Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:
      a. verified the vulnerability and confirmed its existence;
      b. notified the website operator about its existence.
Affected Website: |
truetronix.tarad.com |
Open Bug Bounty Program: |
Create your bounty program now. It’s open and free. |
Vulnerable Application: |
Custom Code |
Vulnerability Type: |
XSS (Cross Site Scripting) / CWE-79 |
CVSSv3 Score: |
6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N] |
Disclosure Standard: |
Coordinated Disclosure based on ISO 29147 guidelines |
Discovered and Reported by: |
Tanzil |
Remediation Guide: |
OWASP XSS Prevention Cheat Sheet |
Export Vulnerability Data: |
Bugzilla Vulnerability Data |
JIRA Vulnerability Data [ Configuration ] |
|
Mantis Vulnerability Data |
|
Splunk Vulnerability Data |
|
XML Vulnerability Data [ XSD ] |
|
Vulnerable URL:
![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAAA3CAIAAABVZQ1/AAAACXBIWXMAAA7EAAAOxAGVKw4bAAAWjElEQVR4nO2df0wUR/vAVzjghAXhPFAODD+0SKyhlFqCVi1VY60l5NoiWkuVWkIpoZYQa9AYS7FFyosG0RBibEONVWuMofxBrSXWXJFSRDwpoZQgPQieSAEBT3qeyL5/7LeTeWdmZ5c7ToHvfP5id2eeXzN7Dzu7++wsQRA4BoPBYDCcgMvTNoDBYDAYMxaWYxgMBoPhLFiOYTAYDIazYDmGwWAwGM6C5RgGg8FgOAuWYxgMBoPhLKZujgkLC7t586bUJmMKwsZommLfwE20lyPT4wlMLTZ7ncQUzTG///77+Pj4c889R9xkTEHYGE1T7Bu4ifZyZHo8ganFZq/zkMkxXV1d3t7exEPDw8MHDx6U2nSQqqqqxMREfHNytUy6QEq4nK0at8TPz89JwokgQ4YYozwsdCYxaE6NP6fY60kxw5EIKxk4fDrBvXDt+B56e4UWziIBi4KDOSEtlCAwHEWgYjKZeJ5XcojS0g5iY2MvXbqEb06uFmcItFqtT0s1ItzX19dJwokgQ4YYM1meTk1RjsifFDMcEaJk4PDpJPbq7e3dtm1bY2Mjz/MdHR1bt24dGxsj2kNvr9BCq9VqtVrb2tp8fX2tELjBRBvsCwLDQVRPO8cRuHPnTnt7e3x8PHFziuPh4fG0TXgKTK8xYgDoA6dSqSIiIuA/kF5ubm7x8fFbtmyxWq1JSUmFhYWurq52tFdooXhyqdVqblJPNDZ7nYqi+zFHjhwJCwubO3fuu+++Ozw8zHHc8PBwaGioxWKZNWvWN998A28ePnzY29v7P//5z7x58/z8/LZv3/7PP/+Icq5du7Zq1Spvb++goKC33nrrjz/+IKqrqqpav369m5sbsokoFa+FDx486O/vHxgY+NVXXyFXx/AF/sOHD99//31vb++QkJBPP/308ePHuBe4QI7jHjx