logo
DATABASE RESOURCES PRICING ABOUT US

gettyimages.ru Cross Site Scripting vulnerability OBB-1196008

Description

Following coordinated and responsible vulnerability disclosure guidelines of the **[ISO 29147](<https://www.iso.org/standard/45170.html>)** standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence. Affected Website:| **[gettyimages.ru](<http://www.gettyimages.ru>) ** ---|--- Open Bug Bounty Program:| **Create your bounty program now**. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| **[XSS (Cross Site Scripting)](<https://www.owasp.org/index.php/Cross-site_Scripting_\(XSS\)>)** / CWE-79 CVSSv3 Score:| 6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N] Disclosure Standard:| Coordinated Disclosure based on **[ISO 29147](<https://www.iso.org/standard/45170.html>)** guidelines Discovered and Reported by:| **H_chabik ** Remediation Guide:| **[OWASP XSS Prevention Cheat Sheet](<https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.md>)** Export Vulnerability Data:| Bugzilla Vulnerability Data JIRA Vulnerability Data [ Configuration ] Mantis Vulnerability Data Splunk Vulnerability Data XML Vulnerability Data [ XSD ] Vulnerable URL: ![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAABLCAIAAAAphcDFAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAZ+klEQVR4nO2df0wb5/nAr65LXMcB4jgeIV7quCnrMkRpyhDN2MSiqEKeyyyKIkpdyhCKKIsYjVDGUJahFNGMZRFiFKGMTbSKaP+IMiuqIlShKEOIZZQhh3rMYxYDz/U8cKkhHnXA633/eL979e5+vHdn+wJJn89fvvfu3ud5n/e5e87v+95zj7AsywAAAACACmi2WgEAAADgoQViDAAAAKAWEGMAAAAAtYAYAwAAAKgFxBgAAABALSDGAAAAAGqxLWLMwYMH79y5I7YJbCugdwAAkM/Wx5iPP/74iy++eOaZZwQ3gW0F9A4AAIqQiDGLi4u7du0S3LW6uvrWW2+Jbcrn+vXrFRUVYpvbEEUNpxjwQQT3zt27d3/0ox898cQTjz/++Ne+9rWf//zn//nPf9STSzHjZ5999oMf/GDv3r379+//8Y9/vLm5mUT99+7de/nll0kRWOLi4uLu3btRIaXVKrmBoBqpw9GHVD6NHvvGG288/vjj77zzTlrqFLNA0ncePp9++umrr76KfOknP/lJcr4EcGGpLCwsGAwGObsoR9IpLi7+8MMPxTa3IUobHo/H1VfqPoF7p6qqyul0+ny+paWl0dHRsrKyyclJ9eRSjFxRUVFTUxMMBn0+X2lpaVtbm9LK4/F4WVlZVVWVYLcuLCxkZ2ejQkqr6W6Q9NUhqEZaIN2So15aPDYSiWg0Go/Hk0gk0lKnmAWSti0fu92OfamkpOTs2bNpqfZLzhbHmFAolJ2dvbGxIbi5PUlXcH3gwL2zvr6u1Wqj0eh9Ey1m5PX1dYvFEovF0Obk5OShQ4eSqLyzs5MjIhgMHjlyBP0oLi5GsiitVinG8NVQAzV8OO11qh