logo
DATABASE RESOURCES PRICING ABOUT US

lasclev.org Cross Site Scripting vulnerability OBB-1193775

Description

Following coordinated and responsible vulnerability disclosure guidelines of the **[ISO 29147](<https://www.iso.org/standard/45170.html>)** standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence. Affected Website:| **[lasclev.org](<https://lasclev.org>) ** ---|--- Open Bug Bounty Program:| **Create your bounty program now**. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| **[XSS (Cross Site Scripting)](<https://www.owasp.org/index.php/Cross-site_Scripting_\(XSS\)>)** / CWE-79 CVSSv3 Score:| 6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N] Disclosure Standard:| Coordinated Disclosure based on **[ISO 29147](<https://www.iso.org/standard/45170.html>)** guidelines Discovered and Reported by:| **xav0 ** Remediation Guide:| **[OWASP XSS Prevention Cheat Sheet](<https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.md>)** Export Vulnerability Data:| Bugzilla Vulnerability Data JIRA Vulnerability Data [ Configuration ] Mantis Vulnerability Data Splunk Vulnerability Data XML Vulnerability Data [ XSD ] Vulnerable URL: ![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAAAjCAIAAADNIk3yAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAKt0lEQVR4nO2cf0gTbxzHr5o67Ra6tmWb4fQP+0dMwkSJQkRCSmT0wyyWWklZlAyJfhiUGa0olYqQCIuCoPgiIv4RBRGxP6TU5FzD1phDl80VOmcsnbq67x8Hx3HP3XnOzeb4vP665+655/N5f56P97l7nuEqkiQxAAAAAAgDq/+1AwAAAEDUAjUGAAAACBdQYwAAAIBwATUGAAAACBdQYwAAAIBwATUGAAAACBeRW2PS0tIGBgb4mkAIgdiuFAYGBk6dOiXQYX5+/tChQz9+/BA5IEw9EG4itMZ8/vz579+/W7Zs4WwCIQRiu4KoqqrSarUCHWJiYmJjY8+dOydmNJh6YBlYoMaMjIzIZDLOS1NTUzdv3uRrLpGurq7S0lJWU8CZ4Aj5gMExOTl59OhRpVKp0WguXLgwPz+/qNuXqIIV6uAQ44OYDKHHGRkZSUpKWqJXi0JkGIPL86DniGluYmLCbDYbDAb66uzs7KFDh1gjGwyGt2/fihk8oqYeiFaC/47xer1Go5GvuUQ4a0yoBo80qqqq5ubmCIJ49+5dd3f3lStXltN6SGKbmpo6Pj4u3Ce0GRJyxEjAll0F05zP50tISIiLi6Oas7OzxcXFgUCAdYtcLvf5fGIGh6kHloFIXCsbGxuz2WwFBQWczShjZmamv7//0aNHGo1m8+bNLS0t7e3tixpBIpFkZGQEZz2EsaWffUuB1rIUUUETEgnLhtvtLioqampqCu72SJt6IFoRVWPu3buXlpa2fv36I0eOTE1NYRg2NTWl1Wp9Pt+qVauePXvGbLa0tMhksjt37mzYsCEpKamysnJmZoYap7e3d8eOHTKZTKPR7Nu378uXL5zmurq6du3aFRMTw9mk6e3tzc/Pj4+PVyqVBw4c+P79u4CVP3/+XLp0acOGDWvXrj1w4MDExARqd3Z29vjx4zKZLDU19erVq3/+/MEw7ODBgzdu3KD75OfnP3v2jHnX79+/T548qVQqN23adO3aNeouagHh5s2bSqVy48aNjx8/xjBsbGxsz549MpksLS2tubmZWguKj4//9u3b2rVrqdHsdrtarRYfKwzDNBrNp0+fqOM3b97wdaNh9mHGVnzcUHXMNS7O2WclDJ+rtBaNRvPx40eRougOfEFDVQhIEK+CzzG+zGSCJhvqEho0JqmpqZcvXxaODF+gsMibeiBqIQUZHh7GMKyqqsrlctnt9sLCwpqaGuqS1WrFcdzv9wcCAWbT4XBgGLZ//36n02m32zMzMxsaGqhbVCpVW1ubx+NxOBwtLS0Oh4PT6O7du58/f442h4eHcRynzz98+PDJkyder9ftdhsMBp1OJ2DFaDTm5OSYzebR0dHa2lqTyYQOWF9fX15e7nA4BgcHCwoKHjx4QJJke3t7Tk4O1cHlckmlUq/Xy/T22LFjJSUlTqfTYrFs3br1/v37dNwqKircbvfr16+tVitJknv37tXpdG632263Z2VlJSYmsoRbrVa1Wt3T08OnQoHAGiE5ObmwsLCvr48zsD09PYWFhcnJyZyhXlTcWOroSFKXOGeflTDCrooUxVLEl2CoCgEJ4lXwOYZmJivTSK5k48wZpjl0EBLJYc4zaKDIFTL1QBQgqsb8+vWLanZ3d6enp9OXmKnMSjWn00md7+jooJ7RHo9HIpH4/X7UitPp1Gq11LHP58Nx3OPxoE3OPx4Ku91O/f3wWVGpVP39/ag65oAKhcLn81HHBEHk5uaSJDk9Pb1u3TpKTmtra2lpKXOEQCCA4zj9LOvq6srLy6ODQKugekqlUrpnR0cHq8aMjo6mp6e/fPlSQMUoAquDz+czGo1yubysrMxms9HnbTZbWVmZXC43Go20RmZsFxs3lroFZ59Eos3nKgpnT1SRQIKhKgQkiFchRgKVmWjqosmGuoR6FUSNWdFTD0QBC9cYViGhn4wCNUYqldLnBwcHVSoVdVxeXp6dnV1XV9fU1PT+/Xu6TyAQcLlc1HFHR0dhYSF9idlkWezv7y8qKlKr1QqFQi6X046hVrxer0Qiod6h+NR5PB4Mw+jvA7lcznSb+jopKipifmCRJOlyuWJjY+mmzWajSh36l8/qOTg4yKoxeXl5lBXhWInB4/HodDqJREKfkUgkOp2O9QXGCnVwcWOdEZh9zkck6qpIUZyKOIPGqUL40bwoFagENDNZd3Em24IlJLgaEwVTD6xolnXP/8WLF21tbVlZWXNzc3V1dWfPnqXOr1mzZuPGjdSx+F+U6XS6nTt3mkwmgiBevXolxoqAb36/f/Xq1X19fQRBEARhNpsJgqAulZWVdXZ2Tk5O9vT0hOnnbWNjY2azmXaVT4USAR1qaGjozJkzJpOpsbGRPtnY2GgymU6fPj00NESfZMU2uLgtBU5XRfbkVMQnAQubCk4JfJlJI5BsIWelTz2w4hEuQcF9x2CMT+bOzk76k5kJQRApKSmsk4FAQKFQ0AtKrCbT4s+fP5lvQARBoNsbTCsqlYogCGF1OI6jiwMkSfr9frlcfvfu3b1796IO862VsV7cqLWy4eFhqslaKwsEAny7U0wVC66V1dTU4DheV1c3Pj7OujQ+Pm4wGHAcp3bUWLHlsygmbqS42WfdJeCqSFEsRXwSOFUs+B0jRgWnY5yZiZpDky1M3zHkSp56IAoIvsb4fD6JREIvp9JNeutvdHTUYrFkZ2dTW3+Dg4PFxcXv3r0bHx93Op3V1dUlJSX0yNRysMlkyszMpE+ymr9+/ZJIJFarlfqEV6lUra2tXq/XZrPpdDrKMT4rRqMxNzeX2sCkXqDQAWtqavLy8iwWi8vlun37dmNjI2368OHD69at+++//5jeUlRXV5eWlqJ7/ujjYP/+/dT2r8ViQff8mWMKx0oAvV5PlzFOhoeH9Xo9GttFxW3BBw06+ySSMAu6KlIUrUggaKgKMTVmQRV8jqGZyco0kivZOHOGac7pdDIXo1C3Kex2O+f71kqceiAKCL7GkCTZ0NCQkJDw9OlTZrO5uRnH8Vu3bqlUqsTExIqKiunpaZIk5+bmGhoaMjIyYmNjVSqVXq93u90sK+fOnauvr6fHZzVJkrx48SJt0WQy5eTkSKXS5OTkuro6yjE+K4FA4Pz58wqFQiqV6nQ6+gWKOaDf7zcYDCkpKQkJCbt372a+6HV2duI4TglBNzBPnDihUChSUlIaGhqohwjn88LtdpeUlOA4rtVqb926xYwkK7ACsQoVrNguKm7CDxrO2adgJUxoEQgaqmLBGrMUFZyZycw0kivZ+H7SQpvz+/1SqZS1SY7e1d7enpWVJRCo6Jt6IJJZoMYEgcCvvxYkIyPjw4cPfM1owmq10jui/4QwxXYpsx85RKyK2tpa5l49it/v12q1bW1tAn1g6oHlRLL8O0ACfP36VaAZTRAEkZ6e/g8diOLYRjFNTU3Cvw6Ii4t7/vz59u3bBfrA1APLSWTVmOjm+vXrarW6tLTU4XDU19cv8/8lA6KAmJiYbdu2CfcRLjAAsMxE4v8ri1YKCgpaW1tTUlL0en1tbW1lZeW/9ggAACC8rCJJ8l/7AAAAAEQn8B0DAAAAhAuoMQAAAEC4gBoDAAAAhAuoMQAAAEC4gBoDAAAAhAuoMQAAAEC4gBoDAAAAhAuoMQAAAEC4gBoDAAAAhAuoMQAAAEC4+B8s2LyJlH9mMAAAAABJRU5ErkJggg==) --- **Screenshot:** ![lasclev.org vulnerability](/twimages/screen-1193775.jpg) **Mirror:** [Click here to view the mirror](<http://1193775.openbounty.org/mirror/>) ### Coordinated Disclosure Timeline Vulnerability Reported:| 12 June, 2020 09:59 GMT ---|--- Vulnerability Verified:| 12 June, 2020 10:09 GMT Website Operator Notified:| 12 June, 2020 10:09 GMT a. Using the ISO 29147 guidelines| ![](/images/done.png) ---|--- b. Using publicly available security contacts| ![](/images/done.png) c. Using Open Bug Bounty notification framework| ![](/images/done.png) d. Using security contacts provided by the researcher| ![](/images/done.png) Public Report Published [without any technical details]:| 12 June, 2020 10:09 GMT