Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:
      a. verified the vulnerability and confirmed its existence;
      b. notified the website operator about its existence.
Affected Website: |
fct.tarad.com |
Open Bug Bounty Program: |
Create your bounty program now. It’s open and free. |
Vulnerable Application: |
Custom Code |
Vulnerability Type: |
XSS (Cross Site Scripting) / CWE-79 |
CVSSv3 Score: |
6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N] |
Disclosure Standard: |
Coordinated Disclosure based on ISO 29147 guidelines |
Discovered and Reported by: |
Tanzil |
Remediation Guide: |
OWASP XSS Prevention Cheat Sheet |
Export Vulnerability Data: |
Bugzilla Vulnerability Data |
JIRA Vulnerability Data [ Configuration ] |
|
Mantis Vulnerability Data |
|
Splunk Vulnerability Data |
|
XML Vulnerability Data [ XSD ] |
|
Vulnerable URL:
![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAAA3CAIAAABVZQ1/AAAACXBIWXMAAA7EAAAOxAGVKw4bAAAVpUlEQVR4nO2dbUwUxxvA1+PAA5dX4VTA8qJFYw2lxFK01hIx1lhCri2itVSpJZQaqpRYg8ZYiimiRYNoCDG2QWPVGkMoH6i11JgTKUWkJyWUEiQHwRPpgYAnnnCw/w+bTua/s7O7d3AK9vl9YvdmnreZuYeb3X12BsdxDAAAAAA4AdWzNgAAAAB4boEcAwAAADgLyDEAAACAs4AcAwAAADgLyDEAAACAs4AcAwAAADiLKZFjwsLCbt++TTsEGIjJtMWxgbO310Smh7OnlkL5MMOfV559jvnzzz/Hx8dffvll0UOAgZhMWxwbOHt7TWR6OHtqKZQPM/w5RibHdHZ2enp6in40ODh48OBB2qFyKisrExMTRQ8///xzd3f306dP0/rSlDpsjBI6Ozt9fX2dJFwUQYgExtAGyF4mMWhOjT+j2OtJMWMiEVYycOR0wnsJtIsaI9FeuYUzxMBF4cFUrkUiAqLNHj58uHPnzpCQEHd390WLFh06dGhsbEy5O09zYgBK4SQxGo0syyr5SKKlNDExMVeuXCEPzWazSqUyGAw2m81e8xw2RglGo9HHx8dJwkURhEhgzGR5OjVFTUT+pJgxESFKBo6cTnyvnp6eLVu2NDQ0sCzb3t6+efNmm80maoxEe+UWWq1Wq9Xa2trq4+NjxSAN5uyJiUQERJslJSXpdLrW1tbe3t7q6uq4uLj6+nolihC4zTScPT8BHPWzzXD37t1ra2uLi4sjDy0Wi4eHB/x8FoQImC5ID5xarY6IiMD/EPRydXWNi4vbtGmT1WpNSkoqKChwcXERNJZtr9zCmTNnMgyj0WjQ3xNH4dRFzR4/flxRUWE2m729vRmGiY+Pj4+Pt1fpZBkPTBaKrsccO3YsLCxs9uzZH3744eDgIMMwg4ODoaGhFotlxowZp0+fxg+PHj3q6en5zTffzJkzx9fXd+vWrY8fP6ZJrqysXLt2raurq+Cwr68Plz82NrZnz545c+bMmjVrw4YNfX19pA1IJnn+5s2by5cvd3d3DwgI2LBhw927d5l/f1YfPHgwICBg3rx53377La0lwzB379596623PD09Fy1adO7cOdIRUQsZhnn06NEnn3wSEBAwf/78r776amxsjNd75MiRsLCwWbNmbdy4sa+v74svvggICJg9e/ZHH3306NEjWoho5h06dIiMNqmaEdt74TdqBEGjNeNteOONNzw9PYOCgt57772//vpLEAqBqCdPnnz88ceenp4hISFffvklboZsEPhmsnNJNCzkNBC1BPdRQhe5BGS7COY24ueff2YYJigo6NatW/wfv//+u2iv8fFxdF6lUuG9FLYXVS1rIe4d/zdtrfHQAishH7cENePtV6vF//Ellxi5hHGbaaMj7Qsw6cjnGIvFYjAYamtr6+vrTSZTTk4OwzDe3t6tra0sy1qt1pSUFPzwnXfesVgs9fX1DQ0NDQ0NjY2Nhw8fpgmnXYyZPXs2Lv/w4cPV1dXV1dVtbW2BgYEtLS2kDUgIeb6xsTE9Pb2np6e5uTk4ODgzMxO51tra2tzcXFZWtnLlSomWmZmZXl5eLS0tVVVVojlG1EKGYXbs2GEymRobGy9fvlxZWVlSUoJCWlNTYzAYTCbT4sWLzWZzU1NTXV2d0Wjcu3cvLUSi5lksloZ/waMtqpoGLZgkCQkJqampXV1dNTU1K1eu5P/zlRCVl5c3PDzc1NR0+fJlvV5fWlqKgq8kCErmkmhYSI9oliBoukSXgKx55KWImzdvxsfHp6amSoQX9bp///61a9cuXLig0WguXbpUVlYmemVCYXtR1QovljBy04MWWFH5pCWo2axZs9avX79p06YbN24I/tNiKEuMXMI4oqOjfKoDk4P0VprRaGQYZmhoiD+sra0NDw9HH4lej+G7dHV18efLy8uXLVvG/93V1RUaGoq6WCwWlmX7+/tFD3H5Wq22sbFR1Dx7r8e0t7fPnTsX2YnUSbS02WwajQb3iLweI2qhzWZjWbajo4M/rKysjI2N5fUODAzwJ2tqalQq1fDwMH9YW1u7cOFCJEEQE9I8WrRFVZORwS8GSGy4o2b9/f1qtVp2yxvv7u/vb7FY+L8NBkNMTAz3b/Blg0DzTsn4ks1ELcFtpumSWAK0qS4YuLa2tuTkZD8/v/z8fGQDCTnc0lcOlLSnqRadWrT5wElOD9HAkvJFLRE0GxoaysnJiYiIUKvVCxcuzM3NRVeVyCVGLmGBkbTRgesxTxP56zEsy6Kfn4GBgf39/bJdNBrN/Pnz+b8XL17c1dWFutfW1qJmV65ciYmJQZswgkPE4OBgf39/ZGSkrF4af/zxx+7du1taWkZGRsbHx9GWAsuyAnWiLXt7exmGwT1SaGFvb+/IyEhYWBjqyM97lmX5HWeGYYKDg728vNzd3fnDwMBAs9mMJAhiImqeaLRpqieIr69vUlJSbGzs6tWrAwMDly1b9uabb0q0f/DggdlsDg0N5Q/Hx8fRTojCINDmEg5tfBVagqDpklgCtC6CgVuyZElCQkJHRwdyWRRyCYSEhDx8+HAi7WmqacvNXmiBJeWLWiJoxu99HTx48MmTJ42NjdnZ2Tab7cCBA7QlRi5hHCWTB3A2T/X5GBcXl3nz5qFDibuWRfs6rFen061atUqv1xsMhqqqqklpObkW0hDEZCLmTRbnz58/depUZGTkyMhIdnb2Z599JtHYarWqVKqGhgaDwWAwGJqamgwGw6SbpCQsT8cShGDg8vLy9Hr99u3b79y5o7yXvVpEoam2VxcNWmBJ+aKW0MyYOXPm8uXLi4uLL168iE46Y4kBTkf6Z47CrRWOvldWUVGBfqLi2Gw2f39/tJkjOOSIvTKDwSBrnuj53t5etVqNPjIYDLwLZF9aS8FeWUVFheheGWkhba+MFlLBoSAmoubRok3bKxsaGlKpVGjnp6amRnRAJZrhGAyG4OBg8jwuimVZchdRYRBo3ikZX1KLqCW4UlldHLEEaMEXTGaO48xmc1ZWFsuyGRkZogaI9pJAeXtSNa2vY3tlZGBp8gWWkM0EG4l6vR7tTJJLjFzCEntl+BcR7JU9TRzPMRaLRa1Wt7W1CQ75oU1KSuru7m5ubo6KisrNzUUS0Fa+Xq9funQpOi84FKjOz8+PiYlpamrq7u7OzMzU6/WkDfhFAoFtWq22pKRkYGCgra1Np9PRcgytJcdxOp0O9widR0ppFqalpSUmJnZ1dTU3N0dHRxcXFyvPMWRMSPMkok2q5s/HxMSkpaX19PS0tbWtXLmSNqCizVpaWtatW3f16lWz2dzV1ZWWlpaQkCAIhUBURkZGbGxsc3OzyWQ6fPhwXl4eGXzpHEN6NzQ0pFarW1tb+c162qgJPBK1BFlO0yWbY8gu5MDh3VNSUkQ/kug1Ke1x1bS+EjkGD6Yg/mRgpW1Dlgiatba2arXakydPmkymgYEB/tP8/Hz+U3KJKckxoktDMDEAp+J4juE4Ljc318PDo6ysDD88cuQIy7IFBQVardbHx2fLli3oWi4ubdeuXXv37kWiBIeCxjabbffu3f7+/hqNRqfTmc1mgQ28Urw7bpter1+2bJlGo5k7d252drZEjhFtyXFcd3f32rVrWZaNiIgoLCwkJdAstFgs6enp/v7+wcHB/AVM5TmGjAlpHi/t8OHDZLRJ1fz59vb21atXsyy7ZMmS4uJi2oCKNhsZGcnNzY2IiHBzc9NqtSkpKT09PaLBRKKsVmtWVlZwcLCHh8f69ev5f1qV5xjaXMrJyZEeX9IjaUtoumR/ypNdyIFTgr29HNMi3Vcix3D/H0w8/mRgFdpGNquqqoqLi/Py8vLw8IiMjDx58iT6iFxisjmGNnk44rsLcB4yOcYBFP4OjYiIqKurox0CHMTk6e5pOKCL1sWxgbO310Smh7OnlkL5TjUDNsSmCM/sOf+///5b4hBgICbTFscGzt5eE5kezp5aCuXDDP8vYMd9ZVO/+LbDFk5912S5ffv2p59+6mwto6Oj77///v379yWUPgfBnNbw8ReMlJIuzjYM+G+iNMdM/eLbDls49V1TQmpqKnpGwXm4urq6ubnt2rWLpvT5COb0BcVfMFJKujwF84D/IEpzjPK76aWfGnMeshXOaXW/lbh2/PjxBQsWzJw585VXXvnpp59kjSF12SuBFCjxrFlfX19TU1NWVpZdJilEUAg9KyururqaphQPpoTLnZ2dqIC8i4tLWFjYgQMHUCkz9BGqK3Xs2DH+IxcXl+vXrwtEocjgfWfMmDF//vw9e/aMjo7SIoD3DQkJyc/P5+unvfbaa7/++quotbhYNNWlPZVQKu0Rrd4+XiPu+++/X7RoEV4iDMUfjZQ0k/WgzFTjWX0RAUIUXrdRWKP7GSJR4Vy67Lmsa8XFxaGhodXV1b29vefOnfPz80O3JtMQXG90QAIpUOKFAkoubzp8CVTiQShSIAqmtMt8X756/PDwMF+ABL+t2fr/8OPF340aHh6OP0VB3gqFxDY3N69YsWLfvn20COB9i4uLw8PD+duyL1265O/vX1NTo0SsEk9pSqU9Eq23n5WVtWXLFtQ4MjISvzkKn8wKR3zqL21gWqMox5hMJh8fn5GREWdb4zC4hd99993ChQvVanVUVNTly5f5BqInOWWuBQYGXr16FR0WFRWhh0JoCJa3AxJIgVM/x+DBlHaZ7FtTU7NkyRJpO41Go4eHR3R0NP4Yo/TttrW1tYsXL6Z9ivcVGFxaWooMlhZrr6cCg6U9Ig9NJhPLskajkeO4qqqq8PBw9A+TYDIrGfGpv7SB6Y6ivTLpGuAkghLi0m1Ea8Vv3Ljx66+/Ro2XL19++vTpe/fuvf32256enmFhYUeOHMH3jmQrnNPKnsu6Njg4aDKZ8JKuq1atQmWV8Rr1vr6+H3zwASr8rlACM4EXCtCgCcSRKLmPF0u3qxA6CqasyyQajcZms8m6plKpzpw5U1ZW9ssvv8g2ZhjGzc1tZGREthlp8LZt206cOCEr1gFPBdjr0bx581JTU/kSwgUFBTk5OajCisJa+jj2Lm0AsBelOcauHdvU1NT4+HjBiy4QguLeorXik5OTKyoq+Ab37t0zGAw6nS4zM9PNza29vb26uvrMmTOiFopWOJcoey7rmsVi0Wg0+CL08vIaGhrCGzQ1NfGF37u6ugSV+ZVIsPeFAgEEAo00gTgSJffxYul2FUJHwZR1WcA///yzb98+nU4nLZ/npZdeys3N3bZtG5nOBTx48GD//v1paWmyMkmDXV1dQ0JCZMXa66koyj3iycnJOXfu3I8//mg0GkWL5JPQluTzejEGmELI/tKRKC8v0SU/P9/Pzy85ORkv2EAW96bVih8eHvby8uJrDZWUlCQmJvJFw1BpI7zAvsKK6ORJsqPg7QOivTo6OgT76XhdL768kkRxJ4EEAUpeKNBNILErgr/LQLYeu1HsfQcK98rwYMq6zCvy9/f39/f38/PTaDQZGRl4TRd/jMzMTIFqm80WGxvLX5YgL28gsSqVat26dTRH8L6CChS8BEENf1GxSjyV3iuT9og85MnIyNBoNCUlJaLxJ1WLLkkHljYA2It8jikvL1+9ejU6xBc/7QxPf3+/TqfD6xWq1WqdTofeGsKzadOmqKio7OzswsLCa9eu4ef5Eltr1qw5e/asyWRyc3NDn7a0tKCFJ7BQOWRHm81mMpnwM93d3RqNBj/T3t6OPKUVGsHPS0vgOK6xsXHNmjWBgYH8VxgvwWQy4b1wf0kEZogKxNvw1enRqPn5+Wm1WlIOzUfRHIMHU9Zl/joEnyBNJhN+Cwb+EY/oK4Xa2to8PDwqKirIyxuoo16vj46OLioqEnWEw8YLN3hgYKC7u7uurk6JWCWeKskxNI84So5pamrSaDT4P2fkZCZVC5akwwsHAJQj/5y/4Nc0WRFdtEb6nTt39u/fr9fr8/Ly0Mm8vLzCwsLt27fn5eUtWLCAP3n+/Plbt27xBfWys7NXrFhx/PhxhmGSk5NPnDiRkpJSX19fXl5usVgUWqgcsqPg7QMMw/DbRKOjo2g/ZGhoyMvLS7kWWQk6nS4tLa20tFSj0XR3d69bt05aILk51tDQgB/KCkT12NE7VERfzWsXeDCVBE2lUgUFBYmKkvgI8eKLL+bn56enpwuK+eN9g4KCiouLt23btnPnToZhPDw8rFbr2NgYuoBhsVg8PDwEBnt7e3t7e/f29vIfSYuV9VRCqUKPRPHy8lKr1fi762VXAbkkYaMMeBpIpyB7643zZGRksCybnZ2NF6/kka5wjteKt1qtfn5+RUVF7777Lvfv3hF/Ow2H7R05ZqFdHQU3DhUXF9PuOBL9HSMtwYEXCkjvlSl8lwFZj51sQ/OR/B1DBlPCZZoiBz6Ki4uLjY2VuK+srq4ObXlxHKfVatEdyRzHlZSUoF2vwMBA/Gd0YWGhxIYYLlbaU2mlsh5xlN8xgo6ikxlvQy5JhxcOANiFTI6xt344T0pKCkoGohj/Le4tUSue47jNmzd7eXldvHiRP0xKStLpdEajsbm5OTIykl94jllI62ixWMhSrOgBCLPZfOHCBfwBCFqOERQ/l5DA2f9CAZKuri58x0ZUoGw9dtIdFBO8EHp7ezsvEFdKBlPaZdlEQns+hrz4wbKs6PMxVqu1paVl1apV27dvR+1PnDgRERGh1+v5h2D8/PzQtz96Pqa3t/fs2bN+fn61tbVKxEp7Kq1U1iNOWY4RncxopDixJenwwgEAu5DJMROpH64EWq14noqKCpZlUUXunp6ehIQElmVDQ0MLCgr49eOwhaIdad99/BeQm5tbVFRUVVUVrT3+dYAXP5eQwNn5QgFRrFarRqNBaYAmULoeu4T7eCH0S5cuRUZGCpSKBlPCZekcQ/7a5i9+iPYqLS0VXPNHaLXa9PR0dEcGz9GjR0NDQ93c3JYuXVpeXi4wmP8oOjoa/2kiK1bCU2mlsh5xynKMaPzRSIni7KUNADwyOWbKlpfnX2fETcBC0Y4OP6j4zNmxY8dTuH5rtVpDQ0NPnTolUDpl58l/BDL+gpFS0gUAnMEMjuOceLXHafzwww9FRUW//fbb5Irt7OwsLCzkbzqYXoyOjhoMhldffdXZim7cuPH6668/ZaWAA+AjBQDPiumUYw4cOBAYGJiYmNjR0bF58+b9+/dv3bp1clU8efJErVajW4AAAACAiTCdcsz169ezsrKam5tfeOGFzMxM/oZUAAAAYMoynXIMAAAAML2Y6JN3AAAAAEADcgwAAADgLCDHAAAAAM4CcgwAAADgLCDHAAAAAM4CcgwAAADgLCDHAAAAAM4CcgwAAADgLCDHAAAAAM4CcgwAAADgLCDHAAAAAM4CcgwAAADgLCDHAAAAAM4CcgwAAADgLCDHAAAAAM7if64HYHjDXqQYAAAAAElFTkSuQmCC)
Screenshot:
Mirror: Click here to view the mirror
Coordinated Disclosure Timeline
Vulnerability Reported: |
12 June, 2020 16:01 GMT |
Vulnerability Verified: |
12 June, 2020 16:17 GMT |
Website Operator Notified: |
12 June, 2020 16:17 GMT |
a. Using the ISO 29147 guidelines |
|
— |
— |
b. Using publicly available security contacts |
|
c. Using Open Bug Bounty notification framework |
|
d. Using security contacts provided by the researcher |
|
Public Report Published |
|
[without any technical details]: |
12 June, 2020 16:17 GMT |
Vulnerability Fixed: |
10 July, 2020 15:41 GMT |
— |
— |