1jYrGYRqPB/Ts+Pp6Xl5d6tYCsGNPT02O1Wo1Go8vlQn0QjUbxP6GhoSFy85e//KXBYOju7jabzdnZ2bW1tevr62L1DwwMnDhxgr/pdDq7u7tRocfjycjIwH1/8uTJQ4cOUfa2trbST29tbSV1CIVCdrvdYDBYrdaLFy9iP47H4/X19QaD4cCBA+fOnUOPY5SGDw0N9fX1vfDCC7jm9vb2yspKfAEgY168eNFqter1+hMnTkQikdbWVpPJZDQa6+rqyHtlSUmJTqczmUxVVVXBYDAJVScnJ0tLSw0GQ25ubmVl5ezsrGDndnV1mUymnJycwcFBfvgkr2rcO7FYTKvVYm05iCnDbxFfAZZlE4lEW1ub2WzW6/VVVVWRSIQV90MOw8PD3/nOd1iWDQaDL7zwgl6vt9lsly5dkvMPQPJWRWk16Qavvvoqxwdqa2v5fxT4JpIJqkrw+orFYidPnjSZTBaLpaOjA1fL9wRSH44Pk7sEKyTdODs7u6amht8XkUhEsM75+Xm9Xj89PY2Oyc7OvnnzJsUmqB8NBkNeXl5XVxe/HznK03Wm35Tozg8kjXSMYRimrq4uFAr5/f5jx441NjaiXT6fz2AwxONx1It4c35+nmGYqqqqQCDg9/vz8/M7OjrE6rfb7VeuXOFvDg4O4gu1s7NTq9W+//77aNNms7W2tlL23rx5k346dmtEZWWl0+kMh8N+v7+goAA7Vnt7e3V19fz8/OzsbFlZWV9fH73hiUQiGAzqdLq1tTV0ZH5+/q9//WsyxjAM43K5gsHg3NxcaWmpyWRCtp2bmysrK2tubkZHDgwM/Pa3v41Go+FwuKWlxel0JqGq2WweHBxcWVmZn5+/dOnS/Py8YOfW1taGw+GRkRGfz0e/zMjOqqiocDgc4+Pj/HuuoDKCLeIrwLJsV1dXUVHRzMxMMBhsbm4eGxtjqX6I8fl8ubm5aPDK6XRiDyQNZeJBNlbycZjSauwGgUCA4wNut5tTuZhrUdQj9RS7vurr6x0ORyAQ8Hq9R44c6e3tReV8T+DoQ/owuUuwQtxryG9LS0ubmpr4eorV2dnZiZ4Dmpqaampq6DYh+zE/P1/wps+5Hik6029KEGNUQlaMwRfMxMSEzWbDu8TGrxmGCQQCqPzatWtFRUXodyAQsFqt+JRYLGYwGFZWVviboVBIr9ejMdzi4uLTp08jd1xYWMjMzAwEApS9Gxsb9NPJsbhEIqHT6fD999q1a+T9CN9KPB4PHqmgj5WVlJRcvXoVl8/NzXFiDPlnXKPR4OepiYkJwXEev9+fk5OjVNWVlRWtVksfBEf6YPsLNg2L4HTW2tpaW1tbXl6eVqs9dOgQ+dQsZjd+i/gKsCxrNpvRcy5fVUE/RASDQZvNhp4kkKFID8StCPIQa7sglFaTp3N8IB6PcyoXMxFFPY4p+NdXIpEwGAzYPa5fv15SUsKyrKAnUHwY/xarkNMX4+PjuC/IC1ywTpZlNzY2nn766Y6ODpPJFA6HKTah9KOYILrO9JsSxfk5Ny5AEcrmY0i7U2KMTqfD5bOzs2azGf1OJBKhUAjvunbt2rFjx8Q2CwsLb968GQ6HLRZLNBo1m82JRGJwcLCyslJyr5wDEKFQKCMjg9QWNXBlZYVhGPw4aTQacSvoMebChQt1dXUsy/b19Z04cULsSuMYk7M5PT19/Pjx3NxcJBqVK1W1urq6sLDw9OnTFy9evHXrFsuDf1elaMjpHUw8Hp+YmMATpGLKCLaIr0A0GtVqtfyxI8lnzJKSEvzYHgqFOB6YlrEySqs5p3N8gLOX4lpyELu+OO4xNzeHAjkr5AlyYoxYhZS+IC9wiuePjo4yDIP7S8wmlH4UE0TRWfKmJLNdgFK0kgvP0sijjz66b98+vElftWy320dHR+fn5x0OR1ZWVmFh4djY2OjoqN1ul9wr5wA68Xhco9FMTU1ptf9vIo1G1rtElZWVpaWlDMN88MEHdXV1ck7h43Q6GxoaBgYGdDpdMBgsLy9PQtX33nvvT3/6k9frDYVCp0+fPnr06K9+9avk9GHE15Tv2LHj+eef7+3tdblcb775ppgyilr06KOPKtLtn//858zMzB/+8AfJI/fu3cspWV5eViQLwWk1Zy/dByiulS71OPA9obW1NfVq+XAucDHC4bBGowmHw7hE