Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:
      a. verified the vulnerability and confirmed its existence;
      b. notified the website operator about its existence.
Affected Website: |
readymap.kz |
Open Bug Bounty Program: |
Create your bounty program now. It’s open and free. |
Vulnerable Application: |
Custom Code |
Vulnerability Type: |
XSS (Cross Site Scripting) / CWE-79 |
CVSSv3 Score: |
6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N] |
Disclosure Standard: |
Coordinated Disclosure based on ISO 29147 guidelines |
Discovered and Reported by: |
Teamhash |
Remediation Guide: |
OWASP XSS Prevention Cheat Sheet |
Export Vulnerability Data: |
Bugzilla Vulnerability Data |
JIRA Vulnerability Data [ Configuration ] |
|
Mantis Vulnerability Data |
|
Splunk Vulnerability Data |
|
XML Vulnerability Data [ XSD ] |
|
Vulnerable URL:
![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAAAjCAIAAADNIk3yAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAMrklEQVR4nO2cf0wb9RvHb6ywAteN0lIYdK5Fg2RZ0BgkqExxM9uCDdaOocYqqASRNATJJBtLsFbDCIKJuJH9MZNtMbo/yLIQYnBpNKmE4GCsq7XWBrFrOlZJi3TesHZd7/vHx+8n513vKD8KOJ7XX/d8+vnxPO/73D295wqbaJomAAAAACABJK21AwAAAMB9C+QYAAAAIFFAjgEAAAASBeQYAAAAIFFAjgEAAAASBeQYAAAAIFGsixyjVquvX7/OZ25YQAdg/XP9+vV33nkHHd+9e/eVV175/fff19YlYF2x9jnmxx9/jEajjzzySExzwwI6AP8JamtrVSoVOk5OTk5JSTly5MiaegSsLxbIMTdu3JBIJDE/CgaDJ06c4DPjZ2BgoLKyks9cEW7cuCGVSld2zsU6wCcjH8I64AmXH1o8Myx4cpkBLiHY9cmSt7QA60Gcd999NzU19dy5c8t3JhAI2Gy25uZm3NLc3Gw2m5ftI3D/sPTnmLm5uY6ODj4zflYhx/wXWVc6LHhyd+7c6ff7V82f1WHJW3o9EwgEent7R0dH9Xr98s8aRVFpaWlbtmzBLZmZmRRFLdtN4P5BtLbL37p1y+VylZeXxzQ3LAvqIBKJCgoKmAdrDvNGA6xbUFbANVg4a0Ciies55tNPP1Wr1TKZ7LXXXgsGgwRBBINBlUpFUdSmTZvOnTvHND/55BOJRPLxxx9nZ2dLpdKampq//vqLb+aBgYH9+/cnJyezTPQUf+LEiaysrO3bt3/++ecEQfz9999vvfWWRCLZuXPn+++/f+/ePTRqbGzsiSeeSE1NzcrKOnz48M2bNwmCuHnz5oEDByQSycMPP/zll1+inqdOnTpw4ABe/fjx4zU1NWitnp4etVqdnp7+0ksvBQKB9957LysrSyaTvfHGG3fu3BFYCA2PM16CIH766SeZTPb9998jc9O/Yenw22+/paenX7t2jSCIQCAglUq/++47giDy8vKuXr2KDn744Qc06ptvvhE+j7hDTHH4FGad65g6CFRdxsbG9uzZI5FI8vLyDh069PPPP7M63Llz5+23387KytqxY8cHH3yAFhVQlesk8wxKpdJXX30V7dL4F+KO5UYdczhBELdu3Xr++eclEolare7p6cGFR752JnxbOib37t07duxYdnZ2enr64cOHA4HAYoMKBALMoJgVV9blFv9FIcCCGxLYCCycYyiKslqtIyMjV65cmZ6ePnr0KEEQ27ZtczqdJEmGQiG9Xs80X3zxRYqirly5Mj4+Pj4+PjEx0dXVxTe5QKGMoiin02m328+ePVtWVkYQhMlkmp+ft9lsQ0NDFovl9OnTqOfExER9fb3P57Pb7Uql0mAwEARhMBi2bt3qcDi+/vprfBvVarUWi+XPP//Ey+l0Ohzj8PCw1Wqdnp4uLCz0+/02m210dNTtdre1tQkshIbHGW8wGNTpdJ2dnXv27EEtof/T2tr68ssvs3RQq9VtbW2o3t3e3l5RUfHss8/yTV5bW7tv3z6Ue1iMjY3t27evtrYWmTHF4VOYda4FdIiJRqOpra31eDzDw8NlZWVisZjVoampaXp6emJiYmhoaGBgoK+vT1jVmE5SFGWz2dAu9Xg8+JTFuRB3LDdqvuEGgyElJWVyctJsNp8/fx4vx9fOhG9LZ3EgCKKrq8tsNpvNZpfLlZub63A4FhuUTCZjBYXhXm5xXhQCCGxIYANBC+J2uwmCuH37NjJHRkby8/PxRyRJMnsiEw3xeDyo/eLFi8XFxejY4/GoVCo8hKIokiRnZ2e5JpoEf4SQy+UURaFjq9VaUlLCdXhycjInJycSiYjFYqYPGRkZ6Li0tLS/vx87HAqF0Fpzc3Oow/DwcFJS0vz8PA75oYce4ltIOF6uOBUVFY2NjdzZ7Hb7Aw884Pf7ubKEw+HCwkKj0SiXy30+H3cshqKojo6OzMzM6upql8uFGl0uV3V1dWZmZkdHB1JPQBw+hVnnmqsDswPzeHZ2ViQShUIhPp8jkQhJklNTU8gcGBgoLS2lBVXlOsnapcPDw3iXxrlQzLHMQPiGIzFxOxaTr52lJJ/gXg40TSsUiomJiRUMinXNMi+3OC8K7sZgtsTckMBGY+H3MSRJ4jJIbm7u7OzsgkPEYvGOHTvQcWFhocfjwcNHRkZwt8uXL5eUlOAaAsskSZJZXvjjjz/8fj/+lWQ0GhWJ/nH+2rVrra2tDocjHA5Ho9FoNDozM0MQBNMHPI9Wqx0cHDx06NDg4GBFRQWqR5MkuW3bNtRBqVRu3bo1NTUV+4zfi3IXEo6XxfHjx4eGhs6cOcP9qL6+vre3VyaTcXVITk4+efLkc88919vbm52dHXNmRHp6+rFjxxoaGt58881du3bdvXuXIIhdu3ZpNJqpqSkcIJ84Agqz4NOBi1QqraqqKi0t3bt3b25ubnFx8TPPPMPsMDMzEw6H1Wo1dgbd3QgeVfmcZO5SpVLJ3aUCCy04VmD4zMxMNBpltuP+MduZCAiel5fH6hwMBmdnZ4uKilYwKCasy42I+6IQIOaGBDYaq/rOf/Pmzdu3b8fmon5RFgqFkpKSxsfH8XWYlPRPoU+r1dbV1Z0+fVosFnu93oMHDwr4oNPpUClgcHAQ147iZFELsZifn7948eKFCxcMBoNOp8NXL0EQp06dys/Pf+GFF5DJ1cHn8yUlJfl8vgVX+fXXX9vb2y0Wi8lkQi0mk6m7u7uxsdFkMj344IMCYwUUZrEoHb766qurV6/a7fbp6emWlpYnn3zys88+WzCQRTkZDoeXPOEaIiA4Ko4xmZycJAhi8+bNq+nh8uFuSGDDIfyYwy2I4bpKnLWyS5cucWtHNE1HIhG5XI4f81lmzOIMSZKsWgFN0zMzMyKRCJtWqzUjI4NVDrp06RJ2m6bp3bt3m83mjIwMVEwQiJFpxlwoznjdbrdIJHI4HDRNazQag8GAP/J6vYWFhbhMwdKBpum5ubmcnJwLFy5kZmaiGfhoaGggSbKlpQXV3DB+v7+5uZkkyYaGBppTK2OKE1NhlkQxdeCrlbGwWq1KpZLZEmetjKkq10nhM7jgQvHscOFamdvtRu2sWhm3nbUcn+B8tTKr1bqCQTGvWYGSF1dSbAoP5NuQwIZi6TmGoiiRSITLrNhEd4eqqiqv12u32x999FGj0YhnwKV5i8Wye/du3M4yY96nGhoaSktL0Tfirq4uk8mE2hUKRV9f39zcnMvl0mq1yEOtVsv0gXmFtLe3FxUVaTSaBWNkmTEXEogXB8tcwul0isVim82GTJ1O19/fj9/8s3SgabqxsbG6upqm6Y8++qi8vJzmR6/X45saF7fbrdfr0TGfOHwKs841VwdmgLdv3xaJRE6nMxKJOByOgwcPfvvtt36/3+Px1NXVYdkxdXV1lZWVHo/Hbrc/9thjvb29wqpynYwnxwgsFOcOjzmcpumqqiqtVut2u+12e1FRER4es50pjoDgMeno6CgpKbHZbF6v12AwWCyWJQS1sjnG4/GIxWLmwMnJSdxTeEMCG4Sl5xiapo1GY1pa2tmzZ5lmT08PSZKdnZ0KhSIjI+P111/HrwqZsx05cqStrQ1PxTJj5phQKNTc3KxUKtPS0ioqKvDXN4vFUlxcLBaLc3JyWlpakIder3f//v0kSRYUFHR3dzPdtlqtBEFgt+PPMTEXQsO58Qp8tW9qanr66afRMeuxkqXD+Pg4SZLo63woFFKpVOfPn+eepsXCJw6fwvS/zzVXB1aAR48eRZ3D4bDRaCwoKEhJSVEoFHq9nvuzBYqi6uvr5XK5Uqk0Go3o5sunakwn48wxAgvxjWVGHXM4TdM+n0+j0ZAkqVKpOjs78XC+diyOsOBcIpFIa2urXC4Xi8VarRb/QmRRQa1sjgmFQmKxmPk+v7+/v6ioSCAKYKOxQI5ZAgKlEiYFBQWjo6N8ZkKhKEosFrN+tLZk4ow3TlZTh/XMyqq6ajidToVCEX/7fUBTU9PevXvRMfoadObMmbV1CVhXrNnf+f/yyy8CZkK5fPlyWVnZ2v4HMz5WUwdgxbFarfn5+fG33wd0d3ejwgBBEFu2bPniiy+eeuqptXUJWFes8f+SWX2CweDJkyfxXzsCwDL58MMPc3NzKysrp6am2tra2tvbhdvvM5KTkx9//HFsQoIBWKz9//ZfZXB9f60dAe4TysvL+/r6lEqlXq9vamqqqakRbgeADcUmmvPaGQAAAABWhA33HAMAAACsGpBjAAAAgEQBOQYAAABIFJBjAAAAgEQBOQYAAABIFJBjAAAAgEQBOQYAAABIFJBjAAAAgEQBOQYAAABIFJBjAAAAgETxP7GzTHj2wVb/AAAAAElFTkSuQmCC)
Mirror: Click here to view the mirror
Coordinated Disclosure Timeline
Vulnerability Reported: |
12 June, 2020 12:39 GMT |
Vulnerability Verified: |
12 June, 2020 12:54 GMT |
Website Operator Notified: |
12 June, 2020 12:54 GMT |
a. Using the ISO 29147 guidelines |
![](/images/done.png) |
— |
— |
b. Using publicly available security contacts |
![](/images/done.png) |
c. Using Open Bug Bounty notification framework |
![](/images/done.png) |
d. Using security contacts provided by the researcher |
![](/images/done.png) |
Public Report Published |
|
[without any technical details]: |
12 June, 2020 12:54 GMT |
Vulnerability Fixed: |
12 July, 2020 15:42 GMT |
— |
— |