logo
DATABASE RESOURCES PRICING ABOUT US

scodal.com Cross Site Scripting vulnerability OBB-1193920

Description

Following coordinated and responsible vulnerability disclosure guidelines of the **[ISO 29147](<https://www.iso.org/standard/45170.html>)** standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence. Affected Website:| **[scodal.com](<https://www.scodal.com>) ** ---|--- Open Bug Bounty Program:| **Create your bounty program now**. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| **[XSS (Cross Site Scripting)](<https://www.owasp.org/index.php/Cross-site_Scripting_\(XSS\)>)** / CWE-79 CVSSv3 Score:| 6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N] Disclosure Standard:| Coordinated Disclosure based on **[ISO 29147](<https://www.iso.org/standard/45170.html>)** guidelines Discovered and Reported by:| **xav0 ** Remediation Guide:| **[OWASP XSS Prevention Cheat Sheet](<https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.md>)** Export Vulnerability Data:| Bugzilla Vulnerability Data JIRA Vulnerability Data [ Configuration ] Mantis Vulnerability Data Splunk Vulnerability Data XML Vulnerability Data [ XSD ] Vulnerable URL: ![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAAA3CAIAAABVZQ1/AAAACXBIWXMAAA7EAAAOxAGVKw4bAAANdElEQVR4nO3df0wTZ/wH8NMVqHCgYFuQHwPcBLMY1hhGWMaWZRI0hJC6+WMatmFmFBdGSINO3LIx/sAFkbj9QZaFJS5btv1hjCGEsISQpSHEKWuOrmFYcYGKlS3Aiju1YPW+fzz53ve+96sH11OE9+uvPtfn7j6fT5+7p3fAsYbjOAoAAMAAa590AAAAsGJhjgEAAKNgjgEAAKNgjgEAAKNgjgEAAKNgjgEAAKMs3zkmNzd3eHhYqQnRsjoLuzqzXj2Gh4ePHTum0uHBgwcHDhz4+++/tWwNo0WPZTrH/PHHH48ePXrxxRdlmxAtq7OwqzPrVaW6ujonJ0elQ0xMTGxsbENDQ8RNYbToFGGOmZiYSExMlH1rbm7u9OnTSk2durq6KisrlZpPo4mJieTkZPUOSqU2Dl/Yf//999ChQ1arNSMj46OPPnrw4MHjDGOxueusVVSGk8YYIh4X/HYijpCoi1YKy4EwyJmZGY/HU19fz787Pz9/4MABUbL19fV9fX0Rt7wCTj5P1tKvY4LBYEtLi1JTp5U3xyxPfGGrq6sXFhYYhunv7x8cHPz000+fdGgGispwys7Onp6ejtgtusdFdK2AFHjCIFmWjY+Pj4uLI835+fldu3aFw2HRKikpKSzLRtwyTj46Lcd7Zbdv3/b5fK+//rpsE6KFL+z9+/fdbvc333yTkZGRn5/f3t5+4cKFJx2dGpPJlJeXt7R1ozic+LOYHnwuepJasqiksMxNTU2Vlpa2tbUtYV2cfPTTNMd8+eWXubm5GzdufOedd+bm5iiKmpuby8nJYVl2zZo13333nbDZ3t6emJh45syZ1NTU5OTk99577/79+2Q7V69effXVVxMTEzMyMt56660///xTdnddXV1lZWUxMTGi5u7du8+cOUMWDg8Px8XFkWAoijp69Ojx48fVO2