6eUmU5Ac5FSVRnFfRughKLn/MQzxt9TtduO/pSSJRMJkMuF/tZxNlmUnJiaKi4srKipu3LjBsmx/f39zc3NOTg56oKDvlXMAlqvT6RYWFtAm+X/cYDDwB20oDcfk5+ePjo5mZ2evra0l8T9maWlJq9Xico/Hg8qTUJWsxGKx0BvCsuza2ppGoyGHQbBoTu9wJiTGxsbwgAlfGbEWCf51MJvNHo+HrirHdIlEgtSNM8bidrvTNVZGaTXndNIH+HvF+iuJsTJ8fYkNE3FAnpDiWJmceQsxz49Gozk5Oe+//77RaCTXofBtQulHMUEyx8oEb0qwrkwlko8xaJnN3NwcZxNPrwWDQa/XW1hYSE6v4XHhsbGx/Px8XM7ZRJjNZrPZjE4JBoOZmZmFhYUy90oegDVBLz0sLCx4vV5yfrixsbGkpAQ9/XV3d58/f57ecFzzuXPnCgoKHA4HK36lseIxBmne398fjUbn5uacTifn/Qw5qs7OzpaXl9+8eTMSiQQCgYaGBqQP2XDBu2pxcXFDQ0M4HEbTuUgEp3d8Pp/ZbL58+XIoFIpGo2hvV1cXxW6CLRJUoKurq7i4GM35nzp1Cs/50+9rnPkGNFeMPTAtY2X0VnPcgPQBlmXX1ta0Wq3P50PDgGKuJQfK9dXQ0FBRUcGZ7hb0BE5jSeXJXYIV0vtC0LvI301NTWj8sLOzs6ysDJ8oaBOxfozFYmgVGd/yYjrLuSmVl5e7XC68lgEPhJLiAKUkH2NYlu3o6NDr9dj6aBOtXb5w4QJ/mSBZW2tra3t7O66Ks4moqampqqrCm0VFReQx9L30A0hNwuGww+EwGAxWq/XChQvkguCWlhaLxaLX6+12O/mkLNhwvOnxeJj/rqRMLsaMjY0VFRXpdLqcnJzTp0/jcvmqbmxsdHR05OXlZWRkmM1ml8uF5lcp+iDQqi2DwXD48OHe3l4kgt87N27cKCsry8zM1Ov1BQUFly9fxrsE7SbYIkEFEonEmTNnTCaTTqdzOp3k2mU5pkOQa5fJRd4U5PyPobSa/V83IH0A0dbWhvdSXEumnoLXl+CyXUFP4DcWK0/uoqwDJvURHNsQ/D01NWUwGND/iXg8brVa3333XXSMoE3ItctkP3J0IC1P0VnyprS0tFRTU2M0GnNzc9va2vDiIEVzdQAHiRiTBDL7Iy8v7/bt22KbWwV6Vk2xklgsptPpOMul0k5aVJXJNumd5BAbzFEV9XwA7nesciOkaDSweSrc1zl/kr/+9a+Uza3C4/HYbLYUK/nwww9LS0vTmF1KkLSoKpNt0jsPEPfHB77MJL2g5oEQ9zCx9XmXt5w333zzN7/5zfLy8h//+Mf29vbGxsZUaltdXUUrVtOlHkl6VQWS4M6dO6+//jr9GFV9gM7m5ubLL7/8r3/9C5dIKsw/ZfuTk5PT09PzsIp7yIAYw5SVlfX391ssFpfL1dzc/Nprr6VSGx7wTZd6JOlVFUiCuro6q9VKP0ZVH6Dz2GOPZWRkkEuTJRXmn7L92bFjh9IF7g+QuIcN+lCazIHIlpYWnU6H5tyi0ShebMMhEom4XC6TycSZUqPUpgiKaAppGWxdWVlxuVxotvDMmTOoaYKFlPLkIFeNkxMPvb29NpstIyOjsLAQLeCWUxV2DI1GY7Vaz58/T8mmJdN0SfcL3117enrUkCWmAMewKJdw2hNpY4dPiytOT0/jty/5Csfj8erqao4UfIqYL926dauwsFCv15eUlMzMzKSooaAOJD6fr7y8PDMz02w219fX4/XEFDVkmo6c1W9paRHsSkn1AEWkIcZwknhTTpGTOptTmyKSvkRTv2s4nU7UtNnZ2ZKSErQyUrCQUp4cgveF3t5eq9U6Ojq6tLQ0PDxsNBrRImA5VcXj8Xg8vr6+jlJ60FfWyjFdcv1CKoOR9Io0Ts/yDavG3K8aOfDFlg4KfsWA/d+WCsaYnJwct9u9srLS0dEh+LqbfMR0ILHZbA0NDaFQKBgM1tTUVFdXS6ohs2vKy8vr6+tx1jtOelyZ6gGKSEOMkXwnESHzFadULuOtWv4Rj8fJrO/j4+OHDx8WLBQ7OBXpgunfc3NzydSfPT09+F0NCnwDpq6eYLXb7SxB+IZVw8HSXid9uTz/KwbkYWKfEjCZTOiF0A8++KCgoCBF9QR1wMTj8Z6