Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:
      a. verified the vulnerability and confirmed its existence;
      b. notified the website operator about its existence.
Affected Website: |
njfamily.com |
Open Bug Bounty Program: |
Create your bounty program now. It’s open and free. |
Vulnerable Application: |
Custom Code |
Vulnerability Type: |
XSS (Cross Site Scripting) / CWE-79 |
CVSSv3 Score: |
6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N] |
Disclosure Standard: |
Coordinated Disclosure based on ISO 29147 guidelines |
Discovered and Reported by: |
xav0 |
Remediation Guide: |
OWASP XSS Prevention Cheat Sheet |
Export Vulnerability Data: |
Bugzilla Vulnerability Data |
JIRA Vulnerability Data [ Configuration ] |
|
Mantis Vulnerability Data |
|
Splunk Vulnerability Data |
|
XML Vulnerability Data [ XSD ] |
|
Vulnerable URL:
![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAAA3CAIAAABVZQ1/AAAACXBIWXMAAA7EAAAOxAGVKw4bAAAQy0lEQVR4nO2df0wb5R/Hb6xAgZbxs2NQww+V7Q/CiEHCFJfFkY0gaTpkDLEOlhGGC+IkTJEZxKqMMFj8McliMNl0ccYQQshCcKmLaQhOYM1RG4SGkVK7ggoMZscKdLvvH+f3ct6Pp9fSlso+r7/6PPf8+Hzez919uOfaD1sIgsAAAAAAwAsEbLQBAAAAwKYFYgwAAADgLSDGAAAAAN4CYgwAAADgLSDGAAAAAN4CYgwAAADgLfw3xiQnJ4+OjvIVAR8AmrsH6MbHZlJmM/niVfw0xvz666+PHj3avXs3ZxHwAaC5e4BufGwmZTaTL97GSYyZnp6WSqWch5aWls6ePctXXCe9vb0KhYKvuLEwNHnrrbdCQkIuX77skTERgvsY32juwdPGg9JNT09HRka615fS7e7du8eOHYuNjU1ISHjnnXfW1tb4urgtghsdnbrm2QuZjkfOKCGr7NSF9Z8qfnVH8ncIJCaTSSKRCDmEaOkGWVlZ169f5ytuOHa7nfwwNzcXEBCA47jD4fDImJ6VcT34RnMP+uvZoSIiItzrS+mmUChKS0stFsv4+HhOTk59fT1iOvcsd6OjU9e8dwZ66oyirj4+nLqwfh/97Y7kz/jjXtnMzIzRaNy3bx9n0R8IDg4mP9hsttDQ0N27d2/dutVTY/oDfqj5fwJKtwcPHuh0ui+//DIhIWHnzp3nz5/v6uraaOs2Eg+eUeu/UkQiUWpqqtvd4epwCUEx5tNPP01OTo6Ojn7ttdeWlpYwDFtaWkpKSrLZbFu2bLl8+TK9eP78ealUeu7cue3bt0dGRpaVlT148IAcZ3h4+IUXXpBKpQkJCS+//PJvv/3GOV1vb++BAwcCAwMZxUOHDp07d46sHB0dDQ4OJo3BMOzEiROnT59GN3j66afR3ek2kE/T7e3tycnJkZGRr776KtWYetCen5+nizA8PLxnz56QkJDY2NjDhw/fuXOHMU5YWNiRI0fm5+dPnz4dGxsbHR197Nix+/fvY/wP71988cXBgwep4pkzZ8rKyugNHj58+O67727fvj0sLOzw4cPz8/MYht2/f//EiROxsbFPPPHEBx988PDhQ+GWsJdgZWXl+PHjUqk0MTHx/fffJ0c7cuTIxx9/TLXfs2cPuVvIboxQknEWcZ4MnA5ySs2A02yEMXfu3Dl48KBUKt25c+e3335LjYNY1rNnz8bGxu7YseOrr75i6BYSEvL777+HhYWR9ZOTk/Hx8RjXJcAWQeCMQtRz1TX2mJwyCuGHH36gF+lnFOd9gHOh2V4zdpXZ9xm2CwxLMAxLSEi4desWn6ku+QI4xXmMsdlsOI4PDg4ODQ1Zrdb6+noMw7Zt2zY+Pi6RSOx2u0qlohcPHTpks9mGhoZGRkZGRkZ0Ol1rays5VEFBQXl5udlsHhgYyMnJEYvFnDPyvYwpKCjQaDRk5bVr1x49etTf308WNRpNfn4+uoFSqUR3Zzuu1+tJx81mc0NDA6NBdHQ0XQSdTldZWTk7