joebiggsphotography.com Cross Site Scripting vulnerability OBB-1193363

2020-06-12T00:20:00

Description

Following coordinated and responsible vulnerability disclosure guidelines of the **[ISO 29147](<https://www.iso.org/standard/45170.html>)** standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence. Affected Website:| **[joebiggsphotography.com](<http://joebiggsphotography.com>) ** ---|--- Open Bug Bounty Program:| **Create your bounty program now**. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| **[XSS (Cross Site Scripting)](<https://www.owasp.org/index.php/Cross-site_Scripting_\(XSS\)>)** / CWE-79 CVSSv3 Score:| 6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N] Disclosure Standard:| Coordinated Disclosure based on **[ISO 29147](<https://www.iso.org/standard/45170.html>)** guidelines Discovered and Reported by:| **Tanzil ** Remediation Guide:| **[OWASP XSS Prevention Cheat Sheet](<https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.md>)** Export Vulnerability Data:| Bugzilla Vulnerability Data JIRA Vulnerability Data [ Configuration ] Mantis Vulnerability Data Splunk Vulnerability Data XML Vulnerability Data [ XSD ] Vulnerable URL: ![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAAA3CAIAAABVZQ1/AAAACXBIWXMAAA7EAAAOxAGVKw4bAAAYhklEQVR4nO2db0wcxxXAN+fLeQ0LhjNcbLiEP6XEdRBByEI4oS5yrMRyETpRh7g2xRdiuQQRQlCaEscilLiEuNhyKEUociJiIceKEKJWhVwXudEJoYRgciHkShGm5ws5nzHGQC7kDGe2H6YZTWZn5vYWDrvx/D7dzs689+bN7L7b2d2398myLHA4HA6HEwJ0d9oADofD4fxo4TGGw+FwOKGCxxgOh8PhhAoeYzgcDocTKniM4XA4HE6o4DGGw+FwOKHirogxSUlJn3/+OW2Tcw/C58DqE6zPlzNGqzC+alTwabYK3PkY88UXXywtLT366KPETc49CJ8Dq0+wPl/OGK3C+KpRwafZ6hAgxly5ciUiIoK4a3Z29s0336RtqufcuXP5+fnKTYZqBrRW2qRpQIMiza5bPqvmlqAAc0CDbVeuXImOjtag8fr16/v379+wYUN8fPxLL71069YtleqCtfDmzZvPPvtsbGxsfHz873//+8XFRQ3WYqg3HhqsdBR6GCr7pSxh12cD295HAhWFHhpBacHOKuw633zzzYsvvpiQkLBu3bqHH374rbfeun37tvrucNhov46ZmZmpr6+nbaqHFmMSEhKmpqY0m4exstJWFs2u+7EC5sBqDllxcbEoisPDwzabbWho6MiRIyFSZLVaFxYW7Hb7xYsX+/r6ampqli9zRYwHPr927dqBAweA2y9fvrx//37a2TbY+sq2giD4fD6fzzcyMhIVFeX7HnTQV+qswq5TUlLicrkuXLjgcrlaWlrOnz8/ODioQSmHjMzE6XRKkqRmF6MmA7fbHRUVtbCwQNzUgDYzVhANBtxBm++4u5QsZw44nc6oqKhgW3m9XlEUvV4v2Ozv709JSVGpLijvzc/Pm81mDYoYBGX8xMREZmYm+JGVlQXLUZ+/9957KSkper0+IyPj/PnzWEOV9Rkox5cxaqiH1XtbzRSCdebn5/V6/czMjBrJHA2ouo55++23k5KSNmzY8Jvf/GZ2dlYQhNnZ2cTERK/Xe999973//vvo5okTJyIiIv70pz898MAD0dHRBw4c+O6772iSz5079+STT95///3KTXhp/O233/72t7+NjY198MEH//CHP8A/Srdu3XruueciIiISEhJef/119A/UW2+9hWlHL7SvXr36y1/+MiIiIikp6fjx43DRgFb+6aef/vznP4+IiIiPj//Vr371r3/9CwqkdVPpMVpHME/SOku0Ddjw5ptvxsbGbtq06d133wXWbtu2bd26dbGxsU8//fTXX3+twdq//OUvTz31FKzw2muvHThwABu727dvv/rqqw888EB4ePjTTz9948YNWh+B9uPHjyclJYWHhz/zzDM3btz43e9+Fxsbu2HDhmefffbbb79VTgl0yFAJ0dHR+/fvh179+uuvn3rqqYiIiIcffvjMmTNQDnF6/Oc//wkPD//ss88EQbhx40Z0dPQ///nP8PDw7777Ljw8HDRcWFgwGAxoT4P1Hq3+unXrvvrqK6hobGwsLi7umWee+eMf/wilbdu27f333xcoKCt3dHSwjQf8/e9/FwQhPj7+0qVL4Mcnn3yi9LkgCEtLS7Bcp/vf+QE2VFlfqZrYVgk66NihgdVkHP40FaglsA6wX6/XE+0hTnJOcLBDkNPpFATBarW63e6xsbEdO3aUlpaCXSMjI5Ik+Xw+v9+Pbo6PjwuCsGfPHpfLNTY2lpaWVltbS5O/e/fu9vZ24ib821JSUpKXl+dyuYaHhzMzM5uamkCFw4cP7927d3x83OFw5ObmNjc3Q4OV2tE/QQUFBRaLxePxjI2Npaenw/9QtHKTyXTq1Knp6enx8fETJ06Mj4+zFdE8RusI6klaHaJtQFdxcbHH4zl//vzIyIgsy62tre+9997MzIzH46msrLRYLBqsnZiYEEVxbm4OaE9LS+vq6sLGrr6+fuvWrUNDQxMTExUVFTabjdZHoKWoqGhiYmJ0dDQnJycmJgYoHR0dzc3NraioUM4B7D8s6ClokpOTU1ZWBnZZLBa0X3DUiNNDluWjR49u375dluWysrJ9+/Yp5+SuXbsaGhrQkmC9R6uPMjIyEhcX19/f39HRsXXrVlDodrtFUQT/qWMUyLJMq8wwvr+/f8eOHRs3blT2VOlzj8dTVFQ0MDAgSdLY2Ni+ffvA0a2tPlE1dsjLP7yOwS5W0EMD20UbX6IKpSVonfz8/Ly8vN7eXng5CCFOck5QqIox8FzT19eXnJwMdxHXykATl8sFyjs7O+FR4XK5EhMTYROv1ytJ0vT0NHETCPT7/ZIkgdO6LMvnzp3Lzs4Gv2NiYuCcsNvt4Nqfph2a5/f7RVGEAjs7O8H8ppVPT0/r9Xqfz0f0DFER0WOMjqC2EevQbAO6oMeUjI2NgeMqWGtlWc7Ozu7o6IDmKT1gMpkGBwfREpr9QAs8G/b29up0uvn5eagULu+gc0AZY6Cdvb290KuiKKL9gmcr4vSQZXlhYWHz5s21tbUxMTEejwfrVG1t7c6dO7ETa7DeYxwCgImJieTk5LNnz8qyPD8/HxkZCSq3tLTk5+fDOhiMykTjR0dHCwsLjUZjfX298uwJwY47WXFoa6hPU61sKzNjDGOtjDa+mAqiJVidubm56urq1NRUvV6fkpJSW1sLfaic5JxgCe5+jJrZ4HQ6RVGE5Q6Hw2Qygd9+v9/tdsNdnZ2dO3bsoG0CgW6322AwwMLR0VFw0pyenhYEAf7FMxqNQAtNOzQPE+hwOECPaOWyLO/duzcjI6OqqqqxsfGjjz6C5rEVYR6jdYRhG6xDs414LhgcHNy5c2dcXBxwC6wZlLWyLDc0NFitVlmWm5ubCwsLMS0zMzN6vR47F9PsZ2jBNtE5wDi/oF7F+gX/GRCnB6Cnp0cQBHiNCOnq6kpOTp6amsLKg/Ue4xAAZGdno9r37t0LNnfu3In9AVdCq6w0Xq/XWyyWgHcasOMuIGrq01QT22qIMYzxxVQQLaF1wefz9fX1ZWdnHzlyRKZMck6wrOr7MWvWrNm0aRPcpD1Rpgafz6fT6QYGBux2u91uHxoastvtK2zu93zwwQenTp1KT09fWFioqqp64YUXQqRoRbBYLNu3b7fZbHa7vbu7W7OcgoIC0Pxvf/tbQUEBsc6aNWs0yycS1BxgwJ4eHo9Hp9N5PB60yZdffllaWtrZ2blhw4blG8Dg6tWrQ0ND6CwqLCzs6uq6efNmf38/7H6sAkZlovF1dXU2m62srOzy5csMe4L1uZr6NNWrML6YCqIlNDPWrl27bdu2pqamDz/8EBau+CS/52CHIG3XMQKyUNDV1YUtFAD8fn9MTAxcV8E2oUDGEpMkScrLWJp2bK3M6XSCCthambIcw263m81mNYowjy1/rUxpm/I6ZnJyUq/Xo9aiq2rqrQWkpaX19PRERUXB5SAUk8lkt9vREsZamZrrGGwOqLmOwdbKurq6oGTi9JBleWZmZuPGjWfPnjUajQ6HAxROT0+npKScOXNGWV+D99iHgN/vR+e5LMs+n89oNJ48ebKgoAAWEtfKiJUZxk9NTVVWVkqSBG8KYiiPOzbq6ytV09pqWysjji9RBWaJsg62kGiz2eCKsXKSc4JFe4zxer16vX50dBTbhDc8JyYmhoeHMzIy0BuecFnfZrOlpaXBcmwTVX3w4MH8/HzlbfDS0tLs7Ozh4WG3233s2LG6ujoZud2KaUc7smfPHovF4nQ6h4eH0Xv7xHKHw7Fr166LFy9OTU25XK6DBw/m5eWpVIR5jNYR1JO0OkTbiGtlJpOppaVlZmZmdHTUYrGgZ72grJVluaamJj09HfQXGz5Zluvr67OyssDt0PLycnA7lGi/yhiDzQE1MUb+/p4/7BcsJ04PWZbLysrA0t/Ro0dzc3NlWfb7/Tt37qyoqPAhoJ0N1nvsQwBzI2Dfvn2RkZEffvihrAK0Ms14FKfTWVRURBSlPO7YBFsfVU1ry4gx6KExNzen1+tHRkbA4hVxfBnmQUuwOiMjIyaT6Z133nG73TMzM2BvfX092Euc5Jyg0B5jZFmura0NCwtra2tDN48fPy5JUkNDg8lkioqKKi4uhnd3UWkvv/zy4cOHoShsE63s9XoPHToUExNjNpvR23E+n6+ystJsNoeFhe3evRs+7iVJ0rFjxzDtqGqPx5OXlydJUmJiYkNDA+wRsXxhYaG2tjY1NdVgMJhMpqKiInCjGAhUdpMdlYkdQT1Jq0O0jRhjbDbb1q1bRVHcuHFjVVUVWjMoa2VZBusPcHyxyn6//5VXXomJiRFF0WKxgDsBRPtVxhhsDqiMMRMTE08++aQkSampqY2NjbCcOD3AE1DgCsPn8yUmJp4+fRqEBJSoqCildvXeo9Undh/Q1dUlSRJajQFamWi8GiEA5XG3svXVtGXEGPmHJ5nq6mr4mzi+asxT1unu7s7NzY2MjAwLC0tPT3/nnXfgLuIk5wRFgBijAeKJT0lqaurHH39M21QvZ5mAfzHqyyGrYx6RgLYp0WYteL+P8dzayqKcA3cJwXrvDs6NYAnW58sZo1UYXzUq7tpp9mOF/ObRKvDvf/+bsblq2O325ORk9eV3A6tm24ULF3JycrRlANPAnZoD9zLB+nw5Y7QK46tGBZ9mq8yqPlemPpP24uJiX1+f2WwOhRlvvPHGu+++e/369U8++eTw4cOlpaVo+UMPPdTe3o6WqySkecJpNq8gn3/++fPPPw83Z2dnwVPLK6tlcXHx17/+9bVr14hKITzp+p0lKSnp0qVL6EhxOBpZ8Ssj2kLB0NDQQw89pFKI1Wo1Go2dnZ0ratr/sNlsmZmZBoMhJSXl5MmTaPnPfvYzQRCwciJYN4PqnQZoNqtEzepNRkYG+oq4wWAoKChQ3kBePsXFxfA+MKYUEGpnBsuPeK2MCPQ/OlIcjjaCjjFqjh+QLRUrPHr0aHl5ebDqVhnUSGJPad1X07umpqbk5GSDwZCRkdHd3R3QGKWuYCVg0hh3g6empnQ6HTuiaD51YvNhcHAQvJtJU4o6k9Zl9F63TqdLTEysq6uDj0go74QLggBis9Pp1Ol02ANC2CNhELPZXF1dDbMrKj2AebWpqSkxMTEsLCwrK6unpweryZDMGFm2UnZ3ZFkm/rOUJAk+ty3Lcnt7e2pqKvQe9D8cKQ5HM1quYwL+tyWejLKysi5cuKBB3WoCjPR4PMXFxVgWJmIh1pAhGZx9enp6Jicnz5w5YzQaAz4HiblRgwRMGiPGqIkfmmMM41UqokDoTEaXnd9nuPH5fPPz8yCbCHxAGd0LgQ+5CYKQnJyMvhWBPRIGxQ4PDz/22GPgrW+iwahXQZwAj7l3dHTExMT09vZivSZKZo9swBjD6I4sy8T8+ZWVlcXFxbB+eno6fHoQ9f//+wUZ525g5dfKZNLUXH7S/lUgYMZyWhpzNb2Li4u7ePEi3Dx58iT63gkRzI0aJGDS/i9iDOpMRpeVbXt7e7ds2RLQVKfTGRYWlpmZib6WiMUYtH5fX9/mzZtpYlGvYta2traiA8SQzB7ZgDGG0R1aidvtliTJ6XTKstzd3Z2cnAz/MKH+5zGGs3xUfQcTzR6PfkqPmMCcmJGbndCbCJYSnF1BmX6fljKdlsBfUJGxnJbGPGDvZmdn3W53Tk4OLNm+fbvD4RCYWetVShAo+fwFet57NdBkQojJ1ZUThp2hXQl0JrvLSkRR9Pv9arqm0+lOnz7d1tb2j3/8I2Blg8GwsLAQsJrS2pKSkubm5oCSg+2mkqC6A9i0aZPVaj127JggCA0NDdXV1TBjiprE+ByOegI/V+b1ekdGRoaHh9va2tAjAezq7+8fGBgYGBgYHBwEU3b9+vUwI3dRURGoqSFPkdVqfeKJJ9CvVkA+/fTTJ554wmq1wpK8vDyr1epyuXp7e3NyckRRBGmdwN6rV6/a7XaLxSIIQnl5ucFgGBsb6+npOX36NCoWGnnt2rWPPvro7Nmzoih2dHS0tbXdvn2bWKiyd+BFE/S4jYyMnJubg3uHhob6+vr6+/tdLtfhw4eDlTA4OHjo0CGPxzM8PGw2m8vLy0F5eXl5ZGSkw+Ho7u5GYwwtFxYKTSakrq5ufn5+aGjo/PnzNputtbUVmopOGOJ8YACdye4yxvXr148cOQKGWA2PPPJIbW1tSUkJMaJDbt68WVNTc/DgwYACldbef//9CQkJASUH1U0aKruDUl1dfebMmb/+9a9OpxM9lGiTmXE8cjgs2Jc5TkX2eHShQ6AkMFcmhJAUCb0D4vV66+vrjUZjYWEhzFhDzNRNTL9PzIJOS5JPNFLlPX+sIfb9Alqr8fFx9CazMms91oohAQPm82fkvVfmwmKvigCZWB3GtxWUydtVrpXRcvsruwwUwbS7oiiWlpZi2V/Qj68oH+Xw+/3Z2dngtgR2zx+K1el0u3btonVEpiyyvfzyy0ACHEqG5IAjG3CtjNEdYhNIaWmpKIotLS1E/2OqiccjhxOQwO9gSpJEewtPFMUHH3wQ/N68ebPL5SJWu3DhQlZWFhSC/mu+fv06sUQQhPDw8FdffbW0tLSkpGTLli2Li4uCIGzZsiUvL298fHz9+vWwSXR09J49e7Kzs3fs2BEXF7d169Zf/OIX69at2717d1dX1wsvvNDZ2Qn+qU1OTi4tLSUlJUGbaUYKgpCQkPDNN99gfVEWYg3j4uL6+vqwViBDOFqytLQEP70nSRL89p/ZbAZ5y4OS8Nlnn73yyisOh2NhYWFpaQms6U1OTgqCgA4QbBsfH4/Jv3LlClZClAm5efPm1NRUYmIisTuaX9tEncnusiAIYWFhINuNTqczmUxYfly4F25iutasWXP69OmMjIyCgoKMjAxiw/Hx8crKyrfffvvFF19kW45ae+TIkcrKyomJiV27dtFMgpL37NnD7qZKaN1hUFZW1tbWVlJSAkuURwGEeDxyOAFZjff8satvZRJ+Wlr+y5cv19TU2Gy2uro6UFJXV9fY2FhWVlZXV/eTn/wE1vzggw8uXboEEuRVVVU99thjf/7znwsLC5ubm4uKivr7+zs7O4MyUnPvsO8XAMBK0eLiIlwSmZubi4yMVK+FLcFisRw8eLC1tVUUReWpTYlycWxgYAArYcuEydXh2ZD4nd1gQZ0Z0Gk6nU4ZLFXuBfz0pz+tr68/dOgQ+hEEtGF8fHxTU1NJSQmIMWFhYT6f7/bt2zCeeb1eEL1Qa9evX79+/frJyUkssBElW61WdjcZStV0h0FkZKRer1+7di0sYR8FyuORwwkM+zKHeJ1OXCtDE5ijrYJNHg4pLS2VJKmqqgrLQxcwXTlMv6/Mgs5I7K/NSPUNsWeHmpqaYP5mWrZH9nNlUAItnz8j733AtTKiTKyORPm2QsAFRtpamdKZtC7TFLHNoO3Kzc3Nzs6mPVf28ccfo0teJpMJfSK5paUFLqbFxcXBT9jJstzY2MheZ4OSGd0MqJTdHVS7cq0soP/RCrTjkcNhs9wYQ0xgjmbkDjYZOKSoqAgGA6Jh8A1kWvp9mZQynZgkX7ORyoZerxd91QAC34GYmpoCHy8B70AwYgyWzJwmQabk85fpee+VuFwu9NONRJlqkqsTT+7YZyDGxsaAJZhSpTMZXVYTY2jvxyjvf0iSpHw/xufzORyO7du3l5WVwcrNzc2pqak2mw28BGM0GuHZH74fMzk52d7ebjQa+/r6aCahkhndDKiU3R1Ue8AYo/Q/HCk50PHI4dBYVoyR6AnMYUbu5SQDVwkt/b5MSplOTJKv2UjGJwmUEN/lZsQY+YfJzGkSZEo+f5me916Jz+cTRRG9l0uUGTC5Oq37aIb2jo6O9PR0pVLiKDDe82fHGOUlO3zPX9mwtbWV+J6/yWQ6dOgQ9om2EydOJCYmGgyGtLQ0LN0RiBYGgyEzMxO9NAkoOWAGB5pSdnfQagFjjNL/cKQ4HM1ofwdT5ftZd3MmbZgkX7ORd+qTBKGgoqIiqO+6awN8teXUqVNKpXfzVLkXwPyPjRSHo42Q3/O/mzNpwyT5mo0kNkTfNvg/orGxkfbwxQqydu3a9vb2xx9/XKn0bp4q9wKY/7GR4nC0cZ9MyZoXkCtXrqSlpSmf7r3LeeONN+Li4vLz88fHx/ft21dTU3PgwIEVlH/r1i29Xo89R8vhcDj3Jqv6/Zi7gdzc3JaWFrPZXFRUVFFRsbIBRhCEtWvX8gDD4XA4AO3XMRwOh8PhsLnnrmM4HA6Hs2rwGMPhcDicUMFjDIfD4XBCBY8xHA6HwwkVPMZwOBwOJ1TwGMPhcDicUMFjDIfD4XBCBY8xHA6HwwkVPMZwOBwOJ1TwGMPhcDicUMFjDIfD4XBCBY8xHA6HwwkVPMZwOBwOJ1TwGMPhcDicUMFjDIfD4XBCxX8BAZud2JWzaPIAAAAASUVORK5CYII=) --- **Screenshot:** ![joebiggsphotography.com vulnerability](/twimages/screen-1193363.jpg) **Mirror:** [Click here to view the mirror](<http://1193363.openbounty.org/mirror/>) ### Coordinated Disclosure Timeline Vulnerability Reported:| 12 June, 2020 00:20 GMT ---|--- Vulnerability Verified:| 12 June, 2020 00:30 GMT Website Operator Notified:| 12 June, 2020 00:30 GMT a. Using the ISO 29147 guidelines| ![](/images/done.png) ---|--- b. Using publicly available security contacts| ![](/images/done.png) c. Using Open Bug Bounty notification framework| ![](/images/done.png) d. Using security contacts provided by the researcher| ![](/images/done.png) Public Report Published [without any technical details]:| 12 June, 2020 00:30 GMT Vulnerability Fixed:| 16 July, 2020 16:30 GMT ---|---

{"id": "OBB:1193363", "type": "openbugbounty", "bulletinFamily": "bugbounty", "title": "joebiggsphotography.com Cross Site Scripting vulnerability OBB-1193363 ", "description": " \n\n\nFollowing coordinated and responsible vulnerability disclosure guidelines of the **[ISO 29147](<https://www.iso.org/standard/45170.html>)** standard, Open Bug Bounty has: \n\n&nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; \n&nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence.\n\nAffected Website:| **[joebiggsphotography.com](<http://joebiggsphotography.com>) ** \n---|--- \nOpen Bug Bounty Program:| **Create your bounty program now**. It's open and free. \nVulnerable Application:| Custom Code \nVulnerability Type:| **[XSS (Cross Site Scripting)](<https://www.owasp.org/index.php/Cross-site_Scripting_\\(XSS\\)>)** / CWE-79 \nCVSSv3 Score:| 6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N] \nDisclosure Standard:| Coordinated Disclosure based on **[ISO 29147](<https://www.iso.org/standard/45170.html>)** guidelines \nDiscovered and Reported by:| **Tanzil ** \nRemediation Guide:| **[OWASP XSS Prevention Cheat Sheet](<https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.md>)** \nExport Vulnerability Data:| Bugzilla Vulnerability Data \nJIRA Vulnerability Data [ Configuration ] \nMantis Vulnerability Data \nSplunk Vulnerability Data \nXML Vulnerability Data [ XSD ] \n \nVulnerable URL:\n\n![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAAA3CAIAAABVZQ1/AAAACXBIWXMAAA7EAAAOxAGVKw4bAAAYhklEQVR4nO2db0wcxxXAN+fLeQ0LhjNcbLiEP6XEdRBByEI4oS5yrMRyETpRh7g2xRdiuQQRQlCaEscilLiEuNhyKEUociJiIceKEKJWhVwXudEJoYRgciHkShGm5ws5nzHGQC7kDGe2H6YZTWZn5vYWDrvx/D7dzs689+bN7L7b2d2398myLHA4HA6HEwJ0d9oADofD4fxo4TGGw+FwOKGCxxgOh8PhhAoeYzgcDocTKniM4XA4HE6o4DGGw+FwOKHirogxSUlJn3/+OW2Tcw/C58DqE6zPlzNGqzC+alTwabYK3PkY88UXXywtLT366KPETc49CJ8Dq0+wPl/OGK3C+KpRwafZ6hAgxly5ciUiIoK4a3Z29s0336RtqufcuXP5+fnKTYZqBrRW2qRpQIMiza5bPqvmlqAAc0CDbVeuXImOjtag8fr16/v379+wYUN8fPxLL71069YtleqCtfDmzZvPPvtsbGxsfHz873//+8XFRQ3WYqg3HhqsdBR6GCr7pSxh12cD295HAhWFHhpBacHOKuw633zzzYsvvpiQkLBu3bqHH374rbfeun37tvrucNhov46ZmZmpr6+nbaqHFmMSEhKmpqY0m4exstJWFs2u+7EC5sBqDllxcbEoisPDwzabbWho6MiRIyFSZLVaFxYW7Hb7xYsX+/r6ampqli9zRYwHPr927dqBAweA2y9fvrx//37a2TbY+sq2giD4fD6fzzcyMhIVFeX7HnTQV+qswq5TUlLicrkuXLjgcrlaWlrOnz8/ODioQSmHjMzE6XRKkqRmF6MmA7fbHRUVtbCwQNzUgDYzVhANBtxBm++4u5QsZw44nc6oqKhgW3m9XlEUvV4v2Ozv709JSVGpLijvzc/Pm81mDYoYBGX8xMREZmYm+JGVlQXLUZ+/9957KSkper0+IyPj/PnzWEOV9Rkox5cxaqiH1XtbzRSCdebn5/V6/czMjBrJHA2ouo55++23k5KSNmzY8Jvf/GZ2dlYQhNnZ2cTERK/Xe999973//vvo5okTJyIiIv70pz898MAD0dHRBw4c+O6772iSz5079+STT95///3KTXhp/O233/72t7+NjY198MEH//CHP8A/Srdu3XruueciIiISEhJef/119A/UW2+9hWlHL7SvXr36y1/+MiIiIikp6fjx43DRgFb+6aef/vznP4+IiIiPj//Vr371r3/9CwqkdVPpMVpHME/SOku0Ddjw5ptvxsbGbtq06d133wXWbtu2bd26dbGxsU8//fTXX3+twdq//OUvTz31FKzw2muvHThwABu727dvv/rqqw888EB4ePjTTz9948YNWh+B9uPHjyclJYWHhz/zzDM3btz43e9+Fxsbu2HDhmefffbbb79VTgl0yFAJ0dHR+/fvh179+uuvn3rqqYiIiIcffvjMmTNQDnF6/Oc//wkPD//ss88EQbhx40Z0dPQ///nP8PDw7777Ljw8HDRcWFgwGAxoT4P1Hq3+unXrvvrqK6hobGwsLi7umWee+eMf/wilbdu27f333xcoKCt3dHSwjQf8/e9/FwQhPj7+0qVL4Mcnn3yi9LkgCEtLS7Bcp/vf+QE2VFlfqZrYVgk66NihgdVkHP40FaglsA6wX6/XE+0hTnJOcLBDkNPpFATBarW63e6xsbEdO3aUlpaCXSMjI5Ik+Xw+v9+Pbo6PjwuCsGfPHpfLNTY2lpaWVltbS5O/e/fu9vZ24ib821JSUpKXl+dyuYaHhzMzM5uamkCFw4cP7927d3x83OFw5ObmNjc3Q4OV2tE/QQUFBRaLxePxjI2Npaenw/9QtHKTyXTq1Knp6enx8fETJ06Mj4+zFdE8RusI6klaHaJtQFdxcbHH4zl//vzIyIgsy62tre+9997MzIzH46msrLRYLBqsnZiYEEVxbm4OaE9LS+vq6sLGrr6+fuvWrUNDQxMTExUVFTabjdZHoKWoqGhiYmJ0dDQnJycmJgYoHR0dzc3NraioUM4B7D8s6ClokpOTU1ZWBnZZLBa0X3DUiNNDluWjR49u375dluWysrJ9+/Yp5+SuXbsaGhrQkmC9R6uPMjIyEhcX19/f39HRsXXrVlDodrtFUQT/qWMUyLJMq8wwvr+/f8eOHRs3blT2VOlzj8dTVFQ0MDAgSdLY2Ni+ffvA0a2tPlE1dsjLP7yOwS5W0EMD20UbX6IKpSVonfz8/Ly8vN7eXng5CCFOck5QqIox8FzT19eXnJwMdxHXykATl8sFyjs7O+FR4XK5EhMTYROv1ytJ0vT0NHETCPT7/ZIkgdO6LMvnzp3Lzs4Gv2NiYuCcsNvt4Nqfph2a5/f7RVGEAjs7O8H8ppVPT0/r9Xqfz0f0DFER0WOMjqC2EevQbAO6oMeUjI2NgeMqWGtlWc7Ozu7o6IDmKT1gMpkGBwfREpr9QAs8G/b29up0uvn5eagULu+gc0AZY6Cdvb290KuiKKL9gmcr4vSQZXlhYWHz5s21tbUxMTEejwfrVG1t7c6dO7ETa7DeYxwCgImJieTk5LNnz8qyPD8/HxkZCSq3tLTk5+fDOhiMykTjR0dHCwsLjUZjfX298uwJwY47WXFoa6hPU61sKzNjDGOtjDa+mAqiJVidubm56urq1NRUvV6fkpJSW1sLfaic5JxgCe5+jJrZ4HQ6RVGE5Q6Hw2Qygd9+v9/tdsNdnZ2dO3bsoG0CgW6322AwwMLR0VFw0pyenhYEAf7FMxqNQAtNOzQPE+hwOECPaOWyLO/duzcjI6OqqqqxsfGjjz6C5rEVYR6jdYRhG6xDs414LhgcHNy5c2dcXBxwC6wZlLWyLDc0NFitVlmWm5ubCwsLMS0zMzN6vR47F9PsZ2jBNtE5wDi/oF7F+gX/GRCnB6Cnp0cQBHiNCOnq6kpOTp6amsLKg/Ue4xAAZGdno9r37t0LNnfu3In9AVdCq6w0Xq/XWyyWgHcasOMuIGrq01QT22qIMYzxxVQQLaF1wefz9fX1ZWdnHzlyRKZMck6wrOr7MWvWrNm0aRPcpD1Rpgafz6fT6QYGBux2u91uHxoastvtK2zu93zwwQenTp1KT09fWFioqqp64YUXQqRoRbBYLNu3b7fZbHa7vbu7W7OcgoIC0Pxvf/tbQUEBsc6aNWs0yycS1BxgwJ4eHo9Hp9N5PB60yZdffllaWtrZ2blhw4blG8Dg6tWrQ0ND6CwqLCzs6uq6efNmf38/7H6sAkZlovF1dXU2m62srOzy5csMe4L1uZr6NNWrML6YCqIlNDPWrl27bdu2pqamDz/8EBau+CS/52CHIG3XMQKyUNDV1YUtFAD8fn9MTAxcV8E2oUDGEpMkScrLWJp2bK3M6XSCCthambIcw263m81mNYowjy1/rUxpm/I6ZnJyUq/Xo9aiq2rqrQWkpaX19PRERUXB5SAUk8lkt9vREsZamZrrGGwOqLmOwdbKurq6oGTi9JBleWZmZuPGjWfPnjUajQ6HAxROT0+npKScOXNGWV+D99iHgN/vR+e5LMs+n89oNJ48ebKgoAAWEtfKiJUZxk9NTVVWVkqSBG8KYiiPOzbq6ytV09pqWysjji9RBWaJsg62kGiz2eCKsXKSc4JFe4zxer16vX50dBTbhDc8JyYmhoeHMzIy0BuecFnfZrOlpaXBcmwTVX3w4MH8/HzlbfDS0tLs7Ozh4WG3233s2LG6ujoZud2KaUc7smfPHovF4nQ6h4eH0Xv7xHKHw7Fr166LFy9OTU25XK6DBw/m5eWpVIR5jNYR1JO0OkTbiGtlJpOppaVlZmZmdHTUYrGgZ72grJVluaamJj09HfQXGz5Zluvr67OyssDt0PLycnA7lGi/yhiDzQE1MUb+/p4/7BcsJ04PWZbLysrA0t/Ro0dzc3NlWfb7/Tt37qyoqPAhoJ0N1nvsQwBzI2Dfvn2RkZEffvihrAK0Ms14FKfTWVRURBSlPO7YBFsfVU1ry4gx6KExNzen1+tHRkbA4hVxfBnmQUuwOiMjIyaT6Z133nG73TMzM2BvfX092Euc5Jyg0B5jZFmura0NCwtra2tDN48fPy5JUkNDg8lkioqKKi4uhnd3UWkvv/zy4cOHoShsE63s9XoPHToUExNjNpvR23E+n6+ystJsNoeFhe3evRs+7iVJ0rFjxzDtqGqPx5OXlydJUmJiYkNDA+wRsXxhYaG2tjY1NdVgMJhMpqKiInCjGAhUdpMdlYkdQT1Jq0O0jRhjbDbb1q1bRVHcuHFjVVUVWjMoa2VZBusPcHyxyn6//5VXXomJiRFF0WKxgDsBRPtVxhhsDqiMMRMTE08++aQkSampqY2NjbCcOD3AE1DgCsPn8yUmJp4+fRqEBJSoqCildvXeo9Undh/Q1dUlSRJajQFamWi8GiEA5XG3svXVtGXEGPmHJ5nq6mr4mzi+asxT1unu7s7NzY2MjAwLC0tPT3/