48MEHH/j7+y9YsOCzzz4TO4otDx06FBYW5ufn984774hhAQb89ddfXl5eN27c4DhuYGDAz8/v559/hn1EVIvBWb58+ezZs/39/Tdt2nT79m0gEDGJ2JLjuNu3b7/66qve3t6LFy8+ffo0HtjHjx/v2bNn3rx5Xl5emzZtGhgYEPfjPsIOenl5bd68eWBg4JNPPvH39587d+5777334MEDqSGTMu/LL7/EpwQlvPg4EseLONyykw2PPz5DFAZBbEac8DDEsCgxAxZC14Wfp7JdkHMN8OOPP3IcFxQUdP36dfGP3377jdhrfHwc7Hdx+b/fE9BRYXtctayFsHfi33gwYSiBpatgOIh8jrFYLEajsa6urqGhwWw25+bmchw3Z86ctrY2nuetVmtKSgq8+cYbb1gsloaGhsbGxsbGxqampqKiIlFUQkJCampqd3d3bW3typUrxf9HcKRuxiBKRdva2tpaWloqKipWrlxJ8SI/P390dLS5ufnixYsGg6G8vFyhwJ07d5rN5qamposXL1ZVVZWVlYGwNDc3i2Hp7u7eu3cvrC4sLGzv3r3Z2dkcx+3fv3/jxo2vvPIK3ABX3dTUlJ6e3tvb29LSEhwcnJWVBRQhJkm1zMrK8vHxaW1tra6uJuaYoqKimpqampqa9vZ2nU7X2toq7if6KI57bW2t0Wg0m82RkZH9/f3Nzc319fUmkwnxFx4yonkWi6XxX+ApIRVeInjQKNAnGy6KOEMUBkFqwsMQw6LQDBgpXcTzVNY8/D7EtWvX1q5dm5qaSokt6HX37t0rV66cPXtWrVafP3++oqICSYoTak9UrfxOCX16UALLbsY4F/pSmslk4jhuZGRE3KyrqwsPDweHiPdjxC7d3d3i/gsXLixbtkwQhMHBQZVKRbxd0d3dHRoaKv5tsVh4nh8cHCRuIuutHMeBQ0STwCKyVqu1WCzi30ajMTY2VonAsbExnuc7OzvFzaqqqri4ODwstbW1YlhgaTabLTIyMi8vT6vV9vb2EmMrtV7c0dExf/58oklSLcfGxtRqNRx2/H5MQEBAU1MTspPoo6h3aGgIOOji4jI6Oipu1tXVLVq0CEhAxgg3T2pKUMIrNY6UBXe4GWWywe3h7vgMURgEKe+UjK8SMxCbpXRRzlNiFwEbuPb29uTkZI1GU1BQAGzAwYebfudDSXsp1cSpJTUfBOr0kAosZfYyJgX5+zE8z4OrUZ1ONzg4KNtFrVYvWLBA/DsyMrK7u5vjOD8/v6SkpLi4uDVr1uh0umXLlr388stAbF1dnfj3pUuXYmNjwaIHsonbpuTpqXv37vX394eGhoqb4+PjKhXZcURgX1+fzWYLCwsDvohnLPe/YQkODsbD4ubmduzYsXXr1pWWls6bN0/WyBs3buzevbu1tdVms42Pj4MlBdxHYsu+vj6O4+CwI/KHh4cHBwejoqKQ/VI+8jw/Z84c4KCPj8/s2bPFTZ1O19/fDyQgY0Q0jzglKOF1EMpkIyI1QxQGgegdgtT4KjEDRkoX5TyV6oIM3JIlSxISEjo7O4HLRPBTMiQk5P79+460l1JNP/2VQwnsZKlgSPFE7/mfOXPm+vXrLS0tZrM5JydnxYoVR48e5TjO1dU1MDBQbCO1UOYIVqvVxcWlsbERTCziQvCk09vb6+Li0tvbq6SxXq9PS0srLy9Xq9U9PT0bNmxwvCWO7C1WO0DGyBHzJhGpyUaEOENsNtsk2qMkLE94oiIDl5+fX1xcnJmZmZ+fv3DhQoW9JqqFiJTqyVrFogSWLZQ5HfpljsJVC3gTuTavrKwE1+YwRqMxODgY2Tk2NqbVasHiCbIpUK+FBUEYGRlxcXGBl7CAtTzP48tEsgInupgD7x8aGpo/f/7Zs2c1Gk1raytddV9fn0qlgoODC6S3RNbKKisriWtlRqMR2Sm1ViY17sgmMkZE86SmhFR4KeMIG0ZphkCcbIiP+AxRGAQp75SMrxIzEJNkdQnYeSoVfOTkEgShv78/Ozub5/mMjAyiAcReFJS3x1VL9bVvrYwY2Im6w7AD+3OMxWJRqVTt7e3Ipjink5KSenp6WlpaoqOj8/LyBEFobW3dsGHD5cuX+/v7u7u709LSEhISgGRx6dxgMCxduhTsRDYRpcRV4NjY2LS0tN7e3vb29pUrVwJrMzIy4uLixP9qi4qK8vPzFQpMS0tLTEzs7u5uaWmJiYkpLS2lhAXen5mZmZycLAjC559/Hh8fj3iKBzAgIKCsrGxoaKi9vV2v10vlGKmWgiDo9Xo47GA/0FhQUBAbG9vc3NzT05OVlWUwGKR8VJ5j8DHCzZOaElLhpYwjEjSpZlKTDb5Dg4jCZ8iEcgzu3cjIiEqlamtrE18BkRo1WTPgQZTSJZtj8C74wMHdU1JSiIcovSalPaxaqi8lx8DBROJPDOxEzWPYgf05RhCEvLw8T0/PiooKePPQoUM8zxcWFgYEBPj6+m7btk28TWqz2fLy8iIiItzd3QMCAlJSUsCdcKBl165de/fuBfKRTUQp8fe3o6NjzZo1PM8vWbKktLQU/p3Nzs4ODg729PTcuHEj/J8LXaDFYklPT9dqtcHBwXl5ecRXzPAcI75lJv7zaLVaQ0NDT548iXeEA2gwGJYtW6ZWq+fPn5+Tk0PJMcSWgiD09PSsX7+e5/mIiIji4mJcwtjY2O7du7VarVqt1uv1/f39Uj4qzzH4GOHmidKKioqQKSEVXso4IkGTakacbHgwYVH4DFGeY4gTXhCE3Nxc+vgqMQMeRCldsusNeBfiySXLRHvZp4Xel5JjhP8NJhx/YmAdMY+hEJkcYwf0h0zoRERE1NfXS20ypiBsjByZ8E9Al1QX+wZuor0cmR5PYGqx2fsEmFrv+f/555+UTcYUhI3RNMW+gZtoL0emxxOYWmz2PgEcfWrlqRfEfuoGKMFuI6eFd3Ru3rz54YcfOlXFo0eP3n777bt379KVzoBgTmvCwsKuX7+OjJRsFzZk0x2HcsxTL4j91A1Qgt1GTgvvZElNTQXvJTgJNzc3d3f3Xbt2UZTOjGBOX8T4v/DCC8hIyXZhQzbdcSjHgEfL79+///HHH4eEhMyePXv9+vX79u0jlpSQwu4q6NPi2XbZquZS7ivx7ujRowsXLvTw8Hj++ed/+OEHWWNwXROVgEijv7w2MDDQ3Nws1tRRbpJC4PmQnZ1dU1NDUQoHk+JyV1cXKBrv6uoaFhZ24MABUEUNLyx/5MiRkJCQlpYWV1fXX375BREFgoP0XbBgwZ49ex49eiQVASSwR48eFWumJScnV1ZWEq3FxYod16xZY7PZiJ5KKe3q6qK7I1VjHy4K9+233y5evBj8DoD4wyNFZ1qc3Qx5HLmZAwpiJyUl6fX6tra2vr6+mpqa+Pj4hoaGCYlSUhIfv3s5LSpyU6qa00udy3pXWloaGhpaU1PT19d3+vRpjUYDHkeWAomhHRIQafQvCCi5R233PXOplyGkHmoXg0l3WewrVowfHR0Vi46Iz7nChwDgOUOO48LDw+E6KPjjT0BsS0vLihUr9u3bJ2Uw3Le0tDQ8PFx8Dvv8+fNarba2tlaJWCWeEpXKukOssZ+dnb1t2zbQPioqCjxxKtj1eY5pcXYzZLE/x5jNZl9fX5vNNjo6qlKpQFkn54HMTmCAs/U6Amzk119/vWjRIpVKFR0dffHiRbEBcaegzDudTnf58mWwWVJSAr9yRASJoR0SEGnTIsfAwaS7jPetra1dsmQJ3U6TyeTp6RkTEwO/ukh/xLauri4yMlLqKNwXMbi8vBwYTBc7UU/hHEN3h7