Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:
      a. verified the vulnerability and confirmed its existence;
      b. notified the website operator about its existence.
Affected Website: |
aecknowledge.com |
Open Bug Bounty Program: |
Create your bounty program now. It’s open and free. |
Vulnerable Application: |
Custom Code |
Vulnerability Type: |
XSS (Cross Site Scripting) / CWE-79 |
CVSSv3 Score: |
6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N] |
Disclosure Standard: |
Coordinated Disclosure based on ISO 29147 guidelines |
Discovered and Reported by: |
xav0 |
Remediation Guide: |
OWASP XSS Prevention Cheat Sheet |
Export Vulnerability Data: |
Bugzilla Vulnerability Data |
JIRA Vulnerability Data [ Configuration ] |
|
Mantis Vulnerability Data |
|
Splunk Vulnerability Data |
|
XML Vulnerability Data [ XSD ] |
|
Vulnerable URL:
![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAAA3CAIAAABVZQ1/AAAACXBIWXMAAA7EAAAOxAGVKw4bAAAQfElEQVR4nO2dfUxT1xvH71iBChcRKBUBx4sEjTGscaxjGy5MjTLWmMrQbY7NGgkiQUI6xgQNY2xDoqCZc8QsaJgum38YYwgxzDRuq4b5ymqtiB0QqKV0ExhlVyxYvL8/7nZyd996LZTyk+fz1z2n557zfZ5zz33uOb09fYYkSQwAAAAAvICfrwUAAAAATy0QYwAAAABvATEGAAAA8BYQYwAAAABvATEGAAAA8BYQYwAAAABvMStiTEJCws2bN/mSgE+AXpgBwMlPMTdv3ty5c6evVfge38eYW7duPX78+Pnnn+dMAj4BemEGACc/3Wg0mvj4eF+r8D1uYkxfX19ISAjnRw6HY9++fXxJ8TQ3N2/YsIEvORUExE8jHrTS19cXFhbmJT3TwjT2gkgE3PjXX39t27YtMjIyJibm448/fvTo0UwK42PqV9e0OFmMDLdjE1XikytzWkyYDdBFDg0NGY3GkpIS30qaDXg+jxkZGampqeFLisd7MQbwmFnVCxqNZmJiwmAwXLhwoa2trbKy0teKpodpcXJcXNzg4KBwGY/H5szwFJhAQRdJEERQUFBgYKBvJc0GfLxWNjAwYDabMzIyOJOAT5hVvfDw4cP29vZvvvkmJiZm6dKlBw8ePH36tK9FYRiGSSSS5ORkj0+fRidP/UaGbJmiUR4D9+KnGFEx5ssvv0xISIiIiHj//fcdDgeGYQ6HIz4+niCIZ5555ttvv6UnDx48GBIScuDAgYULF4aFhW3duvXhw4d8NTc3N69bt87f35+dvHbt2ssvvzxv3rzIyMhNmzb19/dTZcbHx7dv3x4SEhIXF/fJJ59MTk5iGDY5OVleXr5w4cLg4OBNmzYNDQ0xGrp9+3ZERMTFixexf+fm9fX1CQkJYWFh7733HmUUhmEPHjzYsWNHZGTk4sWLP/30U6ryjRs3HjhwgCpw8+bNwMBAVH7Hjh2MxytOeRiG9ff3r1+/PiQkZOnSpd9//z0qPzAw8Oabb4aEhCQkJNTX16OVCr56EHwmc5pANzk4OPjtt98eGhr66KOPIiMjIyIitm3b9uDBA85OuXbt2qpVq0JCQmJiYt566607d+4IaGN3GdXuvn37IiMjFy1adOzYMWHx7Ctt3rx59+7dCw4Opgp0dXVFR0cjfwYHBy9ZsuTQoUOU3xirLoyVH7Zstryvv/56/fr16JQ9e/Zs3boV4yImJubGjRso+eOPP3IW4yvg1smcLmILpi9zcY47xlDllIpsiYmJuXLlikiL6GV8boLA6ZwXIXuYiBwj4kUCFO5jDEEQBoOhra3t6tWrNptt9+7dGIaFhoZ2dnbiOO50OnNzc+nJjRs3EgRx9erV69evX79+vb29ff/+/XyVCyyUtbe35+fn2+12k8kUGxtbVFRE5VdXV4+NjRmNxtbWVr1ef/ToUQzD9u/fr9PpdDqd2WyOjo7u6Oigt+JwOLKzs2tra1etWoWMMhqNlFEWi6WiooLKLy4uttls7e3tra2tzc3NDQ0NGIapVCqdTkcVaGlpefz4cWtrK5XU6XSvv/46vS1OeRiGFRUVzZ8/v6Oj49y5c/QYU1RUFBAQ0NXVpdPpTpw44bYeBJ/JnCagfrx06ZLBYLDZbMuWLRscHDQajZcvX+7t7UUeYPSCSqXSaDQWi+XSpUvp6elSqVRAG2eXEQTR2dlpMpmamprS09MFxHNeaXTu3r1bWlpaV1eH/NnZ2Xn+/PmmpiZMBJyyGfLUarVer//777+RK7KzszEMi2TBqFyj0axZs4YedRDXrl1bs2aNRqOhZ7p1Ml//cvoTfcQed4yhKixVpEVso2aJCXx3HnaLnMNE5BgRKRL4B1KQ3t5eDMNGR0epZFtbW2JiIvoIx3F6SSpJnWKxWKj8M2fOpKamUscWiyU+Ph6dQhAEjuPDw8OcSTpdXV1RUVHUsUwmIwiCOjYYDEqlkiRJuVze3t7OFk9JysrKKiws5DPq0qVLlFEulwvH8Z6eHiq/ubk5LS2NJEmbzRYUFOR0OkmSVCqVWq12y5YtVD3z58/v6uqi+4FTnsvlkkqldJ8sWLAA5aMWUT5fPXQ4TeYzgTJ5ZGQEmezn5zc2NkYl29rakpKSqGN6LwwPD0skEspwOm61kf92GdUuu0/Z4gWuNAqr1ZqYmHjq1CmS35/saxL5k1M2p7y0tLTTp0+j2ijzrSwYFhEEUVNTEx4evnnzZrPZTGWazebNmzeHh4fX1NSgpklxTua7pBmCxYw7hls4pbLhK8Y2apaYwHc6u0XOYSJyjIgUyRA8l3EfY/gGrUCMkUqlKL+jo0Mul1PHLpfLZrOhj86cObN69Wq+ZHt7+9q1a6Ojo2UyWXh4ONXu8PAwhmGyfwkPD5fL5SMjIxKJxOVycYqvqKjw8/M7fvy4W6NsNltAQADKN5vNKLApFIoLFy7Y7fbY2NiRkRG5XO5yuRobG7Ozs+m1ccqjamb4hLNFlM9XD4LPZD4ThG++9CSjF9555x2FQqHVauvq6n7++Wdhbewu4xxpnOKFFZIkmZaWdvjwYWQmpz8FKuGUzSmvtrZWo9GQJHnkyJHNmzeTT8Lw8LBarZZIJFRSIpGo1Wp020K4dbLwJc2ZIzDuOM1kSBVpEZ9Rs8EEvtPZ53IOE5FjRKRIiDEIiZenSf/h2WefXbRoEUoKv1GmVqvz8vKOHj0qlUqtVmtmZiaGYU6n08/P7/r16xLJP8r9/PxQ5ewWx8bGzpw5c+rUqaKiouzs7NDQUM+UZ2Vl6XS6np4elUoVGhqqUCj0er1Op8vKyqIXE5D3RIish9PkKcLohR9++OHGjRsmk8lms2m12ldeeYWK2ZzaOLuMjycSPzAwYDQaf/311yc36B84XToxMcEumZ2dTS2ntLS0oLUg9uLY/fv3GTnd3d2VlZV6vb66uprKqa6urqurKywsrK6uXrJkCSrp1smff/455p3+5ZMqvhinUbPWBMD3CIcgz+YxGG0uefbsWTSXpONyuWQyGZquMpJ//vkn/dHJYDCgdnEcZ0/A5XK5wWBgi5dIJB0dHSRJqlSqoqIiYaP4FppIkmxra1MqlRs2bDh37hxJkg0NDcXFxVFRUTabjVEbpzzG2s7Zs2fpa2W9vb1UPn2tjLMetyYLrJWJeUZj9AIDg8EQGxvLp42zy/ie5tjihRW6XC66Kj5/jo6O+vn50VdB6ZWwZfPJW7FihU6nW7BgAarK7VpZQUEBjuNarXZwcJCePzg4WFJSguN4QUEBEi/GyXyXtMAkgG/cMc7ikyrSIk6jZoMJfKezW+RbKxM5jxEjEuYxCM9jDEEQEokELYaiJNUHOTk5VqvVZDIpFIqqqipUA1q01ev1K1asQPmMJEmScrm8oaFhZGTEbDar1WrUbkFBQVpaGvXEtH///urqapIka2pqlEql0Wi0Wq1FRUV6vZ4hvrOzUyqVGo1GYaPy8vI2bNhgsVhMJtPKlSvR4gylRy6Xo9X5+fPnKxQKkiRHR0clEklnZye1LMApjyRJtVpN9wlqMScnR61W9/b2mkymlJQUYTPpDuQ0mc8EkeOH0QsdHR2ZmZkXLlwYHBy0WCx5eXkqlUpAG7vL+EYaW7zbtTLGcj+fP5VKZV5ent1uN5vN6enp9ErYsvnkVVZWpqSkUMaKJDc3Fz0rsOnt7c3NzaWORTrZ7SWNaqbfoDnHHWOoCksVaRHdqFliAt/pnL3MHiZPFGPcirRYLPQltbmM5zGGJMmqqqqgoKCmpiZ6sr6+Hsfx2tpauVy+YMGCDz74AH1vRq+ttLS0oqICVcVIkiSp1+tTU1OlUmlUVJRWq0XtOp3OkpKS2NjYoKCgrKws6mHE5XKVlZXJZDKpVKpWq6mnG4b44uLi1157TdgogiDy8/NlMllsbGxVVRV9NXnLli05OTkomZqaigTv3r0b+YFTHkmSVqt13bp1OI4nJyfX1dWhFu12u0qlwnE8Pj6+trZW2Ey6ck6T+UwQOX4YvTAxMVFVVZWcnBwQECCXy3Nzc+12u4CN7C7ju4mzxYv/xojuz6CgoMTERLo/u7q6Vq9ejeP48uXLDx8+TD+LLZtPnsFgwDAMXdjTi0gni7mkyf/eoPnGHckaqtPLLDGB73TOXmYPE/ExRoxIp9MplUoFXqmYO7iJMR4gcpKYnJx8+fJlvuTcpLOzk/Hd/gzzf9oL7Ag0RQiCkEqlnK84Th0vOfkpWJyZogkz4wHxrRQXF9Pf7JizzOh3/nTu3r0rkJybGAyGxMREHwqAXqA4f/58enq6l3buAifPEerq6qgJ8RzHk7eeHj169O677/7xxx8iy8MG5gJ89tlnx44du3///pUrVyoqKgoKCnytaK7jcDiot5Z9LQT4/8bf3//FF1/0tQrf40mM8ff3DwgIKC0tFVMYNjAXJiMjo6GhITY2Njc3t7i4mG/nEmDGQOvsvhYCAE8Dz5Ak6bbQ+Pi4RqNpaWlBe2z89ttvWVlZAwMDbs/94osv7Hb7V199NRWVfX19K1asQK1z4nA4GhoaysvLp9IQAAAAMI24n8eMj49nZma6XC56Znh4OEEQYhqADcwBAADmLO5jjN1uX7t2LbUR4ZMyqzYwBwAAAGYY9zEmLi5uz5494mukb7vtdgNzjGsDcO/t/g0AAADMJNP5H2XsPczdbmCO8W/zPjMbmAMAAABeROTvaPh2J6Pg3MNczAbmJP827zOzgTkAAADgPaZnHrN8+fKJiYmenp7y8nL0l4Xnz59XKpXUD9nCwsJycnLS0tI+/PDD+vr6X375hSrjcDiGh4dTUlIYFeI4zvcLOKlUunjxYup42bJlFouFs1hwcHB5eXlXV9fExMTy5cunbiMAAADwpExPjKmurtbr9YWFhd3d3SiTvYF5Y2NjSkrKxMSEVqvdtWsX+shLG4B3d3dTO/HB7t8AAAA+YXpiTHl5udlslsvlCoVi586dGIZNTk62tLQw3lp+4YUXtm7dWl5efvz48bNnz2IYFhoaGh4e/kS7ADidznv37lHHZrP5ueee4yy2c+dOhUIRFRVlNpvhRzMAAAA+wcMY43K50H89UURERBw6dMhkMlG/m2lra4uKikpISKA+vXPnzhtvvPHTTz8NDQ3du3fvyJEjCoWC+qikpCQ/P//WrVv9/f27du26ePGi29a1Wm1/f//t27erqqpUKhWVKZPJnE7n77//TiUJgjCZTPX19REREZ7ZCAAAAEwRD2OMwWDgnEDExcWdPHkSYy2UJSUlpaWlFRQUREdHp6amOp3OxsZG6qOysrKMjIzVq1cnJSVZrVa3353gOJ6amrpy5cr09PSUlJSysjIqPzg4eO/evQqFgnp3+eTJk3FxcZ5ZBwAAAEwLovaSYTA+Pr5s2bK9e/du376dr8zSpUtPnDjx0ksvTU0eEzGbygAAAACzBE/29g8MDPzuu+9effVVgTKwgTkAAADg4VqZcIABAAAAAGx6f+cPAAAAAHQ8+T4GAAAAAMQA8xgAAADAW0CMAQAAALwFxBgAAADAW0CMAQAAALwFxBgAAADAW0CMAQAAALwFxBgAAADAW0CMAQAAALwFxBgAAADAW0CMAQAAALwFxBgAAADAW0CMAQAAALwFxBgAAADAW0CMAQAAALwFxBgAAADAW/wP6fAt6wWvpQIAAAAASUVORK5CYII=)
Screenshot: ![aecknowledge.com vulnerability](/twimages/screen-1193552.jpg)
Mirror: Click here to view the mirror
Coordinated Disclosure Timeline
Vulnerability Reported: |
12 June, 2020 09:21 GMT |
Vulnerability Verified: |
12 June, 2020 09:36 GMT |
Website Operator Notified: |
12 June, 2020 09:36 GMT |
a. Using the ISO 29147 guidelines |
![](/images/done.png) |
— |
— |
b. Using publicly available security contacts |
![](/images/done.png) |
c. Using Open Bug Bounty notification framework |
![](/images/done.png) |
d. Using security contacts provided by the researcher |
![](/images/done.png) |
Public Report Published |
|
[without any technical details]: |
12 June, 2020 09:36 GMT |