zZskV9dVEYstE+fPiwsbExNTU1ISFh7969MzMzFEXdvXv36NGjVqs1Kyvr888/f/jwIdnCrVu3du7cmZiYmJ+f/+OPPwq3/PLLL69bt85qte7du/fWrVvq9de+U3L34+zZs7m5uQkJCfv375+ZmTl+/LjVat24ceOhQ4fu3r0rrfO6detu3ryZkJBAlo+NjaWnpytVYH5+/v33309MTMzOzv7ss8/4ZGWTIvGcPn3aarVu2rTp22+/VUqHkhtmSjIyMn7//Xfy+pdfflGvnqiPcHQpDUhphNJEhDeayGvpmBcdJrKh8rlkZGT89ttvGpMSdtA4UKOSgmxsSuvKfvp6xq32IIWys7M//vhj9Xoq1VZ0LtJ+TgBe5DmGZVmGYQYHB69cuRIIBE6ePElR1Pr160dHR2maDoVCVVVVwubu3btZlr1y5crQ0NDQ0JDb7W5tbSWbqqioqK6u9vv9AwMDJSUlZrNZdo9KN8oqKir4+6fd3d2PHj3q7e0lzb6+vvLycvUODodDfXVRGLLRtra29vX19fX1+Xy+9PT0kZERiqLq6uoCgYDb7e7t7e3q6uro6CBbqK2tTUpKGhkZ6enpEc4xbrf7yJEjU1NTXq83MzOztrZW/SNY1E7J5zUwMMAwTCAQ2Lp16/T0tMfjuXz58vj4+KlTp5TqTFy7dq2hoYF86ZOtQHNz87179zweT29vr8vl+vrrr9WTYll2dHTU6/WeP3++pKREKR3ZYUZYJYQBV1dX79ixg59yRK5evbpjx47q6mrZrJUGpFKEokSEZMe86DBRD1VjUtKMtA9U/SkoxaZ0yEv3qHPcagxyadRHy6JKDf+HUzU+Pk5R1J07d0hzcHBw8+bN/Fs0TQt7kiZZxe/3k+UXL14sLCzkOG52dtZkMoVCIele/H5/Tk4Oec2yLE3Ts7Oz0mYgEIiPjydbKCoqcjqdBw8eJHtMSkpaWFhQ7+D3+9VXF4akFK3NZnO73cIl4XCYpum//vqLNLu6uoqLi8lys9ksrMOGDRukuY+NjaWlpUnrubSdkuIHg0GyfGBgYO3atffu3SPNwcHB559/XrbOxOTk5ObNm3/++WeVClgsFpZlyWuGYYqKitSToihKtBdpOirDjEQlIlyXZdmWlpaUlJR9+/b5fD5+uc/n27dvX0pKSktLCx+wMGuVAakUoTAR4eelNOZF3ZRClZLtKZuR9oEalRRkY1NaV7pHneNWY5Cyh5J0oXBJxNGyqFKDUOQ5RjSR8CdKlTnGbDbzy0dGRmw2G3n99ttv2+12p9PZ1tb266+/8n3C4XAgECCvL168+MYbb/BviZp2u72/v39qaiozMzMYDNpstnA43NnZ+eabb2rpEHF1IWm0wWDQZDKFw2Fht0AgEBsbyzd9Ph85vQYCAVEd+NK53e7S0tL09HSLxZKSkkKWK80xi9qpyuclaooKSxQXF3/11VcqFZidnaUoyvK/UlJS+A9XY1Ky6aiHrcXs7KzD4TCZTPwSk8nkcDj405Zs1rIDUkuEnOSkpjTmpStKQ9WYlGxGslkYnYIoNqV1pSvqHLcag1zCHKNltHCaSw1Cj/Vn/j/99FNnZ2dBQcHCwoLT6fzwww/J8meeeWbTpk3ktfpvlJWXl/f19XV3d1dUVKxfv95ut7tcLuGdLvUOEVfXGK3OOjgcjtdee83lcjEM09PTo2UV/TsVkd4ou337tsfj4dOk5CoQCoXWrl07NDTEMAzDMB6Ph2EY0nlRSS0qHfV7ZRRF3bhxo7a21uVyNTc38wubm5tdLtcHH3xw48YNpayVPuLFRqidbKgae8pmRBk5ULXH9rTTMlqoJ1HqlUB9ClradQwluJ69dOkSfz0rxDBMZmamaGE4HLZYLPyltKjJcdzg4GBRUVFlZWVPTw/HcR0dHXV1dWlpafxlkHqHiKsr4aO12WwMw4hi1nKv7NKlS6R0//zzj/A7LMMw6tcxi9qpxu+D0sKShaIlshWgaVp6Z2BRSUnTUQ9b/V5ZTU0NTdNOp3N6elq0o+np6fr6epqma2pqlLKWJqglQk7yxVlpzAu7qYQqotRTlJFKFgalIBub0rrSPeoctxqDXMJ1DLfI0cKplhqElj7HsCxrMpn4m8V8k4yDPXv2TE5Oer1eu93e1NTEcdzIyMiuXbv6+/unp6f9fv/hw4crKir4LZO7nC6Xa9u2bfxCUZOw2Ww2m430