logo
DATABASE RESOURCES PRICING ABOUT US

localsolicitors.com Cross Site Scripting vulnerability OBB-1195931

Description

Following coordinated and responsible vulnerability disclosure guidelines of the **[ISO 29147](<https://www.iso.org/standard/45170.html>)** standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence. Affected Website:| **[localsolicitors.com](<https://www.localsolicitors.com>) ** ---|--- Open Bug Bounty Program:| **Create your bounty program now**. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| **[XSS (Cross Site Scripting)](<https://www.owasp.org/index.php/Cross-site_Scripting_\(XSS\)>)** / CWE-79 CVSSv3 Score:| 6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N] Disclosure Standard:| Coordinated Disclosure based on **[ISO 29147](<https://www.iso.org/standard/45170.html>)** guidelines Discovered and Reported by:| **xav0 ** Remediation Guide:| **[OWASP XSS Prevention Cheat Sheet](<https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.md>)** Export Vulnerability Data:| Bugzilla Vulnerability Data JIRA Vulnerability Data [ Configuration ] Mantis Vulnerability Data Splunk Vulnerability Data XML Vulnerability Data [ XSD ] Vulnerable URL: ![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAAAjCAIAAADNIk3yAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAJBElEQVR4nO2cXUhTbxjAjzpz6pkfuE1dE12USUhJjGVhFBEhMmSSEoh9kWgXIiEp5kUtLzQUgwrEm8C66S5iREiMLoaMMFvThskI0cNaYnM5O9oac+d/8cLhcM57zpY5W/s/v6vzvOd5n8/jHs87MYVhGAIAAAAA4kDq3w4AAAAASFpgxgAAAADxAmYMAAAAEC9gxgAAAADxAmYMAAAAEC9gxgAAAADxInFnjE6nm5mZEROBZAUaDQDJRILOmI8fP0YikSNHjmBFIFmBRgNAkhFlxiwtLSkUCuytQCAwODgoJv4hFoulvr5eTNwFJBLfZYPcjVGNcBV2tiO7w+43mohDr4Vmf6txxL/ZOwDAsv33mLW1tYGBATHxD/nrMyYxKS0t9fl8MSrsbEd2h2Rt9G81jvg3ewcAWBLxrOzr169ut/v06dNY8X9ORkbGHyokLMnd6CRuHABIENOMefDggU6nKygouHjxYiAQIAgiEAiUlZXRNJ2SkvLkyROueP/+fYVCMTw8XFhYmJ+ff/ny5Z8/fyI77969O3nypEKh2Lt37/nz5z99+oR1Z7FYzp07l56ezhMbGhqGh4fR4szMTEZGBgqGIIj29vbu7m5phQMHDkhvl6jAxsZGe3u7SqUqKSm5e/fu1tYWWt/a2rp161ZhYWF2dnZTU9Pq6ipK8/jx45mZmSqVqqmp6cuXL0KD2FKIeWHhnqhgXbMKvAaJGUf6g4ODKpWquLj48ePHsbQJ61rC/sjIiE6ny87OvnDhwurqand3t0qlKigouHr16sbGBrbvYjH8+vXr2rVrCoWitLT0zp07yAu24NjUsJEjhA85FrHApHvHOwoThsE75IzaO2x2AJCARJ8xNE07nU673T41NeX1ent7ewmCyM3NnZ+fJ0kyGAy2tLRwxYaGBpqmp6ampqenp6enHQ7H0NAQMmU0Gq9cuUJR1OTkZE1NjVwux3oUOygzGo1WqxUtvnz5MhKJTExMINFqtdbV1UkrmEwm6e0SRejs7PR6vQ6HY2JiwmKxjI6OovWhoSGr1Wq1Wt1ut0ajmZubIwjC4XC0tbUtLy+7XC6tVtvR0SE0iC2FmBcsWNcsvAZJGKdpen5+3uVyjY+P19TUiMUW1bWEfafTOTk56XQ6vV5vRUWFz+ebnZ19+/bt4uJiX18fa5bbd7EY+vv7Nzc3Z2dnJyYmbDbb2NiYRMGFqYkVDfuQYxELbPd7J8wOABIRRpLFxUWCINbX15Fot9v37dvH3iJJkquJRLSFoii0/vz5c71ezzCM3++XyWTBYFDohaKosrIydE3TNEmSfr9fKHq93qysLGTBYDB0dXU1Nzcjjzk5OaFQSFqBoijp7bzE2ezC4TBJkgsLC0i0WCzV1dXoWq1WOxwOiQJ+/vy5qKiIZxBbCjEv3I3ca6xrMWUJ4wRBsNUWi42H0LW0/bW1NbQ+OTmZmpq6ubmJRLvdvn//fnTNbbREDEqlkqZpdO10Og0GA0+BW3BeatjIGcmHnIdYYNj0xXqBDUPsp0nCuDA7AEhAZFGHEEmS7Fu8RqPx+/1Rt8jl8pKSEnRdUVFBURRBEPn5+Y2NjdXV1WfOnNFoNHq9/tSpU6xZu92Orl+/fm0wGPLz84VicXFxeXm53W4/dOiQ1+u9fft2eXn51taW1Wo9e/Zsenq6tEJJSYn0drF0VlZWQqGQTqdjM0I/4YFAwO/3Hz58mKf/4cOHnp6eubm5UCgUiUQikQhPAVsKMS9YxFz/bgoEQZAkyVZbLLaorqXt5+bmomutVpuTk5OZmYlEjUbDftHNbbRYDN+/f/f5fGVlZWhLJBKRyWSEeMF5qUkUTewhV6lUrM63b9/EAvsrveNlBwCJSfQZs4M8e/bs/fv3LpfL6/V2dXWdOHHi0aNHBEGkpaUVFxcjHem/KKurq7NarQsLC0ajMTc3t6qqymazcU+6pBWibt8GaWlpvBWTydTa2jo2NiaXyz0eT21tbSyl4J4abdv1jiDWpri65jUaG0MwGExNTZ2enkajhSCI1NRUIraCby9yp9PJW4mlOLEQp94BQMIh/ZojfIXPy8sTu4U9K3vx4gU6K+PhdDq1Wi1vMRwOK5VK9liAJzIMY7fbDQZDfX39q1evGIYZHR3t7OwsKiryer2xKETdjk1c+qzM6XRyN66srMhkMm6aqGK8cglLsY2zMp5rCeVYjEvExlsUuo7RPvf54YrCRovFQJIk75TptwoetWjCICVgA9vGWRkvjG2clUk3DgAShO3PGJqmZTKZ2+3miWjGNDY2ejwel8tVVVVlNpsZhpmbm6utrX3z5o3P56MoqrW11Wg0spbRGbfNZqusrGQXeSJCrVar1Wqk7/F4cnJyqqqqYleQvsseta+vr8tksvn5+XA4zDBMa2trfX09RVEul+vo0aMPHz5EagMDAwaDYXZ21uPxdHR02Gw25GJ0dHRtbc3tdptMJlQxrkGxUmC9cDdy24F1zVXgNQhrXPhRJRYb90sIrOtY7IvNGF6jJR6V69evV1dXo9eIoaGh/v5+sYJjP4WjFk0YZCzFwaYv1jhsGDyFqL2DGQP8K2x/xjAMYzabs7KyxsfHueLIyAhJkvfu3VOr1Xl5eZcuXULf8YZCIbPZXF5evmfPHrVa3dLSsry8zPNy8+bNvr4+1j5PRDQ3Nzc2NrKiXq/n6UgrSNzlJdvb28tmR9N0W1ubUqnUarVmsxkNHoZhwuFwT0+PUqmUy+Umk8nn8zEMY7PZ9Hq9XC4vKirq6upiK8YaFCuFmBd2I+/XW6FrXgrcBmGNCz+qsLHx1LCuY7EvNmN4jZZ4VILB4I0bN7RabVZWVl1dHfrtHltw7KdwLEWTmDESgWHTxzYOG4YwWunewYwB/hVSGIbZ2cO3paWlysrKHz9+bGPvwYMHnz59euzYMawIJCvQaABIVhJrxgAAAADJRCL+LxkAAAAgOYAZAwAAAMSLnT8rAwAAAAAEvMcAAAAA8QJmDAAAABAvYMYAAAAA8QJmDAAAABAvYMYAAAAA8QJmDAAAABAvYMYAAAAA8QJmDAAAABAvYMYAAAAA8QJmDAAAABAv/gOIbw0nlxNgSgAAAABJRU5ErkJggg==) --- HTTP