eHvwi8MzMDH59mKKGzFdodTod/UsQkuoBSlEWY/j5tzlJvPmptsWqElxRyqlNUWpximiMYLp7UjHBgUTJTOzRaJTMbjk1NWW1WgULxQ7GavDTj1PSoYuBTEEOwU1PT3PeSBfMzc6/tKamptCjAP1VCUqd/H7h2xOdzknyL3ady5cl2HGCsmTCUUnwMwSKnFYsBz5fSbIG+ochJF+BosQYMdArpU1NTQUFBV6vl7NX7FMU8i0pxsbGxpkzZ2prayXVSCIqUJ6fIMakEWVz/ufPn19fX5+ZmRkZGRkbGxsYGNizZw/Ore1yubKysshNRZUzDMOprbm5ORQKTU9Pj4yMXL9+vb+/Hx0Wi8VmZmYmJiYmJycDgUB7ezvDMHJEOxyOurq6QCAwPj5eWlqq0+k4B+AxmTNnzlRXV4u1mnNWVlbWkSNH2tvbNzc37969i/7ICxaKHYzbNTk5OTU1NTU1NT093d3dzTDMwYMH29vbW1paGIY5d+6c3W7/7ne/Szcjel577LHHcElmZuba2hp5AN+AfJaXl8+ePet0OhmGEesLyTr5/SJoz1gs5vP5vF7v0NAQSvZFb6AcWWIdx5e1lwddAUR3d/fo6Ojo6Ojc3Fxubu7s7CzFUII6cxye00aOkrFYzOPxjI+PezyeUCj09NNPRyKRmZmZ27dvLywsiHViWjAYDPPz80NDQyMjI9/4xjc4e6enp0+ePBkOh71er8ViOXXqFCpPzqqY3/3ud3q9fnJy8vLly3LUIJEjurOzc0vWZXzpoIcgTjwXzElOHyuTTJ3NyZuND0sitTj96UMs3T3/LK/Xe+DAAfRYKtZqjuazs7OFhYUZGRl6vZ5hGPRBYsFCsfIF8fTjgunQKfnG+S2an58n35GmGJD5b/pbo9Go0+kaGxvRLIhYX+DnbrE6+frw7bkglOSfVAZx6tQpRbLE3JUvS06iMH5D+J8hSNFpOfbkfHaBkfdhiLT/jxkcHCwoKAiHw2VlZeXl5SzL+v1+sfd/8Ycb2JSzw62vr6OEPQMDA5JqcCqU7NCOjo7jx4+LTe/B/5g0oiDGiOUkp8cYydTZnLzZ+LAkUovz72Wcbz0Jprvn+9PRo0fdbje91XzNWZaNRqOXLl3izEYKFvLLF8TTj7NC6dAp+caDwSBZFcuyfr8fG4FuQL1ej67JUCiEr0DJvqAPhEp6kditECuDQPdcmbJkuqsiyHMFP0OQotOK2VNOqyUTuohVJXYYBofSUChkMpm6urpu375Npv4T/HADHfm9cOPGDTRFRFdDUbe63W6bzYYfIlNRD5BEwXv+yaW7l0yLrV7ebJQzikROuvu3337bZrN9//vfR5uUVvM11+v1PT09fX19koWUckH46dApdkNjL5ubm3i4bG1tLTMzU44gjUazf/9+OUcmh6A9NzY20q6MIndNOqn+Q//axPLy8srKyrPPPsswzL59+4aGhpxO59TUFDmeKfbhhuSsurm56fF4vvnNb6JNm80WCoXkqEFCEf3nP/+5sbFxZGRkz549ksoAqaMgxuzbt0+v1+OeVorJZFpfX19dXc3KymIYJhgMms1myvFmszkjI+Pvf//7wYMHGYbx+XyS775xELw9Pffcc8899xzDMHa73eFwcGLMJ5980tfXNzExgUsUtXpoaMhkMr344ouShYLl8Xj8H//4x1e/+lWGYebm5g4cOIDKV1dXW1tbh4eHm5qaXC7X17/+dboaWVlZubm54+PjeOYGTW9K6i9G6n2BEbTn4uJi0ropEiQG/3FEkqysLKPReOfOnWeeeQYXptFQ2wSj0ajVav/2t7899dRTDMN873vfq6+vv3z5stfrRQcsLy+HQqGf/vSnaJNcxZCEVRmG+eKLL44ePbq0tIQy8aALQVINDmKiP/vsM6fTeenSJbLXAHWh/82Rk5Oc87+Sn+uenjqbkzebrE1panG+aBKxdPdkhZWVlVevXsUz/6iQkomdnN1JJBI2m+369eukUMFCwfIF8fTjgunQ6fnG8fsxkUgEfasDvx8jf7CRhN4X9JEcTr/w7UkZ0uG/HyNflhx3VUQgECAHIQU/Q6DUadM+Vub3+8mPBHNGTQUrJ0/h09TUdPToUa/XG4lE0INRTk4O+XKb2KcoKNB7weFwVFdXB4NBj8dz+PDh/v5+STU4dypBEonE8ePHm5ubSY9KQj1AEdJ5lyVzkvP7g0y1Te4VTJ1Nmc5Rmlqc5aXZJ5GT7l4wAItlYudo8u6776KBYxLBQsFyVBs//bhYOnTJy0DsPf/kYoyctcuCdSLIfuHbUyzG8B+Jenp65MuS6a7yicfjOp0OB0vBzxCkJR9+KjHm6tWr+N0RjsKCVXFOEWx1W1ub1WrV6XRHjhy5cuUKWk+Pn1rEPkVBgT6Ju7S0VF1dnZ2dbbFYOjs7ZapB3qnEhHLcKTs7W+aUFZA06c/trxToToRSO4DdtoTm5uZjx45ttRaioKcQ8qUfSYX5p9x/ttCZ4TpSmy3L7U8CebOTA+x2/7l48WJy0wz3hx07dly5cuVb3/oWLpFUmH/KlrCFE1cP+pzZNucRljdAdJ+5d++eVqt96NfnSLK4uJifn3/37l2Zx4PdgIeGTz/9NBqNPvnkk18q0V8Stj7GAAilMQYAAGD7IyuXzO9///tnn312586dzz///McffyznlNXV1bfeeot+zPLy8iuvvLJnz579+/e/8cYb9+7dS0ViElK2FU888QQEGAAAHjJkxZjq6uqOjg70dlV9fb2cU9BnPOjH1NbW6nQ6r9c7NjY2MzNz9uzZVCQmIQUAAABQFVkxJpFIFBUV7d69u6ioSOyVbKX8+9//vnXrVm9v7759+5588skLFy643e60S6RLAQAAAFRFVoxpamqy2+0//OEP29vbh4eHyV0fffTRt7/97V27du3fv/+ll176y1/+wjDM6uqq1WqNxWKPPPLIO++8I1jnzp07P//88507d6LNjY2NjIwMSYmLi4u7du36xS9+8ZWvfGX37t2vvfba559/TtGcLgUAAABQFVlrl1EqWb/f7/f7OTmyHA5HV1dXZWVlNBp1u90oWz5KsV5UVBSJRFC2KMnMRZw82xSJOAH+xsaG0+ns7u7+2c9+JkcEXwoAAACgLpJv0FBSaotly2cVptrm5NmmSFwQT4CfYjZvAAAAIO1Ixxh6Sm3BbPmskrdn+Xm2KRLpCfAVSQEAAADURmKsTDKltpxs+Yz4QBY/z7bSJN6SIgSlAAAAAPcDeghKJBKcnHonT55kGIb/TW+WZT0ej8ViQb/ljJWtrKwcOnRoeHhYvkTOWJnb7ZYcKxOUAgAAANwHpMfKKCm1xbLls1Jp9llqnm2KREoCfKVSAAAAALWRjjGUlNpi2fIRlDT7rEiebUmJYgnwxaBIAQAAANTmActXBkm9AAAAHiBkvYMJAAAAAEkAMQYAAABQC4gxAAAAgFo8YPMxAAAAwAME/I8BAAAA1AJiDAAAAKAWEGMAAAAAtYAYAwAAAKgFxBgAAABALSDGAAAAAGoBMQYAAABQC4gxAAAAgFpAjAEAAADUAmIMAAAAoBYQYwAAAAC1gBgDAAAAqAXEGAAAAEAtIMYAAAAAagExBgAAAFALiDEAAACAWkCMAQAAANQCYgwAAACgFhBjAAAAALWAGAMAAACoxf8B5kv6qqrVcykAAAAASUVORK5CYII=) --- **Mirror:** [Click here to view the mirror](<http://1196008.openbounty.org/mirror/>) ### Coordinated Disclosure Timeline Vulnerability Reported:| 13 June, 2020 13:54 GMT ---|--- Vulnerability Verified:| 15 June, 2020 08:47 GMT Website Operator Notified:| 15 June, 2020 08:47 GMT a. Using the ISO 29147 guidelines| ![](/images/done.png) ---|--- b. Using publicly available security contacts| ![](/images/done.png) c. Using Open Bug Bounty notification framework| ![](/images/done.png) d. Using security contacts provided by the researcher| ![](/images/done.png) Public Report Published [without any technical details]:| 15 June, 2020 08:47 GMT