n5ycTEpKstvt2juov8vfbFWKtqWlpaioyOPxTE5Okq9yHMcdPny4srLS7/d7vd7t27fzt5scDoewDnzpbDZbR0dHMBj0+XwOh4Msv3PnjslkGh0dJdfdwtu+2neq8ViVLaxop0oVqKmpKS4u9nq9gUCgtbW1ublZJSnZo12ajp57ZVVVVePj4yodxsfHq6qqpFmrDMiIEXJyJ2jpmOf+/2ESMVSNSfEZqWRhUAqysSmtK/vp6xm3GoP0+/3CW2rSZImxsTHpMFMaLYsqNQcCS59jOI5ramqKj48/f/68sHn27Fmapr/44gubzbZhw4Z3332X/OxuYWGhqakpLy8vNjbWZrNVVVVNTU2J9tLQ0HDq1Cl++6ImcfDgwT179vDNwsJCUR/1DirvCpNVijYcDp84ccJisZjNZofDQb7KsSx75MgRi8WSmZnZ1NTE35ydnJwsKyujaTovL6+trY0vncvlKiwsNJvNaWlpTqeTX37y5ElST1HZte9U47EqW1hRZ6UKhEKh+vr6zMzM+Pj48vJy/ouebFKyZxlpOvp/HqOFKGuVARkxQk5ygpYd84ToMIku7QPVuBSU1pX99PWMW41BhkIhs9ks+q0KaTAXLlwoKChQKqz0GFnUOQF4EeaYJVC55xNRXl7e5cuXlZoQLauzsMZlrWfMLxN6Unhs6WvfUV1dnfRXWoRCoVBOTk5nZ6dSh9V5jBjB9Hh/+hPBtWvXVJoQLauzsKsz69Wpra2N/20UWXFxcT/88MMrr7yi1AGjJVqW47NkAAD0iImJeemll9T7qEwwEEWYYwAAwChrOI5b1AoTExPbtm3777//VPrMzc11dHQ0Njbqiw0AAJ5ui55jKIqan59Xf1yrlnkIAABWvKXcK1sNzwMHAAD9NP0fTNnnget5GDgAAKwGmp7tr/Q8cD0PAwcAgBVP072yc+fOpaam7ty5Mz8/X/RWe3t7VlbWc88919zc3N3dTRaSf6sQFxdHHhU3NjZWWlpaVla2f//+69evRzV+AABYviLPMTRNJycny75lNpuzsrLI661bt/r9ftluCQkJjY2NY2NjCwsLL7zwwpJjBQCAp8tj+vuYlfcwcAAAiEjXHBMKhW7evEle+3y+Z599VrbbsWPH7HZ7Wlqaz+fDH80AAKweep9X5nQ6z507FwwGm5qaHA4HWWixWEKh0PXr17ds2UJRFMuyXq83Oztbb7AAAPBU0XUdQ9N0YWHh9u3bS0pKCgoKTpw4QZYnJCR88skndrud/O7y999/jwkGAGAVWsrf+RP4Y34AAFCHZ2ICAIBRMMcAAIBRMMcAAIBRlv7zGAAAAHW4jgEAAKNgjgEAAKNgjgEAAKNgjgEAAKNgjgEAAKNgjgEAAKNgjgEAAKNgjgEAAKNgjgEAAKNgjgEAAKNgjgEAAKNgjgEAAKNgjgEAAKNgjgEAAKNgjgEAAKP8D29DeScwUFKKAAAAAElFTkSuQmCC) --- **Screenshot:** ![scodal.com vulnerability](/twimages/screen-1193920.jpg) **Mirror:** [Click here to view the mirror](<http://1193920.openbounty.org/mirror/>) ### Coordinated Disclosure Timeline Vulnerability Reported:| 12 June, 2020 10:28 GMT ---|--- Vulnerability Verified:| 12 June, 2020 10:40 GMT Website Operator Notified:| 12 June, 2020 10:40 GMT a. Using the ISO 29147 guidelines| ![](/images/done.png) ---|--- b. Using publicly available security contacts| ![](/images/done.png) c. Using Open Bug Bounty notification framework| ![](/images/done.png) d. Using security contacts provided by the researcher| ![](/images/done.png) Public Report Published [without any technical details]:| 12 June, 2020 10:40 GMT