POST data: ![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAAA3CAIAAABVZQ1/AAAACXBIWXMAAA7EAAAOxAGVKw4bAAAPCElEQVR4nO2df0wbZRjHb1thtXTjV7l1yAQWg2Qh2M2KqGgIWxYkhNRZcSOEVV1wIw6biobOZamL6UwFTYwh+6MuaEj0D10IWRZcEF0lhDAkHVSGlWEprNZZmjI7LbX4+sebXGqvdz3au1HY8/mrd/e+732f53nfPnfvXd9uQggRAAAAACAAm9daAAAAALBhgRwDAAAACAXkGAAAAEAoIMcAAAAAQgE5BgAAABAKyDEAAACAUKzjHFNYWHj9+vW1VgEIwvXr10+cOMFS4J9//jly5Mjvv//OsUHoLUkLhGZjs15zzOTk5L///vvoo4+utRBAEDQaTUFBAUuBlJSU1NTUtrY2Lq1Bb0laIDQbnhg5Zm5ubtu2bbyfNfFm+/r66urq7oGGpaWlc+fOcWlnbm4uMzMzEUlxwMWKmCYkA+EiFxcXJyYmtFotdXR5efnIkSMRlmq12oGBAS6NJ95bCF5dffXq1b1796alpT355JOTk5OrPctqCVfFe/sJNphUoVnbsbxhQaw4HA6pVMpeJg4Sb7asrOzKlSsJyggEAjHLxJRKFXA4HBkZGQlKioOYVggURH4JFxkhOBAIVFZWqtXqCCu428VLb0H8uVoul/f29nq9XoPBoFQq42hhVdD9KVzjqyWpQrPmY3lDsjZzZSKRqKioKO7qv/32m91ur6ysTFDG1q1bE2yBCLMlQaPihhcrkhm3233gwIGOjo74qvPVWwj+XB0KhZRKZWZmplKpDAaDvLTJHX47TCLdPtlCs+ZjeWPCnoIikv/o6Gh5eblYLJbJZGq1emFhQaVSmUwmfNRqtaampvp8PrzZ3Nzc1tbGJdH19/evqsD58+fr6+spSRUVFVKpNDc399ChQ1NTUwihUCjU3t5OkqREIlGr1R6PBxtiNBplMplcLjebzfQLZ5PJRJJkRkZGU1PTX3/9hRDy+XyUo7q7u7lI5WhReBmOJlA6o1qRiAlMdemnQwj5/f7m5maZTJaXl2cwGEKhEFWyo6OjoKBAIpHU19d7PJ62tjaZTJaVlaXRaPx+P3eRUS856TuZrkwT7y3CuRpz5syZ0tLSlpaW0tJSm83GYlRUbzNppg9Pdt/GDGVGRkZDQwM1omOyqm6POIQmqqWChgbgndXlmPPnz1+4cMHn87ndbq1Wq1KpzGbzwYMH8dH33ntPJBJ9+eWXeHP37t2Dg4MIIRmNiLPI5fKqqqqxsTG6gNHR0aqqKrlcHr6zpqamp6cHfyZJ0mw2e73e2dnZDz/8cHZ2FiFkNBqVSuXExMTCwkJra6vFYnE4HARBNDU1ud3u/v7+6enpiBxDEIRarXY6nTMzMyUlJQaDAR+anp6WSqWBQACPQBapHC2iG8XRBEpnVCsSMYGpLv10CKFXXnmltrbW6XTabLZ9+/Z9/PHHVMnGxsaFhQW73V5RUSGTyTQajcvlwheqra2t3EXGnWP46i3CuRpjMpmkUqlEInG5XOxmRvU2k2b68GT3LUsom5qacOwqKipaWlpw+UQGctToxAxNVEsFDQ3AO/E/j5mZmZHL5S6XSyKR4MnQsrIynU7X0NCAK27fvj0YDCKEFmhENOX3+41GY1ZWVn19vd1uxzvtdnt9fX1WVpbRaMRXwVRhqVTq9XoRQl6vVyQS0adiSZIcHx+PMIQgCFyLbho+6nQ68ebFixepWXL6dSVdKh2mYnSjuJvAbkUiJjDVpZ8uFApJpVJq/Pf19ZWXl1MlqQveoaGhzZs340tIhNDw8PDDDz/MXWQcOYbf3iKcqxFCZrO5tLTU7XZXVlZWV1cjhGZmZkiSpLfA5G0mzeHg4Ulvk/rMHso7d+7g/UNDQ7t378af4xvIiCE6XEIT1VLhQgMIwepyzPj4+IEDB3Jzc/EcCH4splAoBgcH3W53Xl6ez+cjSTIUCpnN5kOHDq1KitfrValUIpEIb4pEIpVKRb9Pv3jxYlVVFbV5+PBhhUKh0+k6Ojq+//57hJDP5xOJRNSsQlRDEG3gicVi6tDU1FTUMc8klaNFTEZxNIHdikRMYKpLr+hyuVJTU6lNu92Ov8giSkY8MqU2OYqMI8fw21vYT5dgb6G+NF0ul0wmMxqNIyMjCoWC3gKTt5k0Rx2eiMG38YWSCxy7fczQMFkqXGgAIVjdM3+VSvXss89aLBar1Xr58mW8s6amZmBg4NKlS7W1tenp6QqFwmKxDAwM1NTU4AI5NOgt37x58/XXX7dYLGfPnsV7zp49a7FYWlpabt68GV4y4mXHL774Al8YBoNBnU538uRJvH/Lli2rMo07dKnci0U1KmlNWEesl97yxx9/eL3evXv3EgSxc+fO7u7uM2fOmEymioqK1bZM1xx1ePJIfAOZYIgOx9AQgkVn442CJIU9BYUn/9u3b4cnfKvVii9whoeHy8rK6urqLl++jBDq6upqbW3F02i4ZMxb7OPHj0ulUp1Ohx9dUng8Hq1WK5VKjx8/jveEQiGZTEbd4EdgtVrz8vIQQiRJWq1WJkPoeyJusXt7e5lusZmkcrQoqlEcTWC3IhETmOrST8cywcLxPoaLyPiex/DYW9hPl4irQ6GQWCwOn5xpbm4mCIJ68s99rixCM9PwRAy+jSOUcQ9kRIsOx9BEtVSg0AACESPH3LlzRyQSTU9P49tVkiS7urp8Pp/dblepVFTnI0mSJEk8nbqwsLB9+3bq3p8LjY2NDoeD6ajD4WhsbMSfLRZLSUkJdWhqaqq6unpwcNDj8TidzmPHjtXW1iKEjEZjWVkZfk6IL1W45Bj8Ko7NZlMoFNSjQr/fLxKJqC8FdqkcLQo3irsJiMPois8EprpRv+uPHTtWV1dHf1DMPcfEFOl0OsNnPCIspZiZmaFP4/DSW4RzNUKopaXlqaeestlsHo+nu7sbvxx1+vRpfDRixEX1NpNmpuEZrircrjhCyQ73bs8xNFEtFS40gBDEyDEIofb2dolEgl/4s1gsSqVSLBbL5XKdTkd1voaGBrVaTVVRKpWnTp0SQm5bW1t4y8Fg0GAwFBUVpaamkiTZ2NjodrsRQqFQ6O2335bJZGKxWKVSUe87hjdFv7h7//33I155xBgMBsoDvMPdBBTriy9uE5jqRs0xLC+8hjfIlGO4iAwEAhEX+1HFfPXVV6WlpSy+jbu3COdqhFAgEGhvby8oKBCLxfv27evp6ZmdnZVIJDhPoP+POJZ3l+mamYZnuKpwu+IIJV9wDE1US4ULDSAEsXNMUlFUVDQyMsJ7s1G/TNcXiZhwz8znfqLW1tbwB8J0AoFAQUEB/skOE9BbkhYIzf2D6J49+OGFn3/+ea0lAPeCjo4Oq9XKUmDr1q09PT1PP/00SxnoLUkLhOb+Yb2uu7xegDXq4yMlJeXxxx9nL8OeYAAASAYgxwgLrFEPAMD9TLLkGL5W2o+P/Pz8P//8k6/WKJH0NeqJaMvU87JGPXcT6K6OWlcIV/Pr57ViY1ixIYHQJCHJkmPy8/M9Hk/MYj6fz2g03gM9iUCJ9Pv9EokkfEXY5eXl6urqUCgUXj4rK8vv93NpmZc/29hIrgYAIMlJlhxD3Adr1BOJLVOfbAuhAwAAxCR2jvnmm284Frh27dozzzyzbdu2Bx988IUXXrhx4wbev7Kyotfrd+zYkZaW9uKLLy4uLuLpmnPnzuXk5OzcufPTTz8Nn8DBnz/44IMdO3ZkZmYePXr077//JghiaWmpoKDA7/dv2rTps88+iyqMqS79jARB3L1797XXXsvJydm1a9e77767srKCi3V2dhYWFqalpb300kuLi4tvvfVWTk5Odnb2yy+/fPfuXe