Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:
      a. verified the vulnerability and confirmed its existence;
      b. notified the website operator about its existence.
Affected Website: |
austcham.com.hk |
Open Bug Bounty Program: |
Create your bounty program now. It’s open and free. |
Vulnerable Application: |
Custom Code |
Vulnerability Type: |
XSS (Cross Site Scripting) / CWE-79 |
CVSSv3 Score: |
6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N] |
Disclosure Standard: |
Coordinated Disclosure based on ISO 29147 guidelines |
Discovered and Reported by: |
rahul83636534 |
Remediation Guide: |
OWASP XSS Prevention Cheat Sheet |
Export Vulnerability Data: |
Bugzilla Vulnerability Data |
JIRA Vulnerability Data [ Configuration ] |
|
Mantis Vulnerability Data |
|
Splunk Vulnerability Data |
|
XML Vulnerability Data [ XSD ] |
|
Vulnerable URL:
![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAAA3CAIAAABVZQ1/AAAACXBIWXMAAA7EAAAOxAGVKw4bAAAQuElEQVR4nO2dfUxT1/vAr6XUWq6Ate0QqivMIBqzEcIq25hxvmyEMNIxxlzHNnSEqSGOELY5spGOGCSsLgYX5I9tcYY4Ygwxzhi2IFkawgwi1q4jrL6s1FIZVixa8Voq5/fH+X1v7rf3pbXz8vZ9Pn/dc+5zz/Oc55ze555zT89dhBAiAAAAAEAEJLNtAAAAALBggRgDAAAAiAXEGAAAAEAsIMYAAAAAYgExBgAAABALiDEAAACAWMzdGJOamnr58mW+JLBggJYFgAXMHI0xf/zxx/T09HPPPceZBBYM0LIAsLAJE2OGh4eXLl3KeWpiYuLAgQN8yX/J6dOnCwsL+ZLziLBuEfDwfEGgCmFrNwMtG0nPvHPnzo4dO9RqdUpKymeffTY1NSWqSWFh+k3UH5qw9uHh4WXLlomqiyCIw4cPp6amxsXFbdiw4dy5c2KrA2YaJIjT6SRJMpJTApJRoNfrf/31V77kPCKsW56s32aFyDsJmxlo2Ug8XFhYaDQa3W730NBQbm7uvn37RDUpEiiKwgei/tA4oVU4nc7ExERRdTU3N6elpXV3d3u93pMnT6pUqp6eHlE1AjOMdLZjHAc3b950OBybNm3iTAILhjnSsg8ePBgYGBgaGoqLiyMI4ptvvjEajWKPFcKyePHi2VItlUrT09OZB+LR2NjY1tb2yiuvEATx5ptver3exsbGn3/+WVSlwIwiHILwE82hQ4d0Op1SqSwtLfX5fAghn89Hl3D06FFm8uDBgyRJNjU1aTSaxMTE999/f3JyEpfW19eXm5tLkmRycnJRUdHg4CCn0tbW1pKSEnbSYDA0NTXhTKvVKpPJsDEIoYqKipqaGmGB1atXC18eYkZfX19OTo5cLlepVMXFxW63m/1EyXzKY9cuxEsIoWAwuG/fPo1Go1AoiouLvV4vn4eFbTCbzTqdTqFQlJSUeL3empoalUqlVCrLysr8fj/bpWy9ON/v91dUVKhUKq1WazKZgsFgFOULVIHpMbvdrlQqLRYLZ0NTFLVz506SJFetWlVXVxcMBktKSvbv308L5+TkYB+yJWlF2OzExESj0cjZUTmbKaQ6x48f37hxoxhOi9y3tN8EfmgC3uDM5OT69esKhWJgYAAh5PV6ExMTu7u7OSU7Ozv5CmHLcDqZ3aBHjhwhCCIQCNCZgUDA6XSGVQTMI8K/8/f7/Vartbe3t6+vz+Px7Nu3jyCIhISEoaEhkiQpiiotLWUm33jjDb/f39fX19/f39/fPzAw0NTUhIsqKCgoKytzuVw9PT25ublyuZxTI9/LmIKCgq6uLpx55syZ6enpzs5OnOzq6srPzxcWMBgMwpeHmDEwMFBRUTE6Omq327VabWVlpbCj2LUL8RJBEE1NTV1dXV1dXQ6HIzk5eXBwkM/DAjZg+Z6eHqvV6vF4MjIyvF6vzWY7f/680+msra1l28aplyCIvXv3ejyegYGBzs7O06dPt7S0RFe+QBUwExMTRUVFjY2NL7/8Mp3JbOj6+vrJyUmbzdbZ2WmxWHD4OXXqFD578+ZNq9VqMBg4JWkbbDYbtsHlcmE72U0g3An/+uuvmpoas9ksktMe17cCPzRcHU5v8LlIzSI1NbW2traqqoogiLq6uvz8fDykYFNWVrZly5aLFy9ynr1w4cKWLVvKyspwktPJ7AbdtGmTXC6PjY2ly4mNjX366ac5VQDzFeEQ5HQ6CYK4e/cuTvb29qalpdGnOKeJ8SUulwvnd3R0ZGdnI4TGx8elUik9y8zE5XLpdDp87Pf7SZIcHx9nJz0ej0KhwCXo9frq6mqj0Yg1xsfHBwIBYQGXyyV8uYAfrl69mpSUJDCO4atdyCUajQY/M0biYT4bCIKgBwo9PT0SiYQeKfb29q5evZp9LVsvQigYDJIkef36dZw8ffp0Tk5OFOVH0kny8/P37NnDvCqkoVUqFf0Ub7Va9Xr95OQkbjWEUEtLS2FhIZ8k24aenh7OjirQCRFCbrc7LS2tvb1dJKdF7lumzcLvYzi9wZmJKxgCQigQCGRkZJhMJpVKNTo6yukZhJDf729oaFAqlSUlJQ6Hg853OBwlJSVKpbKhoQEr5XMyu0GZdcHjOZVKxdf/gXnK473zZ95VBWKMXC6n8wcHBzUaDT7evn17ZmZmdXW12Wz+7bffaJlgMOjxePBxR0fH5s2b6VMhyczMzO7u7tHRUa1W6/P5NBpNMBj87rvvioqKIhEIezmTgYGBrVu3Jicn46mMxMRE4bkyztoxL/H5fFKpNGTiQrjMx7WB8yUtp16EkMfjkclkdNLhcAjHUb7yw3aS2tpaiUTyww8/MK9ituz4+DhBEKr/oFQqcZ/Zvn17c3MzQmjr1q1tbW0CkpF3VL5OiBDKycnB6kRyWuS+jTDGcHqDz0UC4PE9XXcBxsfHDQaDVCqlc6RSqcFgYE7wIn4nhzSo2+2m7xU+n8/tdp8/f17sVQbADDOj7/x/+umnixcv2u12j8dTXV394osvHj58mCCImJiYFStWYBnhVcv5+fldXV3Xr18vKChISEjIzMy0WCzMmS5hgbCXMzEYDOXl5a2trXK53O125+XlRVe7EGJiYiL32OPaIMBj6X2CTE5OdnR0tLe3V1ZWFhUVJSQk4Hxmy1IUJZFI+vv7pdL/75ASiYQgiJKSkm+//ba0tLSvr6+jo0NAMnL4munmzZs2m+33339nCs+W0yKE0xsCLlKr1SEl3Lp1iyCI0dFRiUQyOjoqrO7atWt1dXUWi6W+vp7OrK+vN5vNe/bsqa+vf+aZZ3Amn5NDGnR6epqiqKmpqdjY2ISEhISEhLGxMYVC8W/9AswphENQdOMYgjFXdurUKTxXFoLVatVqtSGZwWBQpVLRExEhSYRQb2+vXq8vLCw8e/YsQqilpWXv3r1JSUn0MEhYIOzlNGNjY8yHNavVmpiYePfuXYlEwpyQ4XvmomvHniuzWq1MSQEPc9oQxTiDUy/in/Z5suMYqVSKX/kWFBRUVlbSqkNaliRJ9sQURVFKpfLQoUPMgSanZOQdlQmzEwaDQaY9SASnPfFxDJ83ODMRz1yZz+dLSkpqb29XKpV8y3AQQrt27SJJsrq6ml77QOP1equqqkiS3LVrF/tCppPZDZqcnMwc6JjN5ry8PD4bgPlI9DHG7/dLpVJ6ZpZO4hiDF0HZ7fbMzEyTyYQQGhwczMvLwwvhXS5XeXl5QUEBXTKevbVYLOvXr6czQ5IYjUaj0WiwvNvtjo+Pz8zMjFxA+CxzElmj0bS0tPh8PofDYTAYcMX1en15efno6KjD4cjNzaW9wVe7EC81NDTo9XqbzeZ2uysrKy0Wi/B9h21D5PcpZl3YenF+eXl5YWGhy+Wy2+1ZWVnNzc1RlB/h/X1oaEgul9tsNsTVsrt27crJycFPvk1NTfX19TjfaDTGx8efOHFCWDLCjhpJJxTPadHFGL4fmoA3+JzJyZ49e/Dqvv3792/atIlPrLS0VHjFl9PpLC0tReGcHNKg9P9jxsbG2tralEplb2+vgBZg3hF9jEEImUwmhUKB11DSSbx2ubGxMWTtciAQMJlM6enpMplMo9GUlpbSLxhpLTU1NbW1tXT5IUmM0WgsLi6mk9nZ2SEywgICZ0Mqa7FYsrOz5XJ5UlJSdXU1rvjVq1c3b95MkuS6deuam5tpbwjUjumlYDD46aefqlQquVxuMBjotct8HmbbEN3tjK0X5/Mtw32s8iMfQ+zduxcvC2a3LEVRVVVVWq1WoVDk5+fTA4VTp06RJEm/GOeTjLCjCnfCkCGaqE4TEGNLcv7Q6LXLbG/wOZNNf38/SZJ41oGiKJ1Od+zYMT7hCBFwMuJq0ObmZp1OJ5PJsrKy+FZOA/OXRQihJzv5Njw8vH79+nv37