O2swGORyeXV1NV3AgYEBHMetVuuuXbvm5ub0ev3NmzdNJhN7WDpKpVKr1f7999+UFIWFhfQGra2tGo1Go9EYjcb4+PixsTEMw2pqaqxWq06n6+/v7+3t7ejocNUS+hKo1erl5WW9Xt/f36/Vai9evIhhWHFxcU9PD9lgZmYGx3GlUsnXmE9JxlnEqQCng3xS0+G0BGFMdXV1eHj42NhYX18f/UaMWNbx8XGDwXDp0qWcnBy2bhQTExN1dXVtbW0Y1yXAFkHgjELUc9U19ph8MsayoIYdHh7ev39/eXk53Qa6Mpz3Ac6F5tOZOsS+z7BdKC8v379/Pz2oMEA0cOoL4Bz0VprJZMIw7N69e2RxcHAwJSWFOsT5PobsYjabyfru7u7MzEyCIBYWFkQiEedeqtlsTkpKIj/bbDaJRLKwsMAuWq3W0NBQcoSsrKza2trS0lJyxvDw8NXVVXQDs9mM7o5wfGBggNNxvo3dycnJuLg4apzFxUVqnICAgOXlZUrPp556iqEeY8Ds7Oyuri7qEENAmUym0+noNQ6HQyKRTE1NkcXe3t7s7GzhlrCXICYmxmazkZ9xHM/KyiIIYnl5mZSUIIiOjg6FQsHXGKEkQkCEgwzoUtOH4jSbzxiHwyEWi+knLedLC8ayUhJx6kZisVhSUlK+++47gv8SQIiAnlHIewU3XHMqI+kXA4IgjEZjcXFxVFRUc3Mz1YuhDJ8InAvN9trpfYbtgs1ma25ujoqKKi4uNhqNbN85GwjxBRCCa+/86S8METFGLBZT9WNjYzKZjPxcUlKSkZFRW1vb1tb2008/UW0cDofVaiU/d3d3v/jii9QhRjEjI+PGjRuzs7NyuXxxcVEmkzkcjs7OzsLCQiENnHZ31XH6Z51Ol5ubGx8fHxMTExUVRbZHjEMvImJMS0tLeXk5QRAXLlwoLi6mH1pcXBSJRIyvG1it1qCgIKpoNBo57x18ljA0X1hYwDAs5v9ERUXRV/Ozzz4jCCI3N/fKlSt8jZ3Oy7ijUfA5KERqPrP5jLFarYyTljJSyLKydaPIzs4mVaJEY18CjNGEzygkxqzHNcTqcyISiZRKJfV3DJ8ybBH4FprtoJD7DKcsCwsLSqVSJBLxGc9oINAXwCkiXz0vYRiGXb169datWwaDwWq11tbWPvfcc59//jmGYVu3bt2xYwfZBv2t5fz8fI1GMzU1VVBQsG3btoyMDK1WS9/pQjdw2n09KJXKioqKixcvisVii8WSl5e3/jExDCssLCS3CK5du8Z4ZidZ/9cNGNA1t9vtAQEBIyMjItE/p0pAwD/7q8XFxRcuXFCpVENDQ93d3XyNV1dXhU+N4zi7ku2gU6kRZruK8GVlb6HMzMzo9fqff/6ZquG7BNybcZ2sR0b65hjJX3/9pVar29raTp48qVarn3zySeoQQxm2CB999BHmhTOZ4vbt242NjVqtVq1WC2wg0BfAOegQ5N5zDEZ7hu3p6aGeYengOC6XyxmVDocjJiaG2udhFAmCGBwczMrKUigUfX19BEF0dHTU1NTExcVRj0HoBk67u+o49fnPP/+k/4mE47innmMIgkhLS9NoNBEREdQmD4VMJsNxnKEh316ZEEvYmkskEs7dKrvdHhUV9cknn9CfAtmNXXqOYcN2UKDUnGbzGcPYUOrp6SHrBc5FcOlGVjJq6FCXAH004TPyVTJYp2t8q8+5V0YQxNzc3KlTpyQSSVVVFWUAWxm2COyF5nRQyH2G0auqqkoikdTW1s7NzXHawNfAVV8ATtyPMTabTSQSUduXVJFc+6KiIovFYjAYMjIympqaCIIYGxvLy8u7cePG3Nyc2WyuqKgoKCigRib3Z7VabVpaGlXJKJLIZDKZTEa2t1gs4eHhGRkZwhugj1LbxG7slclkso6OjsXFRaPRqFQq3Ysx9+7dE4lE4+Pj9H2DxsbG9PR0Si76XnZzc3NWVpZer7dYLNXV1VqtliCIiooKhUJhNpsNBsMzzzxD7tUItISteVVVVXZ2NvlXZ2trq1qtpg6VlpaGh4d///33iMboeRlnERtOBzmlZkjHaTbCGKVSST9pqXohy8qpGwl9sfguAYYIAmcUop4brjHGRKw+ApPJpFKpOJXhE4FzoZ3GGPZ9hu2CSqUymUwIa9ENEL4AQnA/xhAE0dTUFBoaeunSJXqxvb1dIpG0tLTIZLKIiIijR4+SL5ZXV1ebmppSU1ODgoJkMplKpZqdnWXMUldX19DQQI3PKJKUlpYWFRVRxczMTEYbdAPEUcTLfCExRqvVZmZmisXiuLi42tpa92IMQRD19fV0VQmCIHeQyBrGgA6H4+23346JiRGLxUqlkvxDzGazVVZWxsTEyOXypqYm8p4r0BK25na7/dSpU3K5PDQ0ND8/n/5HXE9Pj0Qiob44wNkYPS/BOosYcDrIKTVDOk6zEcZYLJYDBw5IJJLU1NS2tjaqXsiycurGdhZxCdBFEDijEPXccI0xJmL1BcJQhk8EzoVGxxjO+4xwWdyAc5UBNE5ijBsIeX7nIzU19ebNm3xFP2E9DrqHzWYTi8W++SqLf2ru/4BufHhJGd9fhgSsslv49J2/UyYmJhDFx5br16/n5OS4nUHLJUBz9wDd+NhMymwmX3yGP+aS8WfW1tYGBwflcrnPZlxaWiK/teyzGdmMjo6+/vrriAZra2uvvPLKH3/84TOTAAbsH0WSUD/gBYANwb+eY/yfysrK3t7ezs5On80ok8kKCgqOHj3qsxnZlJeXl5SUIBoEBgYGBQXV1dV98803PrMKoMP5tW8Mw/wkjTfw+OK9bTiBG6aLi4vNzc1CxmG/LvZzPLhl7J7vbhtAXxQytzT9+1F2u72kpIQxsk6nI3/sCQAAQOHFvbLExMS5uTmnzcjbmffMANyAvihkbmkq2e3KykpeXp7D4WB0iYqKstlsPrUSAAC/x7vvYzySr55KxL3OjNyAR5idnc3NzSUzPAIAAKBxHmMEJuJGZOHGPJSIOyEh4ZdffiErXUrHzXaBLzX9zMzMSy+9JJVKk5OT29vb2V/lcpo2n5ExXkh3vkz1fCnZOVlnunvhSeMTExPPnDmDNsbp6gAA8JjgPMYIT8SNyMKNeS4RN4lL6bjZLvClpq+urg4KCpqcnNRoNF9//TV7cETafPQ/AkB058vlzpeSnTOt+jrT3buXNJ4PgYsIAMDmB/26RngibhN/Fm7qqEcScSOacabj5nSBMzU9mdmJ+iUzOws6Om0+O2M8+zf5nN3pUCnWESnZ+VJFsQdhZzXmS3ePSBovMFMWvUbgIgIAsOlx/r0ygYm40Tcdjyfi5mzGl46bM6E6OzU9Iys+PQs6iatp8xn1fN05U6wjUrJz4ql095QL64kx1IxCFhEAgE2M872yq1evdnZ2pqenr66u1tbWvvHGG2S9VxNxk0nx+BJx8zVTq9VarfbkyZO3b9926gK5XXb37t2hoaGNTdatVCr37t2r1WpxHO/r63PannOvzOkgVJ52HMdxHNfr9Xy/qPAIAhcRAIBNjksRCZGI2+lzDOahRNzoZux03HwusFPTk9tTVAZWl/bKhDzHcHbnS7HOl5Kd4Nor82C6e3alG88xAhcRAIBNj5MYIzwRt5AY45FE3EKa0dNxI/6nADs1fVFRkVKpNJlMBoMhPT2dvT3lUtp8dqJ+zu6cKdYJ/pTsnHgq3T0JfVHMZjN9147ykdFrcnKSslDgIgIAsOlxEmOEJ+J2GmN8n4gb7QLBlZp+dna2oKBAIpEkJSW1tLSwb+uups1nJOrn7M6XYp0vJTsnnkp3T0Etit1uF4vFjFf37F5dXV3p6ekICwEAeAzZQhCED3bkpqen09LS/lvp+SYmJvbu3Qt5HjEMe/PNNw0Gw48//sjXYGVlZdeuXe+9997x48d9aRgAAH4O5MTkBcfxlJSUjbbCL2hra0N/QSA4OPjKlSvPP/+8z0wCAOA/AcSYf/Hhhx/Gx8crFIqpqamGhobGxsaNtsgvCAwMfPbZZ9FtIMAAAMAG/n/Mv9i3b19HR4dcLlepVDU1NWVlZRttEQAAwH8YH72PAQAAAB5D4DkGAAAA8BYQYwAAAABvATEGAAAA8BYQYwAAAABvATEGAAAA8BYQYwAAAABvATEGAAAA8BYQYwAAAABvATEGAAAA8BYQYwAAAABvATEGAAAA8BYQYwAAAABvATEGAAAA8BYQYwAAAABvATEGAAAA8Bb/A3OcxQIbAEfrAAAAAElFTkSuQmCC)
Screenshot: ![njfamily.com vulnerability](/twimages/screen-1195785.jpg)
Mirror: Click here to view the mirror
Coordinated Disclosure Timeline
Vulnerability Reported: |
13 June, 2020 11:47 GMT |
Vulnerability Verified: |
13 June, 2020 11:54 GMT |
Website Operator Notified: |
13 June, 2020 11:54 GMT |
a. Using the ISO 29147 guidelines |
![](/images/done.png) |
— |
— |
b. Using publicly available security contacts |
![](/images/done.png) |
c. Using Open Bug Bounty notification framework |
![](/images/done.png) |
d. Using security contacts provided by the researcher |
![](/images/done.png) |
Public Report Published |
|
[without any technical details]: |
13 June, 2020 11:54 GMT |