logo
DATABASE RESOURCES PRICING ABOUT US

rosvacuum.com Cross Site Scripting vulnerability OBB-1196626

Description

Following coordinated and responsible vulnerability disclosure guidelines of the **[ISO 29147](<https://www.iso.org/standard/45170.html>)** standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence. Affected Website:| **[rosvacuum.com](<http://rosvacuum.com>) ** ---|--- Open Bug Bounty Program:| **Create your bounty program now**. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| **[XSS (Cross Site Scripting)](<https://www.owasp.org/index.php/Cross-site_Scripting_\(XSS\)>)** / CWE-79 CVSSv3 Score:| 6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N] Disclosure Standard:| Coordinated Disclosure based on **[ISO 29147](<https://www.iso.org/standard/45170.html>)** guidelines Discovered and Reported by:| **geeknik ** Remediation Guide:| **[OWASP XSS Prevention Cheat Sheet](<https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.md>)** Export Vulnerability Data:| Bugzilla Vulnerability Data JIRA Vulnerability Data [ Configuration ] Mantis Vulnerability Data Splunk Vulnerability Data XML Vulnerability Data [ XSD ] Vulnerable URL: ![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAAA3CAIAAABVZQ1/AAAACXBIWXMAAA7EAAAOxAGVKw4bAAAO4klEQVR4nO3df0wbVRwA8FvpsMDBoJTyqxO6KBKyoC4EWcLm3IwSJKQyxnR2DJUgLmwSMgkwRWQb2zAYJQvZHy7ZiIlmMYQQYuaC0zSEbAxYxQZZB6zU2lUoDNiBpULPPy5eLnfvrkfXG2x8P3/1rq/vfd+XC6991763gSRJDAAAAJCAbLUDAAAA8MSCMQYAAIBUYIwBAAAgFRhjAAAASAXGGAAAAFKBMQYAAIBU1sQYo9Vqf/vtN75D4BtIIwBg1a3+GPP77797PJ7nn38eeQh8A2kEAKwFXsaY8fHx0NBQ5FOzs7OnT5/mOxSvo6MjNzeX7xD4hpnGqampgwcPRkVFxcfHV1dX//vvv3yvEii5uLj49ttvMy8G+toYHx+PiIhYUXgC1xUA4Eni++eYmZmZhoYGvkPxYIyRAjONhYWFHo/HaDReu3bt119/ra+v53sVX8nFxcWsrKylpSV/hZeQkOB0Ov1VGwBg7SIFWSwWHMfFPCVQUoDdbg8PD3e73chD4BtmGgmCkMlkMzMz1FPd3d1JSUnIVwmUtFgsJ0+eZP2JbTbbtm3bqAfp6enSdQcA8PgS9Tnm66+/1mq1kZGRBw8enJ2dxTBsdnY2MTGRIIgNGzZcunSJefjll1+GhoZ+8cUX0dHRERERhw4d+ueff/hq7ujoeO211zZu3Mg6pOZSTp8+HRUVFRsbe+HCBQzD5ufnP/jgg6ioqM2bN3/++efLy8vUq27evLljx47Q0ND4+Pi9e/f+8ccf+/fvP3XqFN3K9u3bL126RJXcvn17UFBQVFTUvn37/vrrLwzDlpeXq6uro6OjQ0JC9u3bNzU1hXEmc+jpIOHzTU1NWq02JCRk//79U1NTH3/8cVRUVGRk5Lvvvjs/P8/tPrJpZE9XVD8zq06nMzg4eNOmTdRTGo1mYmLi7t27ISEht27dwjBsamoqIiLil19+QZakHickJBw/fpwVfHx8fH9/P/Xgxo0b1MmffvqJ72/NLMBMo/iu3bt374033ggNDdVqtU1NTcgJOu7FgLyW+DLPhcyVcB8BADTvYwxBEEajsaenp7e31263V1VVYRi2adOm4eFhHMddLpder2cevvnmmwRB9Pb29vX19fX1DQwMNDY28lUuMFFGEMTw8LDJZLp48WJmZiaGYUePHrXb7QMDA1euXOno6GhpaaFK5uTkFBUVWa3W7u7uzMxMhUJRUFDQ3t5OPXvv3j2j0ajT6TAMGxgYKCkpcTgcJpNJo9GUlZVhGNbY2NjV1dXV1WU2m+Pi4oaGhnxLJZWo7u5uo9Fot9uTk5OdTufg4OD169ctFktNTQ33JXxNI3sqvn6v841arbampqa8vBzDsNra2uzs7FdeecW3XrMUFRXt2bOHGntYbt68uWfPnqKiIu5TIrtWVlYWGBg4MjLS1dXV2tqKDIB7MWCoawmZ+SgOSXMFwLog/DHHYrFgGDY3N0cd9vT0bNmyhX4KOVdGvcRqtVLn29ra0tLSqMdWqzUxMZF+CUEQOI5PT09zD6lK6KdIklxaWsJxfGxsjDrs6OjIyMggSXJ6eloul7tcLmbYCwsLYWFhVAwtLS25ubncro2MjMTExJAkqVarBwYGuB1n9S48PFz4PIZhzIkmmUy2sLBA5+2ZZ57hxoBsGtlT8fWzssoXsNvtTk5OrqurU6lUDodDoCRfTpAIgmhoaFAqlQUFBWazmTppNpsLCgqUSmVDQwNBEKyqRHZtaWlJoVDQaWlra2OFR/JcDNxrieTJvI2DOs/NFQBAJLnXQQjHcXpaIy4ubnp62utLFArF5s2bqcfJyclWq5V+eU9PD13s6tWr6enp9IwH6xDHceZkyMTEhNvt1mq1dLXU/46IiIj8/PyMjIzdu3fHxcWlpaW9/PLLQUFB2dnZ7e3tR44caWtro98737p1q7KycmhoyO12ezwej8czOzs7PT2dmprqtVNe4TjOnGgKCwsLCgqiO869xc3XNF9PRdbPSiOfjRs3njt37tVXX21ubo6Ojl55d9FCQkKqq6tLS0vfe++9lJQU6ptpKSkpOTk5Y2NjdPwsYro2MTHh8XiYaeHWg7wYMM61xJf5+Ph4ZHgS5QqA9eCR/j4mICAgNjaWPvTXN8q+++67b775JjU11e12V1RUHDlyBMMwarrs/v37vb29dLU6nW7nzp0Gg8FoNP7444/MwHzs0kPze9Pi0+hwOGQymcPh8G8Ao6OjZWVlBoOB/lpafX29wWA4fPjw6Oiof9viQl4MSNzMI+fKKBLlCoAnn/DHHIH5E5FzZe3t7fRcGdPS0pJKpaKnPliH3GkZvrkyFqPRqNFoSJJ0uVxKpfKrr77Ky8ujnpqYmJDL5cySVF/UarXRaGTVMzc3J5PJ6EnC7u5uqjDfeeGJJu68EwXZNN9cmZj6WWkk+b8tNjMzExMT8/333yuVyqGhIYGSzFa8zpWVlpbiOF5RUeF0OpnnnU5neXk5juOlpaUkZ65MZNcUCoXFYqHOI+fKWKiLARk2MvN8c2XcXAEARPJ9jCEIQi6X03Pu9CE1xuTn59tsNpPJ9MILL9TV1dE10HPlBoNh69at9HnWIfL/QnFxcW5urtVqNZlM27Zta25uJklyaGgoKyvr2rVrTqfTarUWFxfn5ORQ5Q8cOBAWFnb58mW6BrVa3dLSMjMzYzabdTod1ZeGhob09PTBwUGbzUa9AacKp6enFxcXOxwOs9mcmZlJdxx5XvwYw7xbwNc0t6ci62elkZKVlaXX6+12OxXwJ598QpLk4cOHCwoKSJI8efLkrl27BEoK/1FY9Ho9PQxwWSwWvV5P+jTGkCSZn5+v0+ksFovJZEpNTeWOMciLARk2X+aRkLkCAIjh+xhDkmRdXV1wcPDFixeZh01NTTiOnzlzRq1Wh4eHFxYW0vdvmbUdO3aspqaGrop1iPy/QBBESUmJSqXSaDR1dXVLS0skSbrd7rq6uqSkpMDAQLVardfr6buy7e3tOI7TrZMkaTAY0tLSFApFTExMRUUF/Qa5srJSpVIpFAqdTke/AR8ZGdm9ezeO4ykpKc3NzXTHkedF/qNkFeNrmttTkfWz0kiZmJg4cOCAUqmMi4urqqpyu919fX04jlOfNV0uV2JiYmtrK7Iksx7ffgKF5NsY43A4cnJycBxPTEw8c+YMd4xBXgzIsPkyz8WXKwCAGBtIkvTv5Nv4+PjWrVsfPHggXOy5555rbW196aWXkIfAN+snjbdv3965c+fff/+92oEAAIR4/16ZRG7fvi1wCHyzftJoNBq3bNmy2lEAALxY/XWXHwvLy8tnz569c+fOagfyuPJLAk+cOHHhwoXJyckbN27U1NSUlpb6KzwAgERgjBElICDA4/EcO3ZstQN5XPklgbt27WppadFoNHq9/ujRo4cOHfJXeAAAifh/jElISPB6M+aR8XkNee5WBZWVlTabjV6YS2r+Wv3+0ayiL2ZnB5EJFNgyYMeOHf39/YuLi3fu3Pnoo48eMmYAwCMAn2PQuFsVBAQE9Pf3r4fb6T4Qs7MDJBCAdQjGGLC2yOXypKQk5gMAwOPL+xgjvM58RETEO++8Qy34T1lcXHz//fdDQ0MTEhI+++wzujxzcXXxS/cjSyIh1+1n4caGbIK1c4H4zNC1Ibc2EGidL5lnz55l1cO3uQAmuPQ9tx7h+Ln1C8TJTFdhYeHrr79Ov/z48eMCd02QGwH4tmUAAGBt8j7G8K0zPzg4SC34b7VamQvL19fXLywsDA4OXrlyxWAwnD9/HkMtri5+6X5uSeS6Ush1+1mQsXGbYO1csKLMULUhtzYQaB2ZTIIg+v4nvEUChW/pe756+OLnwxcnM12nTp0yGAz0DbmOjo68vDy+CgU2AvC5JABgbRH+iabAOvPMNbvoBf9JklSpVNT67SRJGo3G9PR07uLq4pfuRy7MzreuFI1et5/1G29ubHxNeP1Nu3DAyK0NBFrnJpOvHr5fxfMtfc9Xj0D8ApsX8P3Rma/KyMj44Ycf6JOslfaZkBsBPGRJAMCa4uU3mALrzNMzKhqNhl7w//79+06nMzExkTr0eDxyuRzjLK7OPcPXEPK1yDXYuev2swrwxYZswiuBgJFbGwi3jkwm3xYJfPHwLX2PrEcgfj58cbLodLrOzs69e/d2dnZmZ2c/9dRTfBUiNwJ4yJIAgDXFz7/zd7lcMpmsr6+P/gcqk8ncbrd/W2Euuk6ZnJzU6XTFxcXnz59XKBQ2my0rK0tMbP4NTMDqtv4o5eXlUVOanZ2dyF0vmUZHR2tra5kbATx8SQDA2uFljFGr1YGBgXfv3qXe8A4PD9PvxJFiY2ODg4Onp6dffPFF+uT4+LjXOFbUkNFoZJ2ZnJy02+2ffvopdcjdEIwvNp8JBOxyuf7880/qo4PZbH766ad9ax1Zj1KpXFhYePDgAfWRwmaz0fHIZLLx8fGEhAQqHuF6+OLnq1+8Z599Vq1W//zzz9evX798+bJAyQ8//PDbb78tKSkxm82RkZF+KQkAWFu8zqatdJ350tLSjIwMk8lkt9sbGxvr6+u59zbEL90vfq1f5Lr9c3Nzcrl8eHiYWqSZGxtfE6ydC0Rmhvz/vgVyawMxrbPufyDr4dt0ALn0vUA9yPj56hf+o7PSVVtbm5qaSm+ywEd4IwDfSgIA1hTvY8xK15l3uVzl5eUajSY4ODg7O3tsbEzkGINcul/8GINct58kyaqqKnoDAm5sAk2wdi4Qkxm6NuTWBmJaZ+0C0NjYyK2Hb9MB5NL3AvUg4+erX/iPzkoX9UFTIHUAgHXC/2v7r3MitzaQ2uoufT8/P69Sqex2+0q/SQEAeMI8mbedweoufX/16tXMzEwYYAAAq7Z/DPC7EydOxMXF5ebmjo2N1dTU1NbWrkoYs7Oz586de+utt1aldQDAmgKfY54ca2Tpe/rGz6q0DgBYU+B+DAAAAKnA5xgAAABSgTEGAACAVGCMAQAAIBUYYwAAAEgFxhgAAABSgTEGAACAVGCMAQAAIBUYYwAAAEgFxhgAAABSgTEGAACAVGCMAQAAIBUYYwAAAEgFxhgAAABSgTEGAACAVGCMAQAAIJX/AEbRdIjTAc29AAAAAElFTkSuQmCC) --- **Screenshot:** ![rosvacuum.com vulnerability](/twimages/screen-1196626.jpg) **Mirror:** [Click here to view the mirror](<http://1196626.openbounty.org/mirror/>) ### Coordinated Disclosure Timeline Vulnerability Reported:| 14 June, 2020 12:54 GMT ---|--- Vulnerability Verified:| 14 June, 2020 13:10 GMT Website Operator Notified:| 14 June, 2020 13:10 GMT a. Using the ISO 29147 guidelines| ![](/images/done.png) ---|--- b. Using publicly available security contacts| ![](/images/done.png) c. Using Open Bug Bounty notification framework| ![](/images/done.png) d. Using security contacts provided by the researcher| ![](/images/done.png) Public Report Published [without any technical details]:| 14 June, 2020 13:10 GMT Vulnerability Fixed:| 16 July, 2020 17:47 GMT ---|---