jHbDbzPG8ymQRBqK6uDg8PB/8wwfFXONzT4uxmKGFia2Vw2W1QEFusvCRVAQyvJ0+vyS9Vihwv3G1HRW6kbDi9DV4cfvPmzV988QVouXz5ctGSO3fuvP76697e3mFhYYcOHYJXOWSrmkuVOpf1bnh42Gw2w9WmV69eDUopS319QLkETqIcvewXBChIlf2HIdZgx+cMvZA7Avx5CLrLOGq1emxsTNY1FxeXkydPVlRU/PTTT7KNOY5zd3dXUqsGN3jHjh3Hjh2TFWuHpzATdYfjuMDAwNTUVLGoc2FhYW5uLihcRJnMUqckq7c/Y1CaY/Cy22C11MvLa+PGjVu2bLl69SryWRFOop48vSY/sRQ5XrjbjuXa1NTUtWvXwl+2oPiIF4eHV8Pv3LljNBr1ej3HcVlZWe7u7h0dHTU1NSdPnoRl0quaU0qdy3pnsVjUajV8Evr4+IyMjMANKF8fUCKBWI5e6gsC/hi4zVJfJYCRqsGOzJkJ1fkHwZR1GeHvv//et2+fOMqyPPvss3l5eTt27MDTOcK9e/f279+flpYmKxM32M3NLSQkRFbsRD3FUe4OIDc39/Tp099//73JZCL+VuBInZLsZszMQfZKh1h2GymIPTIykpubGxERoVKpFi1aBL+wjdeTN1Fr8pukS5HDzeyryG2xWAoKCjQaTXJyMqjeQfSRWBx+dHTUx8dHtK2srCwxMVH4t1AYKBwAF9VXWAUd34l0hL99QOnV2dmJVBChf32ALgFBLEdP+YJAD4aUv7BAvA2xBjs+Zyi+4PVFQDBlXRYVabVarVar0WjUanVGRgZcx0ULkZWVhWgcGxuLi4sTb0vgBV2AWBcXlw0bNhAdAXvwMg27du0SJSB1+4lilXgqq1TKHaQ9TEZGhlqtLisrI8Yf10s8JVm9/ZmEfI5RqVR6vR653XLhwoU1a9bgja1Wa11dXVxcnHjjcWhoSKVSIZ/sJk5u+AdCrVaDQ62trQEBAXgz3AD45JfaIzI4OKjX6+EahUQft2zZEh0dnZOTU1xcfOXKFbBTrKm1bt26U6dOCYJgNpvd3d1hg8GJJxUlWZCOY2NjZrMZadPT0wMHShCEjo4O4KlstRtZCYIgNDU1rVu3TqfTiT9hvr6+ZrMZGZ0J3Y/BBSJtxIr0YNQ0Go04+rK5mZJj4GDKuizeihBzpNlshqcufEiE+LvZ3t7u6elZWVmJ5Bi4r8FgiImJKSkpIRosQOMFGzw0NNTT01NfX69ErBJPlSQ2ojtIe5jm5ma1Wg3/c4ZMZuJQIqek3ScOYwoiv1aWn59vMBgyMzNv3boFdkpdyXp4eCxfvry0tPTcuXNg5xOoJ89xnBFCag/Hcbdu3RLLQebn54OdRB/PnDlz4sSJqKgom82Wk5Pz0UcfcRwnLpfdu3evoaFB9lre7ut9pCP87QOAuEwEP6g6MjLi4+OjXIusBL1ev3r1aoPBYDQaq6ur6dKUrJXJCgQ12MVRa25uhsfOPuBgKgmai4tLUFBQUFBQYGAgMnXBIRHic9vPPPNMQUFBeno6/IkdpO+qVatKS0vBRz89PT2tViv8uL/FYvH09EQMnjNnTlBQkLu7u3iILlbWU4pSJe5I4ePjo1KpPDw8wB7ZswA/JdlC2YxCSSJCym7jBbGRr+YZDAZwOY/Xk5e9juEkPg0AX8LbV5E7IyOD5/mcnBxQDlLKRwRQHN5qtWo0mpKSkjfffFM8JC4fiY/TCNDykd1GKu+IPDhUWloq9cQR8V9UugRiOXrKFwRk18oUfr+AJ9Vgt/s6Bg8mxWUpRXYcio+Pj4uLozxXVl9fD84RQRACAgLAE8mCIJSVlYFVL51OBy6jBUEoLi6mLIjBYumeUpTKugO049cxSF/65zkE0inJ6u3PMCbw7LLp37LbSEHstra2gICA48ePm83moaEh8WhBQYF4FK8nryTHEOvAg8LddlfkTklJAcmA7iPlSwRbt2718fE5d+4c6CW+HmQymVpaWqKiosQTz24jiV80gF81AIAXIPr7+8UP1YAXIKRyDFLwnCJBkChHL/UFASLd3d3wig1RoJIa7MTfd7iQe0dHB7AEVooHk+6ybCKRej8Gv/nB8zzx/Rir1dra2rp69erMzEzQ/tixYxEREQaDQXwJRqPRgF9/8H5MX1/fqVOnNBpNXV2dErF0TylKZd0B2mVzDB5/eKQE0inJ6u3PMOx5PwYviF1dXR0fH+/j4+Pp6RkVFXX8+HFwCK8nL5tjeIlK6cK/hbtfe+01Z1fkpnyJoLKykud52Kre3t6EhASe50NDQwsLC8VTyO6y4XhHyg+f+APk7u4eHR1dXV0t1QX+OYALnlMkCBLl6IlfEJDCarWq1WpwL1eqvr1sDXapCIBC7ufPn4+KisKVEkeB4jI9x+DLAOLND2Kv8vJy5J4/ICAgID09HTyRIXL48OHQ0FB3d/elS5deuHABMVg8FBMTA1+ayIqleEpRKusOaCabY/D4wyNFhNXbn2HYk2OcWhBbyStaU7kit3hVJzhgJN5R4WtrU5OdO3c6+/6t+IWeEydO4Eqn8lT5/wASf3ykZLswpjuzBEFw0p0e++jq6lq6dOn9+/eftiF28t1335WUlPz666+TKLOrq6u4uJjyOfqpzKNHj4xG44svvuhULVevXn3ppZeesFKGHSAjxZjxsBwzCRw4cECn0yUmJnZ2dm7dunX//v3bt2+fRPkPHz5UqVTOeDyPwWAwnIqj349hcBwXHx9fVlYWHByckpKyc+fOyU0wHMd5eHiwBMNgMKYjU+46hsFgMBgzBnYdw2AwGAxnwXIMg8FgMJwFyzEMBoPBcBYsxzAYDAbDWbAcw2AwGAxnwXIMg8FgMJwFyzEMBoPBcBYsxzAYDAbDWbAcw2AwGAxnwXIMg8FgMJwFyzEMBoPBcBYsxzAYDAbDWbAcw2AwGAxnwXIMg8FgMJwFyzEMBoPBcBb/Be0G4n+3GLv6AAAAAElFTkSuQmCC)
Screenshot: ![truetronix.tarad.com vulnerability](/twimages/screen-1194711.jpg)
Mirror: Click here to view the mirror
Coordinated Disclosure Timeline
Vulnerability Reported: |
12 June, 2020 17:22 GMT |
Vulnerability Verified: |
12 June, 2020 17:38 GMT |
Website Operator Notified: |
12 June, 2020 17:38 GMT |
a. Using the ISO 29147 guidelines |
![](/images/done.png) |
— |
— |
b. Using publicly available security contacts |
![](/images/done.png) |
c. Using Open Bug Bounty notification framework |
![](/images/done.png) |
d. Using security contacts provided by the researcher |
![](/images/done.png) |
Public Report Published |
|
[without any technical details]: |
12 June, 2020 17:38 GMT |
Additional notification email sent: |
12 June, 2020 19:42 GMT |
Vulnerability Fixed: |
18 July, 2020 16:34 GMT |
— |
— |