS (Cross Site Scripting) / CWE-79 |
CVSSv3 Score: |
6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N] |
Disclosure Standard: |
Coordinated Disclosure based on ISO 29147 guidelines |
Discovered and Reported by: |
xav0 |
Remediation Guide: |
OWASP XSS Prevention Cheat Sheet |
Export Vulnerability Data: |
Bugzilla Vulnerability Data |
JIRA Vulnerability Data [ Configuration ] |
|
Mantis Vulnerability Data |
|
Splunk Vulnerability Data |
|
XML Vulnerability Data [ XSD ] |
|
Vulnerable URL:
![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAAA3CAIAAABVZQ1/AAAACXBIWXMAAA7EAAAOxAGVKw4bAAAQZElEQVR4nO2dfUxb1fvAj1CgQHkvHYNOXkRGloU1iIgRDdmWiUhIp2xORGHZwtjCEJEh4BIRI1sYbL4SY5iBzUT/MAshZEGCUyshe0G8sMq6yrCUUnACwuy2wsru94/z8+b+7lsvLWXAns9f55w+55znec7pfXrPbZ8+QpIkAgAAAAAX4PagFQAAAADWLBBjAAAAAFcBMQYAAABwFRBjAAAAAFcBMQYAAABwFRBjAAAAAFexcmNMdHR0f38/XxVY28ByLwPgZGAZWKEx5urVq/fv39+yZQtnFVjbwHIvA+BkYHmwE2NGRkb8/Pw4X5qdnT127Bhf1Una2tqysrL4qqsduq8EPLwkvPXWW97e3i0tLfSyqyd1kuVfbicd4kD3f/75Z+/evaGhoREREe+88869e/dcPSODJXGyGDXsXhmoQUZGRoKCgpxUabEsiQmAEKQgBoNBJpOJeUlA0gGSk5M7Ozv5qqsduq+W1m8MJicn3dzcCIKw2Wz0MkmSVqvVRZM6z/Ivt5Or4ED3rKysnJwck8mk0+lSU1MrKipcPSODpXKy3Y1kV1VKwGAwBAYGOq/SYnHeBECAlXhWNj4+rtfr09LSOKuAeCwWi4+Pz5YtW9zd3ellhJCXl9eD1o6bh2G5796929fX9+WXX0ZERGzcuPHkyZPffffdokaQSCRxcXEOK7CETnZ+I1G2OGmUw6zY98LaQFSM+fjjj6Ojo0NCQl5//fXZ2VmE0OzsbFRUlMVieeSRR1paWujVkydP+vn5nThxYt26dUFBQXl5eXfv3sXjXLly5dlnn/Xz84uIiHj55ZevXbvGOV1bW9uOHTs8PDwY1Z07d544cQI39vf3e3l5YWUQQgcOHDhy5IiwwOOPPy7cnaHG+Pj4iy++6OfnFx0d3dDQgO/i8Z31sWPHQkND169ff/r0aWzX008/7e3tHRoaumvXrrGxMSzW0NAQHR0dFBT02muvUXMxXMeYlD2UXasRQrdv3z5w4EBoaOiGDRvef//9hYUFhNDU1BQ10eeff06flH4+sLCwUFlZuW7dOl9f3127dk1NTeH2ubm5ffv2+fn5RUZGvvfee3hMOpwdOTWhe8PX1/eVV16Zmpo6cuRIaGhoSEjI3r17b9++zbn6fBuGUze26/jWi89k9j5ngEfj3Nuc3fnkvb29R0dHfX19ccehoaHw8HCE0NjY2PPPP+/r6/vYY4+dOnVK4OAoIiLi119/parff/89nySngF0ns13E6Un6MRenpezdzlaVsiUiIuLSpUsiLaLLiDQBce2HJTEBEMB+jLFYLARB9PT0XL582Ww2V1RUIIQCAgJ0Op1MJrNarbm5ufTqzp07LRbL5cuXe3t7e3t7+/r66urq8FCZmZn5+flGo7G7uzs1NVUqlXLOyPcwJjMzs6urCze2t7ffv3+/o6MDV7u6ujIyMoQF1Gq1cHeGGkVFRZ6enkNDQ11dXWfOnKE7RKfTabXa5ubm1NRUhFBfX19BQcHExIRWq1UqlUVFRVhsYGAA+81oNFZVVeHuDNcxJmUPZddqhFBxcbHZbO7r6+vo6Ghra2tsbEQIhYSEUBMVFhbyTVpXV9fV1dXV1aXX68PDwwcHB3F7TU3NnTt3BgYGOjo6NBrNF198wVCVsyOnJui/XdTd3U0QhNlsjo+Pn5ycHBgYuHjxosFgoJzDWH2+DcOpG+cqcK4Xp+ac+5wN397m684nT3H9+vWysrL6+nqEUFFRkb+/v06n6+zsbG5upmRCWTAGyc/P37ZtGz3qUFy5cmXbtm35+fn0RrtO5nMRw5N2PcPe7QKqirSIbZR4E4StWFoTgP9D+CjNYDAghG7duoWrPT09MTEx1Eucz2NwF6PRiNvPnTuXlJREkuT09LREIuE8+jQajVFRUbhssVhkMtn09DS7ajabfXx88AjJycmlpaU5OTl4Rn9///n5eWEBo9Eo3J2uks1mk0qlw8PDlBX4pBhbR6nHZmhoKCwsjOG37u5uym+k6OcxeCi7VttsNplMRqna1taWkpIiPBG9rFAo+vr62LPL5XKLxYLLBEEkJyczBNgd+TTB3piZmaG84ebmdufOHVzt6emJjY3FZfpyC2wYu7ph15E868XWXGCfs8XYe5uvO588hclkiomJ+fbbb8n/thxdmHo4YWLBUMxisdTW1gYHB+/evVuv1+NGvV6/e/fu4ODg2tpayl2kOCfzuYjhSbvvepK1wzlVZcMnxjZKvAmcVrjOBACzuGf+9IdyAjFGKpVS7YODgwqFApf37NmjUqlKS0vr6+t/+uknSsZms5nNZlw+d+7c1q1bqZcYVZVKdeHChYmJCaVSOTMzo1AobDZbU1PTSy+9JEbAbncKs9ns6elJt4KKMeyQ0NfXt3379vDwcLlcHhwcHBgYKOA3UjDGsIeyqzZDVb1ejy+vAhNR5ZmZGYlEgr8FQGd6ehohJP+P4OBgahExnB35NLHrDarKWG7ODcOnG6fr2OvFqbmwhvR2zr3N113gvYBJSUn55JNPKO8xhBf7AHx6elqtVkskElyVSCRqtZoK7RR2nSzGRYxGAUs5OzJUFWkRn1EiTeBUxtUmAMv6zP+bb75pampKSEiYn58vLS09fPgwbnd3d1+/fj0uC39rOSMjo6urq729PTMzMyAgQKVSaTQa+kmXsIDd7o6hVqufe+45jUZDEMT58+eXfCgXqU2BvwVAx2q1urm59fb2EgRBEMTAwABBEGI6OgljuTk3DJ9ui1qFJdfcAcbHxwcGBqh3gQB2z8oQQjdu3CgqKtJoNDU1NbilpqZGo9EcOnToxo0bdEkxTkaudBFbVfFinEatWBMAhBb53WWR9zGIdsvZ2trKOB/AEAShVCoZjTabTS6XU4ctjCpJkj09PcnJyVlZWefPnydJsrGxsbi4GB8oiRGw252uiVQqNRgMuEo/K2N8orl58yb9swxBEA7fx3AOZVdt58/KCIIgWchkMs4zNAp2R4GzMjH3MezlpkPfMGzd+FzH+QmUrbn4+xjOvS1wHyPwXrDZbHRjGWdlra2t4s/KCgsLZTJZaWnp5OQkvX1ycrKkpEQmkxUWFlKziHGyXRcxGgUsZXTkU1WkRZxGiTSB0wrXmQBgHI8xFotFIpFQx5FUFS9Vdna2yWTSarUqlaq6upokycHBwfT09AsXLkxOThqNxv3792dmZlIj4+NUjUazefNmqpFRxSgUCoVCgeVNJpO/v79KpRIvIPwq/VQ3OztbrVYbDAatVpuQkCB8zWpsbJyZmdHr9Wq12m6Mobvu1q1bEolEp9Ph+3r2UGLU3r9/f1ZWltFo1Gq1iYmJ1PGLmBhTW1ubnJw8MDBgMpnwRzPcXlhYmJKSotVqzWZzXV1dTU0Nwz+cHTk1ERljGMstsGE4deN0Hed6sTUX1pCymm9vC8cYtjx7ZIxaraYLiz8ry83NpT4PsTEYDLm5ubgs0sl2XUSNTL9Ac1rKuFAIqyrSIrpR4k0gRcSYJTQBwDgeY0iSrK6u9vHxaW5uplcbGhpkMtnx48cVCkVgYOAbb7yBn+7Oz89XV1fHxcV5enoqFIrc3NyJiQnGLGVlZVVVVdT4jComJycnOzubqiYlJTFkhAUEXmUYOzExkZmZKZPJoqKijh8/LnDN0mg0SUlJUqk0LCystLTUboxhuK6iooIqs4cSY5TFYikoKJDL5Uqlsrq6mjqGFhNjbDZbeXm5XC6XSqVqtZr6aGa1WktKSpRKpY+PT0ZGxvDwMMMozo6cmoiMMYzlFtgwbN34XMe5XmzNRd6v4zJ7bwvEGE55Tj+QJGkymXbs2OHj4xMTE1NfX++KHySKdLJdF9EdYtdSxoViaRFvAmkvxjwoE9Y2dmKMA3DuRZHExcVdvHiRr/oA0el0jKe1wJKzcpabj8XubWfeC3zndU7iIic7Y+kKYQ2YsDKRLO/THztcv35doPoAIQgiJibmQWuxxlk5y72GAScDy8xKzCUjQH9//8GDBwUE7t279+qrr/71118iBxRIb/7BBx+cPn3677//vnTpUlVVVWFh4aLVBQAAeLhZZTEmPz8/KipKQMDDw8PT07OsrEzMaMLpzdPS0hobG5VKZW5ubnFxcV5engMKAwAAPMw8QpLkg9ZBiNnZ2cbGxsrKSoTQ1NSUQqG4c+cOlcNubm4uPz+/vb3933//pbr89ttvGRkZ4+Pjdgf/8MMPJyYmPv30U2c0HBkZ2bx5M10BYSsAAAAeHlb6fczMzExtbS0u48zB9ACTnp5us9kYXYKDgy0Wi5jBl+QvNCIjIycnJ4Vl6FYAAAA8PKz0GCPAxMTE9u3bcTJBB1hR6c0BAADWJKL+B5Od75oz0Tc7r7vIpO7is2rTiYyMfPfddxdlLT0ptwPpzTkNh9zgAAAAfIjK7c+XzJyRIpszr7vIpO4is2o7DDvDuWPpzTkNF/YV5AYHAODhRfjnMwbBZOb0FNmcuaoM4pK6881CCqYo5mtktHBmOHcsvTmn4Xz5jiA3OAAAgP37GKlUumHDBlyOj483Go24LJPJ6P/Td/Pmzfn5+ejoaEoSX3NlMllAQABuVCqV/v7+3t7euBoeHk49LeebxXk2bdo0Pz8/PDxcWVlJ/fNgZ2dncnIy1j8oKCg7OzslJeXtt99uaGj4+eefEUKzs7PT09MJCQnsARmG0xFpha+vb2Vl5dDQ0Pz8/KZNm5y3EQAAYGWyip/5i4QzGfhqSW8OAACwqrEfY6xW6+joKC7r9fpHH32UU0yhUHh6ev7555+4qtPphH8s6dgsDlBZWanX6xUKhUqlwjkCFhYW2tvbGd9afuKJJ/Ly8iorK7/66qvW1taAgIDg4GC+FABOWnHw4EGVShUWFqbX6+FHMwAArGFE3ceUlpaOjY39/vvv1dXVmZmZnDLu7u579uwpKSkZHR3Fkjk5OYtShXMWuVxutVr/+OMPhJCbmxv71zBsbDabRPL/8rCFhIScOnVKq9Xi38309PSEhYVRx3rXrl174YUXfvzxx6mpqdHR0c8++0ylUiGESkpKCgoKrl69OjY2dvjw4V9++WVJrEAIWSwWrVbb0NAQEhIiZkwAAIBViv0YI5PJkpKSEhMTU1NTExISysvL+SQ/+uijsLCwxMTE9PT0rKysQ4cOideDbxZfX9+jR4+qVKqWlhaFQoEQoq7UfBAEwXkDERkZefbsWcQ6KIuNjU1JSSksLAwPD09KSrJarU1NTQih8vLytLS0rVu3xsbGmkwmMQ9OxFiBEDp79mxkZKQYtwAAAKxq7OSSEZMoxXnEz/Lmm29qtdoffviBT2Bubi4+Pv7o0aP79u3jk9m4ceOZM2eeeuopB9XlYXl8BQAAsIpYWbn97VJfX8/5x/IUXl5eX3/99TPPPCMgA+nNAQAAlodV9r0yDw+PJ598UlhGOMAAAAAAy8YqizEAAADAKmKl5/YHAAAAVi9wHwMAAAC4CogxAAAAgKuAGAMAAAC4CogxAAAAgKuAGAMAAAC4CogxAAAAgKuAGAMAAAC4CogxAAAAgKuAGAMAAAC4CogxAAAAgKuAGAMAAAC4CogxAAAAgKuAGAMAAAC4CogxAAAAgKuAGAMAAAC4iv8Beac+n614uIoAAAAASUVORK5CYII=)
Screenshot: ![grantlawoffice.com vulnerability](/twimages/screen-1193136.jpg)
Mirror: Click here to view the mirror
Coordinated Disclosure Timeline
Vulnerability Reported: |
11 June, 2020 17:23 GMT |
Vulnerability Verified: |
11 June, 2020 17:37 GMT |
Website Operator Notified: |
11 June, 2020 17:37 GMT |
a. Using the ISO 29147 guidelines |
![](/images/done.png) |
— |
— |
b. Using publicly available security contacts |
![](/images/done.png) |
c. Using Open Bug Bounty notification framework |
![](/images/done.png) |
d. Using security contacts provided by the researcher |
![](/images/done.png) |
Public Report Published |
|
[without any technical details]: |
11 June, 2020 17:37 GMT |