nnXfgLuIk5wRFgBijAeKJT0lqaurHH39M21QvZ5mAfzHqyyGrYx6RgLYp0WYteL+P8dzayqKcA3cJwXrvDs6NYAnW58sZo1UYXzUq7tpp9mOF/ObRKvDvf/+bsblq2O325ORk9eV3A6tm24ULF3JycrRlANPAnZoD9zLB+nw5Y7QK46tGBZ9mq8yqPlemPpP24uJiX1+f2WwOhRlvvPHGu+++e/369U8++eTw4cOlpaVo+UMPPdTe3o6WqySkecJpNq8gn3/++fPPPw83Z2dnwVPLK6tlcXHx17/+9bVr14hKITzp+p0lKSnp0qVL6EhxOBpZ8Ssj2kLB0NDQQw89pFKI1Wo1Go2dnZ0ratr/sNlsmZmZBoMhJSXl5MmTaPnPfvYzQRCwciJYN4PqnQZoNqtEzepNRkYG+oq4wWAoKChQ3kBePsXFxfA+MKYUEGpnBsuPeK2MCPQ/OlIcjjaCjjFqjh+QLRUrPHr0aHl5ebDqVhnUSGJPad1X07umpqbk5GSDwZCRkdHd3R3QGKWuYCVg0hh3g6empnQ6HTuiaD51YvNhcHAQvJtJU4o6k9Zl9F63TqdLTEysq6uDj0go74QLggBis9Pp1Ol02ANC2CNhELPZXF1dDbMrKj2AebWpqSkxMTEsLCwrK6unpweryZDMGFm2UnZ3ZFkm/rOUJAk+ty3Lcnt7e2pqKvQe9D8cKQ5HM1quYwL+tyWejLKysi5cuKBB3WoCjPR4PMXFxVgWJmIh1pAhGZx9enp6Jicnz5w5YzQaAz4HiblRgwRMGiPGqIkfmmMM41UqokDoTEaXnd9nuPH5fPPz8yCbCHxAGd0LgQ+5CYKQnJyMvhWBPRIGxQ4PDz/22GPgrW+iwahXQZwAj7l3dHTExMT09vZivSZKZo9swBjD6I4sy8T8+ZWVlcXFxbB+eno6fHoQ9f//+wUZ525g5dfKZNLUXH7S/lUgYMZyWhpzNb2Li4u7ePEi3Dx58iT63gkRzI0aJGDS/i9iDOpMRpeVbXt7e7ds2RLQVKfTGRYWlpmZib6WiMUYtH5fX9/mzZtpYlGvYta2traiA8SQzB7ZgDGG0R1aidvtliTJ6XTKstzd3Z2cnAz/MKH+5zGGs3xUfQcTzR6PfkqPmMCcmJGbndCbCJYSnF1BmX6fljKdlsBfUJGxnJbGPGDvZmdn3W53Tk4OLNm+fbvD4RCYWetVShAo+fwFet57NdBkQojJ1ZUThp2hXQl0JrvLSkRR9Pv9arqm0+lOnz7d1tb2j3/8I2Blg8GwsLAQsJrS2pKSkubm5oCSg+2mkqC6A9i0aZPVaj127JggCA0NDdXV1TBjiprE+ByOegI/V+b1ekdGRoaHh9va2tAjAezq7+8fGBgYGBgYHBwEU3b9+vUwI3dRURGoqSFPkdVqfeKJJ9CvVkA+/fTTJ554wmq1wpK8vDyr1epyuXp7e3NyckRRBGmdwN6rV6/a7XaLxSIIQnl5ucFgGBsb6+npOX36NCoWGnnt2rWPPvro7Nmzoih2dHS0tbXdvn2bWKiyd+BFE/S4jYyMnJubg3uHhob6+vr6+/tdLtfhw4eDlTA4OHjo0CGPxzM8PGw2m8vLy0F5eXl5ZGSkw+Ho7u5GYwwtFxYKTSakrq5ufn5+aGjo/PnzNputtbUVmopOGOJ8YACdye4yxvXr148cOQKGWA2PPPJIbW1tSUkJMaJDbt68WVNTc/DgwYACldbef//9CQkJASUH1U0aKruDUl1dfebMmb/+9a9OpxM9lGiTmXE8cjgs2Jc5TkX2eHShQ6AkMFcmhJAUCb0D4vV66+vrjUZjYWEhzFhDzNRNTL9PzIJOS5JPNFLlPX+sIfb9Alqr8fFx9CazMms91oohAQPm82fkvVfmwmKvigCZWB3GtxWUydtVrpXRcvsruwwUwbS7oiiWlpZi2V/Qj68oH+Xw+/3Z2dngtgR2zx+K1el0u3btonVEpiyyvfzyy0ACHEqG5IAjG3CtjNEdYhNIaWmpKIotLS1E/2OqiccjhxOQwO9gSpJEewtPFMUHH3wQ/N68ebPL5SJWu3DhQlZWFhSC/mu+fv06sUQQhPDw8FdffbW0tLSkpGTLli2Li4uCIGzZsiUvL298fHz9+vWwSXR09J49e7Kzs3fs2BEXF7d169Zf/OIX69at2717d1dX1wsvvNDZ2Qn+qU1OTi4tLSUlJUGbaUYKgpCQkPDNN99gfVEWYg3j4uL6+vqwViBDOFqytLQEP70nSRL89p/ZbAZ5y4OS8Nlnn73yyisOh2NhYWFpaQms6U1OTgqCgA4QbBsfH4/Jv3LlClZClAm5efPm1NRUYmIisTuaX9tEncnusiAIYWFhINuNTqczmUxYfly4F25iutasWXP69OmMjIyCgoKMjAxiw/Hx8crKyrfffvvFF19kW45ae+TIkcrKyomJiV27dtFMgpL37NnD7qZKaN1hUFZW1tbWVlJSAkuURwGEeDxyOAFZjff8satvZRJ+Wlr+y5cv19TU2Gy2uro6UFJXV9fY2FhWVlZXV/eTn/wE1vzggw8uXboEEuRVVVU99thjf/7znwsLC5ubm4uKivr7+zs7O4MyUnPvsO8XAMBK0eLiIlwSmZubi4yMVK+FLcFisRw8eLC1tVUUReWpTYlycWxgYAArYcuEydXh2ZD4nd1gQZ0Z0Gk6nU4ZLFXuBfz0pz+tr68/dOgQ+hEEtGF8fHxTU1NJSQmIMWFhYT6f7/bt2zCeeb1eEL1Qa9evX79+/frJyUkssBElW61WdjcZStV0h0FkZKRer1+7di0sYR8FyuORwwkM+zKHeJ1OXCtDE5ijrYJNHg4pLS2VJKmqqgrLQxcwXTlMv6/Mgs5I7K/NSPUNsWeHmpqaYP5mWrZH9nNlUAItnz8j733AtTKiTKyORPm2QsAFRtpamdKZtC7TFLHNoO3Kzc3Nzs6mPVf28ccfo0teJpMJfSK5paUFLqbFxcXBT9jJstzY2MheZ4OSGd0MqJTdHVS7cq0soP/RCrTjkcNhs9wYQ0xgjmbkDjYZOKSoqAgGA6Jh8A1kWvp9mZQynZgkX7ORyoZerxd91QAC34GYmpoCHy8B70AwYgyWzJwmQabk85fpee+VuFwu9NONRJlqkqsTT+7YZyDGxsaAJZhSpTMZXVYTY2jvxyjvf0iSpHw/xufzORyO7du3l5WVwcrNzc2pqak2mw28BGM0GuHZH74fMzk52d7ebjQa+/r6aCahkhndDKiU3R1Ue8AYo/Q/HCk50PHI4dBYVoyR6AnMYUbu5SQDVwkt/b5MSplOTJKv2UjGJwmUEN/lZsQY+YfJzGkSZEo+f5me916Jz+cTRRG9l0uUGTC5Oq37aIb2jo6O9PR0pVLiKDDe82fHGOUlO3zPX9mwtbWV+J6/yWQ6dOgQ9om2EydOJCYmGgyGtLQ0LN0RiBYGgyEzMxO9NAkoOWAGB5pSdnfQagFjjNL/cKQ4HM1ofwdT5ftZd3MmbZgkX7ORd+qTBKGgoqIiqO+6awN8teXUqVNKpXfzVLkXwPyPjRSHo42Q3/O/mzNpwyT5mo0kNkTfNvg/orGxkfbwxQqydu3a9vb2xx9/XKn0bp4q9wKY/7GR4nC0cZ9MyZoXkCtXrqSlpSmf7r3LeeONN+Li4vLz88fHx/ft21dTU3PgwIEVlH/r1i29Xo89R8vhcDj3Jqv6/Zi7gdzc3JaWFrPZXFRUVFFRsbIBRhCEtWvX8gDD4XA4AO3XMRwOh8PhsLnnrmM4HA6Hs2rwGMPhcDicUMFjDIfD4XBCBY8xHA6HwwkVPMZwOBwOJ1TwGMPhcDicUMFjDIfD4XBCBY8xHA6HwwkVPMZwOBwOJ1TwGMPhcDicUMFjDIfD4XBCBY8xHA6HwwkVPMZwOBwOJ1TwGMPhcDicUMFjDIfD4XBCxX8BAZud2JWzaPIAAAAASUVORK5CYII=) \n--- \n \n**Screenshot:** ![joebiggsphotography.com vulnerability](/twimages/screen-1193363.jpg)\n\n**Mirror:** [Click here to view the mirror](<http://1193363.openbounty.org/mirror/>)\n\n### Coordinated Disclosure Timeline\n\nVulnerability Reported:| 12 June, 2020 00:20 GMT \n---|--- \nVulnerability Verified:| 12 June, 2020 00:30 GMT \nWebsite Operator Notified:| 12 June, 2020 00:30 GMT \na. Using the ISO 29147 guidelines| ![](/images/done.png) \n---|--- \nb. Using publicly available security contacts| ![](/images/done.png) \nc. Using Open Bug Bounty notification framework| ![](/images/done.png) \nd. Using security contacts provided by the researcher| ![](/images/done.png) \nPublic Report Published \n[without any technical details]:| 12 June, 2020 00:30 GMT \nVulnerability Fixed:| 16 July, 2020 16:30 GMT \n---|---\n", "published": "2020-06-12T00:20:00", "modified": "2020-07-12T00:20:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://www.openbugbounty.org/reports/1193363/", "reporter": "Tanzil", "references": [], "cvelist": [], "lastseen": "2020-09-12T07:36:16", "viewCount": 22, "enchantments": {"dependencies": {}, "score": {"value": 0.7, "vector": "NONE"}, "backreferences": {"references": [{"type": "canvas", "idList": ["MU"]}]}, "exploitation": null, "vulnersScore": 0.7}, "openbugbounty": {"patchStatus": "patched", "mirror": "http://1193363.openbounty.org/mirror/"}, "immutableFields": [], "cvss2": {}, "cvss3": {}, "_state": {"dependencies": 1647589307, "score": 1659743467, "epss": 1678895942}}