Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:
      a. verified the vulnerability and confirmed its existence;
      b. notified the website operator about its existence.
Affected Website: |
reime-noris.de |
Open Bug Bounty Program: |
Create your bounty program now. It’s open and free. |
Vulnerable Application: |
Custom Code |
Vulnerability Type: |
XSS (Cross Site Scripting) / CWE-79 |
CVSSv3 Score: |
6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N] |
Disclosure Standard: |
Coordinated Disclosure based on ISO 29147 guidelines |
Discovered and Reported by: |
badmaxx |
Remediation Guide: |
OWASP XSS Prevention Cheat Sheet |
Export Vulnerability Data: |
Bugzilla Vulnerability Data |
JIRA Vulnerability Data [ Configuration ] |
|
Mantis Vulnerability Data |
|
Splunk Vulnerability Data |
|
XML Vulnerability Data [ XSD ] |
|
Vulnerable URL:
![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAAA3CAIAAABVZQ1/AAAACXBIWXMAAA7EAAAOxAGVKw4bAAAXe0lEQVR4nO2df0wUx/vHVziOE48fnnAi4EdARWMtpdRStGpMNdZQQs7WX0WKaIlSQ5UStWiMpZjij6LR0xBiaKOGqm0socZQ21LTnJRaVHLSC0WK5LieJ0VExJOeeLCfPybOdz67M7N75x2C33n9dTs7+8zMM8/tczu7995RPM9zDAaDwWB4AZ9n3QEGg8FgPLewHMNgMBgMb8FyDIPBYDC8BcsxDAaDwfAWLMcwGAwGw1uwHMNgMBgMbzF8c0xMTMz169dJm4xhxRDMzsDAwL59+/766y+vtjKUsJAWcP369Q8++EBczhw1ohmmOeaPP/4YHBx86aWXsJuMYcXQzI6vr+/g4OCWLVu82sqQwUJaTFZWVnR0tKCQOWqkI5Fj2tvbAwMDsbvu37+/Z88e0uZTcu7cubS0NNLm8IHin+HA03Svvb197NixcmrC2bl3797atWvDwsIiIyM//vjjx48fu9oi6C1sWtD/bdu2Wa3W33//XaYdmeVyePDgwebNmydNmjR69Ohp06bt27dvYGCAUv/IkSMxMTFjxox57bXXfv75Z3EFNKSPHDkyefJkf3//l19++fvvv5fTH08FXnt7+6gn+Pn5vfjii19//bV7dtzrDzxv3L17t7GxMS8vT1BBjqPQUfj6+sbExOzevRtOELoXcvjwYbDL19f30qVLgrHA8EMPmThx4vbt22FUi4cs+MpQYoBu2Y14GNbwVMxms1qtlrOLUtMNkpKSfvzxR9LmsMLhcDzrLtBwu3tmszkkJEROTTg7aWlp6enpVqu1ubl57ty5BQUFrrYIQgg27V5QkY56mhBdtmyZTqdrbm7u7OysqalZsGBBfX09qbJer4+Njb148WJXV9fZs2dDQ0Nra2sFdaDT9Hp9dHR0TU1NZ2fnqVOnNBqNwWCQ7I+nvm7AjsPhcDgcnZ2dZ86cCQ0NPX/+vHt23O4AxYIcR6Gj6OvrMxqNSUlJRUVF4r0Qp9MJdnEcFxsba7fb0S6h4QfNmkymOXPm7Ny5kzRk9CtDjwGKZffiYTgzHHOMzWYLCQnp7+/HbjKGBpk5Bs5OX19fVFQU/K7W19dPmTLFpRatVmtiYiL4kJSUhJa42nPP5pi+vj6FQtHT0yOzfkRExMWLF+FmWVlZamoqWgENaUHlQ4cOCSpj8WyOQUvKyspSUlKe3o6rB2ItyHSU+Nja2toZM2ZI9s1sNgcEBCQmJubk5KCFpJ84dXV106dPJ5lFvzL0GKBYdi8ehjOy7sccPnw4JiZm3Lhx77333v379zmOu3//fnR0tN1uHzVq1IkTJ9DNgwcPBgYGfv755+PHjx87duyaNWv+/fdfYOfKlSvz5s0LDAyMjIx85513/vzzT2xz586dW7x4sZ+fn2Bz6dKln3/+OSi8fv26v78/6AzHcRs2bNi6dSu9wtSpU+mHo30AF8J79uwJCwubMGHCF198wXHco0eP3n///cDAwEmTJn3yyScDAwPo9TL4fODAAXCBvHLlyrt3727dujUsLGzcuHFr1659+PAhqCm2g/UDanDs2LGrV6+GHeY47uHDhxs2bAgLC5s4ceKnn34KO4P2WXA5L+n/W7duvfnmm4GBgdOmTTt16hQsp3QYzs7o0aP//vvvMWPGgPLW1taIiAg5jUIiIyOvXbsGPoAFMVhC4YcffsCW79u3TxyBKFeuXJk9e/bo0aPDwsKWL19+69YtkvHBwUGO4xQKhbjCypUrP/vsM7g5e/bssrIym802d+5cWLhu3bqjR4+iR0Gn3b9/X1B5/vz5TU1NnNTskxBHhfzBApKSkkwmE6UJOaawASOOT/S88e2334rtyHEUFpVK5XQ6KaOA+Pj4nDx58vjx4z/99JNkZaVS2d/fL1lN3FtxDGAtuzrMEYF0jrHb7Uajsa6urr6+3mazFRQUcBwXHBzc3NwMLvcyMjLQzaVLl9rt9vr6+qtXr169erWhoWH//v3AVGpqalZWlsViqa2tnTt3rkqlwrZIuhmTmppaU1MDCs+fPz84OHjhwgWwWVNTk5KSQq+g0+noh4sH3tzcbDKZjh8/Dma9qKior6+vsbHxwoULBoOhrKwM66va2lqj0Wiz2aZPn97V1dXY2Hj58mWz2bxjxw5QTdIOarCxsRE432KxQAscx23atMlmszU0NFy4cOHcuXOlpaXYPqNI+j83NzcoKKipqam6uhrNMZQOY2+V3bhxY8uWLSUlJaRGw0SQPCBJVlbWwoULBanIbrdffQIagSgNDQ3r16/v6OgwmUxRUVG5ubno3itXrixcuDArK4vjuDFjxqSkpKxaterXX3+FPxQAK1asqKqqAp9v375tNBoXLFigUqngLySO4/z8/CZNmoQeBZ1mt9sFlYOCgnp7e+EoSLNPAhsVkoNF0Wg0sAPYaZJjihQwgvgUnDfEdmQ6SsCdO3d27typ0+kk3QV44YUXCgsL161bR8/i9+7d27VrV3Z2tqRBcW/FMYC17NIwRwz0yxywXtnb2ws26+rqYmNj4S7sWhk4xGKxgPLKyspZs2bxPN/d3a1QKLC3BywWS3R0NPhst9vVanV3d7d402azBQQEAAtJSUn5+fnp6emgxaCgoP7+fnoFi8VCP1w8cNgNQGhoKFwLAmu+qBPAIXBFpba21sfHp6+vD7oOrh2J7chxfm1tLXS+0+lUq9VtbW1g89y5c8nJyeI+o92j+B/aVKlU6MTBC39ShwWTBbBarbGxsWfOnKE0ahVB6pUkdru9uLhYo9GsWLGipaWFJ0cgZc2ktbU1PDwcfG5paVmxYoVGoykuLoaj7u3tLSgoiIuLUygUU6ZMKSwsBAv6fX19ILR4ni8tLU1LS0Nb2bJlS2hoaGhoKJw4gdPEXWpra4MLNaTZJ40FGxX0wdIXfCSnCZoS2MEGDPY7RVkrk+koaBm4WqPRqFSqnJwcGHXoXkBubq6gdafTmZycnJmZyf/vWhlq