4iv/766wh5+fn577zzTkyfR3V+X1/fwYMHU1JSksTVAAAAMYmdYzQazf79+3/88Uf6oWvXru3fv1+j0eDN2tpajUbjdDqHhoYqKirEYjHebzKZBgYGBgYG7HZ7bm7u1NQUQRB+v396etpms3V3d9MXa/L7/aOjo2NjY2NjY+Pj4yaTiSCI9PR0aoHuxsZGJmFR60Y9Y2trq8vlGh8f7+/v7+vr6+rqwsWsVuvQ0JDVanW5XMXFxR6PZ2JiYmRkxOFwnDp1irvI559/PqZ7mYjwLfH/ibIkcTUAAEAMYv6ChuPC+3ytzk0djblAd1RhTHXpZ4y6XpOD2xr1HEUy/SKM/lPq8M17thB6gq4GAACISez7mLS0NL1ePzMzEwwG9+zZg3fu2bMnGAzOzs7q9fq0tDSCIDIzM9VqdXl5+ZtvvtnZ2Xn16lVccmlpyev1lpaWRjQrlUozMzOZTioWi3ft2oU/FxcXO51OjsJY6kac8fbt28FgsLCwkCqJv3ClUml6ejremZeXt3379gceeABv5ubmhj8t5yIyDui+JQjiypUrZWVlWH/yuBoAAIAdTs/8OS68D6tz8wIshA4AwIYhdo45ceKEQqGQy+V2u12v1+Oder3ebreTJKlQKMJ/x/7YY48dPXpUr9dfuHCht7eXIIj09PSsrKzV/jQ9EAjMz8/jz3a7/aGHHuIojGNdgiBIkkxNTf3111/x5vT0NPuPJeMTGQd0366srFy6dCnireVkcDUAAAA7sXOM3++32WydnZ3Z2dnh+7Ozsz/66CObzYZ/23Hjxo3nnnvuu+++W1xcnJ+f/+STTxQKBS6p1Wqbm5snJydv3bp18uTJH374gYsynU5369atn376yWAw1NbW4p0ymSwQCPzyyy8swpjqRrBly5bDhw9rtdr5+XlcsqGhgYsw7iI3b94c8VOYqIRCIZHofwvHRfh2eHhYLpdT03pJ5WoAAAA2+Hqww9fq3CixBboTXKae4xr1HEWazWb6GvV0MXytUY/W1Z8aAABwP7AJIbTWaS6Subm5kpKS+NaESKSuECd64403bDbbt99+y1RgeXm5uLj49OnTr776KlOZRx555PPPP3/iiSfil8vAPXMXAAD3J+tsbf91B6xRDwDA/UwSrSWzIYE16gEAuJ+BHAMAAAAIRTI+jwEAAAA2BnAfAwAAAAgF5BgAAABAKCDHAAAAAEIBOQYAAAAQCsgxAAAAgFBAjgEAAACEAnIMAAAAIBSQYwAAAAChgBwDAAAACAXkGAAAAEAoIMcAAAAAQgE5BgAAABAKyDEAAACAUECOAQAAAIQCcgwAAAAgFP8BXtg3f2gBoKYAAAAASUVORK5CYII=) --- **Screenshot:** ![localsolicitors.com vulnerability](/twimages/screen-1195931.jpg) **Mirror:** [Click here to view the mirror](<http://1195931.openbounty.org/mirror/>) ### Coordinated Disclosure Timeline Vulnerability Reported:| 13 June, 2020 12:22 GMT ---|--- Vulnerability Verified:| 13 June, 2020 12:38 GMT Website Operator Notified:| 13 June, 2020 12:38 GMT a. Using the ISO 29147 guidelines| ![](/images/done.png) ---|--- b. Using publicly available security contacts| ![](/images/done.png) c. Using Open Bug Bounty notification framework| ![](/images/done.png) d. Using security contacts provided by the researcher| ![](/images/done.png) Public Report Published [without any technical details]:| 13 June, 2020 12:38 GMT