kVx7Zo1a44dO7ZhwwbOJLBggJYFgP8R5laMAQAAABYSc3Tf5fnO5cuXd+/ezXd2amrqnXfe+eeff2bSJAAAgJkHYowolJWV6XQ6vrOxsbEymaympmYGLQIAAJgF5keMmZk9xv8NzB3Xb9++bbPZ8P4cBEHcuXPnvffeW758OXPf+KqqKnpjGwAAgIXK/Igxcx+fz9fQ0ICP/X6/QqGg983duXPn9PS0zWbr6uqyWCxYTKlU+v3+WTMXAABgRoAYIy4PHz48c+ZMS0tLSkrK2rVrzWbziRMnZtsoAACAGSJ8jLl///5HH32kVqtXrlz51VdfPXr0CH8m7+DBg6mpqcuWLXv33XcnJiaiKAfnX7hw4YUXXliyZIlarX7rrbdGRkZw/sjIyGuvvbZ06dI1a9YcP35coGRsz9dff/3UU08tW7bsgw8+ePDgAZ1/4MABtVq9YsWK77//ns8MZo3i4uLefvvt27dvf/LJJ2q1evny5Tt27Lh//76AoomJCZ1O5/f7Fy1a9OOPPzJtoyhqenpaJpPhpFwun5ycZFfhl19+CetAAACAeUf4GMO3kzl7H/UoyiH4t9CvrKyMj48fHBw8e/YsM8aw9yfH9nB+TcDv9w8NDdnt9qNHj+bm5gqYEfne7GxF7B3XaRISErKysmpra6empu7du2cymbKzs9nOEd44HQAAYL4i/BdNgZ3MOfdRRzzbQ3GWw1aHt6/H8nK5nPmBAPov0Ow9l5w8XxPA+fTu8QJmPNbe7GxFSPB/74ODg5mZmTKZDG/2hz8tHCLDt3E6AADAvCbMOGZsbCwQCKSmpuJkRkYGvs+SJLl06VKcqdVq8XbiUZRDEMSlS5e2bduWkpKiVqv1ej1FUVieIIiVK1fS8nRRKSwIgpDL5Uxhl8uFj0mSZC5IEzCDJEl6S2CtVhsfH79kyRKcTE5O9nq9+JhPkQBr1669dOnS2NjY/v37s7Ozt23bxpaJi4v7/PPPr169GggE1q1bF7ZMAACAecHsv/M3GAwbN260WCxWq/Xs2bNh5TnnyuY+CoXi0KFDdXV1fALXrl3DGy8yN04HAACY14T5foxGo5HJZH///Td+9h8aGhL4a2EU5dy6dcvj8Xz55ZdYjB4uaDQagiBu3LiBBw0Oh4Muymq1hhQeDAYpimIKr1q1SqTqRKiIzdGjR1Uq1euvv855dvfu3W1tbRUVFQ6HY/ny5Y9lEgAAwJwlzDgmJiZm+/btVVVVN27c+PPPP00mk9FojKTch/8NQRCc5ajVaqVSeeTIkYmJiStXrphMJlpvXl5edXX1yMgIlqdL5pwrIwiCKVxQUPBkq8OEU5FKpaIo6sqVKwRBSCSSYDDIvOTRo0eNjY3MWgSDQfoTUgRB+P1+u91+8OBBCDAAACwowr6xiWInc7aW1tZWdjlYnnMLfYSQ2+1+9dVXSZJMT083m80CX2DF9rC/JsC5+oDTjMfam52tCEPvuE5RlFwuZ766P3bsWFZWFtOMkydPPvvss+F8DwAAML958vsuzzwzttNz5Io+/vhju91+7tw5zrMPHz7MyMj44osvPvzwwydtIwAAwBwizPsYIDrMZjP7vRHN4sWL29raXnrppZk0CQAAYOaZ/XVlC5LY2Njnn39eQAACDAAA/wtAjAEAAADEYiG8jwEAAADmJjCOAQAAAMQCYgwAAAAgFhBjAAAAALGAGAMAAACIBcQYAAAAQCwgxgAAAABiATEGAAAAEAuIMQAAAIBYQIwBAAAAxAJiDAAAACAWEGMAAAAAsYAYAwAAAIgFxBgAAABALCDGAAAAAGIBMQYAAAAQi/8DBaMeGPAwH0YAAAAASUVORK5CYII=)
Mirror: Click here to view the mirror
Coordinated Disclosure Timeline
Vulnerability Reported: |
13 June, 2020 16:14 GMT |
Vulnerability Verified: |
13 June, 2020 16:27 GMT |
Website Operator Notified: |
13 June, 2020 16:27 GMT |
a. Using the ISO 29147 guidelines |
|
— |
— |
b. Using publicly available security contacts |
|
c. Using Open Bug Bounty notification framework |
|
d. Using security contacts provided by the researcher |
|
Public Report Published |
|
[without any technical details]: |
13 June, 2020 16:27 GMT |
Vulnerability Fixed: |
19 June, 2020 06:26 GMT |
— |
— |