1sfHZ8mSJeKei10nGQMky/RhjlBcux+Dxh8lx6hUKlje1NSk1WrB51WrViUkJOTn55eUlPzyyy+wjtPptNls4HNlZeUbb7wBdwk2ExISLl682NHRERUV1dPTo9VqnU5neXn522+/LaeC5OGkgfM8393djUaqRqPRarWCHEPyFbqJtQPqoF8DukGbzaZUKuGulpaW8PBwbNCjJST/Q5uCiZPssGB2AMnJyXq9XmajnqK7u1un0ykUCp4cgQJvNDQ0LFq0KCIiAgwK+lahUOh0OtLdF4fDUVdXl5ycDO/9rlq1Cox30aJFFRUVVqsVtt7T02O1Wi9fvoxGAuo0tDKgtbVVcvbFewHYqKAPlp5jsGBNCX7NYAMG22dKjpHpKP7JbRWQBW02G0j/aBNwLwDmObTRlpaWgICAqqoqNFWgBxoMhsTExEOHDkm6TjIGSJbpwxyhYJaYvcfp06evXbtmMplsNlt+fv6cOXOOHDnCcZyvr++ECRNAHfpTyykpKTU1NW1tbampqcHBwQkJCQaDAV3poleQPJyCw+Hw8fG5evUqXJf38fGRszgrxw74YDQaXbXmEiT/06F0WLxQdvv27cbGxt9++43eqHhx7M6dO26P6+bNm7t27TIYDEVFRfKP0ul02dnZZWVlKpXKarUuWbIElBcVFZWUlGzcuLGoqGjy5MmCo/z9/WfPnq3X6zMyMnbv3s1x3IoVK44ePZqRkVFfX19ZWTk4OOhwOB4/fuzn5xccHBwcHNzZ2RkQEAAtoE4Dy0SgMijp7e0NCgpy2xWuDlZMd3c37AB2miRNUQLGJVxylI+PT2RkJMkUfS9g6tSpxcXF69evr66uxh4YGRmp1+vXrVu3efNmjuPAosjAwICvry+oYLfbwUSjvcXGAMlyVlbW0MTDkEJPQe5dx3DISkVVVRVYqRBgNBqjoqIEhU6nMzQ0FF7sCzZ5nq+rq0tKSkpLS6uuruZ5vrS0dNOmTeHh4fAyiF5B8nDSwAFqtbqhoYFUTeZ1DNYOFopB0loZ/ToGRex/wVpZVVUVvcPi2QGFghJsox5cK8vJyVGr1fn5+V1dXaCEFIGoNzo7O8FFD+wYOlldXV15eXlqtRo+boQ+28rzvMFggEsfDodDo9EcOnQIXg1HRESgV2wlJSVwjUXsNMFzRHq9HjxH5MZ1DGmtjDJY+nNl4mkimRLYwQaMS9cx8h1Fskxvl7RrwYIFycnJpOfKLl++jC55abVa9Ink0tJSONGUGKBbpgxzhOJ+jrHb7QqFAqyAo5vgG75s2TKr1WoymRISEgoLC3meb2pqWrJkCXhg3GKxZGdno74Di6cGg2HmzJmwULAJ0Gq1Wq0W1LdarUFBQQkJCfIr0Peia7jiuMzJyUlOTgY/yffv319UVORejhHbwflewmB2dnZaWprFYjGZTImJiXq9np5jSP5Hb5bodDp04ugdxs6OwCB90j1CRkaG2WwWjBobgb29vQqForm5GaylaLXa0tLSnp6elpYWnU4nXiAym80ZGRk8zzc3N2u12mPHjtlstp6eHjDw4uJiWDM9PT0oKOibb74Bm/C/EZ2dnRUVFRqNpq6uDuwSOw3+H6Krq+vMmTPw/xBycoz4Px/iqAD1SYNF7YAOSP4/BmtK4FtswGC/U/C8YbFY0GUi+Y4iWZb0FfbAtrY2tVot/n+Mw+FoamqaP3/+xo0bYeWjR4/GxcUZDAbwJxiNRgNTDiUG6JYpwxyhuJ9jeJ4vLCwMCAg4fvw4unngwAG1Wr13716tVhsSEpKZmQnue/f39xcWFsbFxSmVSq1Wm5GR0dHRIWhly5YtO3bsgPYFm4D09PRly5bBzVmzZgnq0CtQ9lISBsDhcOTl5UVFRQUEBKSkpLS1tbmXY8R2eBx0g3a7ff369aGhoVFRUeAWND3HYP0vOMRqtS5evFitVsfFxZWUlNA7jJ0dQScpk+49wKD2798viECe5wsKCmDEGgyGWbNmqVSq8PDw/Px8+k2I6urqBQsWBAUFBQQExMfHHzt2DN1bVVWlVqthK/yTM4VSqUxMTER/lmKdBs5HSqUyISEBXGHzMsJJvCZRVlYmjgpQnzRY1I5CoZgxYwZ4WIMCyRTqW2zAkDIBOG+Ul5erVCr4m1W+oyiWKb4Ct1WwB5aVlaH3/CFarXb9+vXwKQzAwYMHwUTPnDmzsrJS0FtsDEhaJg1zhCKRY9yAPt904uLiLl++TNpkDCvY7LgBcxqFTZs2wZv8zFHPDaN4nnf/Zg6O9vb2mTNnPnjwwLNmGQzG883jx4+NRuOrr776rDvC8CTDUXc5Jibm2rVr77777j///OMN40wn3G2Y954SJl9Pwc/P71klGK+ec/6fM+xyDJDyfuWVV5RKpceF3JlO+NPAvPf0MPn6YYhXzzkM6RxDkbDGKmNziLKTWFJ71KhRgYGBqGjVV199NW3aNCisBB+Kz8vLg9Iv9I65oUKP7ZhgsNg6FA1zioS4fLyhS+8pJN+wIKmULn8Id+7c8fPzE4eWwOYQ8NFHH40ePfrEiRNPPwVMvl6OfD29UfpwOC+fcwS46j0B9CB/fpC8Y0OXTODIytg8z4Mn85qbm0NCQuCDenl5eUCzARAfHw+fTOMRKW/JZwfQJ+tdVaHHdkzQKLaO5LP22Eck5UOy/zRPUngKyTcs0OPBpSHo9fqQkBBUDVfQ0NAIbHR1dfn4+BiNRjCPFCUeOZA8wOTr0cdz6Y0+23OOAFe9J4Ae5M8NT5tjKMrYpBKbzaZWq8F/Gqqrq2NjY+GJGJXylpwhsRQ8HfE7ArBdpUtruPR/LjcYtjlGzhsW6PHg0hCSk5MrKirCw8OxLQ5ZjvGs27HWmHy9QL5eMsc8w3OOAFe9J4Ae5M8NT3s/xiVlbMCECROysrKAFO7evXsLCgqgGINA1R9FLOEuloKnH0Ix7m2w+vMkUXrOo7r0HE5dX6xIf+LECY7jbt++/dZbbwUGBsbExBw4cABdFUG9RxKQ51yJB4qRmzdvWq3W1atXJyYmQmEP0nsHSAwMDGzfvn38+PFjxoxZvnz53bt3SY2SVPTv3r2LvsACXZvFvkNBzmsdxDD5elfl64fmnEP5elKQ6T2OEOTPJR645y9TGRuloKDg1KlT3333ndlsBvLpAMqKP1bCnQQqzC7HuLfBdp40Is/q0nM4dX2xIj0QQs/NzVUqla2trTU1NSdPnkRtot4jCcgDZMYDxUhFRUV6ejrHcRkZGTCdkN47QHpNwP79+2tqampqalpaWiIiIsBZjNQoVkV/3Lhx6AssBHMkeIeCzNc6iGHy9W7I1w/BOcelEw5Avvc4QpA/n0he6dDXytRkZWxxfZScnByVSlVaWgpLBELxgnbFEu5YsMLsYuOkjj3lWhlHkBDHdh5baPa0Lj1WXV+sSM8/0SuDogOotj/qPYqAPD0e0CHQVejj4uJMJhPop1ar7e3tpbx3gCR9ptVqBZJZpEbNZBV9rI6DGfcOBU7Gax3Ek8jk63mRfL3kWtnQnHNIJxz0RSSueg9FHOSkmiMdz+QYHqeMLa6P0tjYqFKp0HOfQCgeO0OohDsWkjA7VoXe4zmGJCFO6byg0OwFXXqsur5AkZ4XKcNDbX/+f71HEZCnxwO6l2Kkvr4efb9yZmbm8ePHSe8dINHT06NQKAQPXJAaFfgWe0ZDP2ODRI6MkPhAJl/Pi+TrZeYY7HBIUwBw45wj/s6iLyJx1XsQbJCDz4IXfGBLRhbSa2VQwhqWQAlrFKiM3dXVJef6KSgoSKFQ+Pv7wxLJtaybN2/m5ubSJdyLiooMBsPGjRtv3ryJlg/NQhnQ64ag9zOwnZczIiw6nW7+/PkGg8FoNKKLudjhnz59ury8PD4+vr+/Pz8//8MPP+SevMDx3r179fX1kp5xw3uuxgOkoqKiqakJLnxVVlZWVFRQ6lNeqQnX3IctWPl6uBcrXx8ZGTlhwgTx0CixB8FOCnrgvHnz9Ho9XEKkfPfR3gYHB0dGRiqVSqx8vcCy5DBlnnBIw6Hg6jkH+/VEX0RCGqNkTyhBbkQglYww5CQikoS1OFGjytgQ7G8KwbFiKW9BBbGEOwmxMDtWhR7bMS89V4btPLbQ7AVdehSoru8QKdKD9SjzEw1juB4lfuGC5FoZhKSUTjLidDrDw8Pr6+vhb0OLxRISEgJ+/GLfO0BZKzMajWhnKGtlz+Q6hsnXi4cp2eiQnXPknHDo3iNNCinIxW8YeT6QlWNIEtbYpVX1E2VsiJz5Fkt5t7a2okeJJdzpmJ8Is2ONkzomM8eQ/ohA2oXtPLbQ7Gldeoq6vkCRnuf5ZcuW6XQ6s9lsMpni4+OBWbH3SALy9HgQDAFr5MKFC/B5XLRXBw8eJL13gERxcXFSUlJjY6PVagW/RkmNDlmOYfL1MuXrKY0O2TmHdMKx2+1wXYvuPdKkUIJc3NxzgFzdZayENTbuoTI2RM58i6W8z549Gx8fL7N7dLA64diOyckx4mvBsrIy0i64OCsT0AEP6tJT1PXFivQdHR2pqalqtTo6Onrv3r3ArNh7JAF5yXhAh4A1kpmZuW3bNoGFL7/8MjExkfTeARJOp3Pbtm2hoaEqlUqn04Ffo9hGhyzHOBwOJl9PH6Zko8/8nCMICcoYSecKSpDTmx6heF7b3z0EUt4OhyM6Orq8vNwbxhlyAC/m4pn3PAqTrx8+uHfOoSd7hhgF8UbN0HLjxg1009/fv6Ki4vXXX/eGcYYcjEZjbGwsx7znUUpKSuCdW+bYZ4vb5xzBH+8YdDz//hjGyGX37t0RERFpaWltbW3p6em7du1as2bNs+4UgzGMePTokUKhGP6PLA4fWI5h/B+XLl3Ky8szmUz/+c9/cnNzN2/e/Kx7xGAwRjYsxzAYDAbDWwy7d5QxGAwG47mB5RgGg8FgeAuWYxgMBoPhLViOYTAYDIa3YDmGwWAwGN6C5RgGg8FgeAuWYxgMBoPhLViOYTAYDIa3YDmGwWAwGN6C5RgGg8FgeAuWYxgMBoPhLViOYTAYDIa3YDmGwWAwGN6C5RgGg8FgeAuWYxgMBoPhLf4LHw4svg03wYYAAAAASUVORK5CYII=)
Screenshot: ![reime-noris.de vulnerability](/twimages/screen-1193207.jpg)
Mirror: Click here to view the mirror
Coordinated Disclosure Timeline
Vulnerability Reported: |
11 June, 2020 21:10 GMT |
Vulnerability Verified: |
11 June, 2020 21:19 GMT |
Website Operator Notified: |
11 June, 2020 21:19 GMT |
a. Using the ISO 29147 guidelines |
![](/images/done.png) |
— |
— |
b. Using publicly available security contacts |
![](/images/done.png) |
c. Using Open Bug Bounty notification framework |
![](/images/done.png) |
d. Using security contacts provided by the researcher |
![](/images/done.png) |
Public Report Published |
|
[without any technical details]: |
11 June, 2020 21:19 GMT |
Additional notification email sent: |
5 August, 2020 06:11 GMT |
Vulnerability Fixed: |
10 September, 2020 15:38 GMT |
— |
— |