Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:
      a. verified the vulnerability and confirmed its existence;
      b. notified the website operator about its existence.
Affected Website: |
aardoomendejong.nl |
Open Bug Bounty Program: |
Create your bounty program now. It’s open and free. |
Vulnerable Application: |
Custom Code |
Vulnerability Type: |
XSS (Cross Site Scripting) / CWE-79 |
CVSSv3 Score: |
6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N] |
Disclosure Standard: |
Coordinated Disclosure based on ISO 29147 guidelines |
Discovered and Reported by: |
MeneerKrabs |
Remediation Guide: |
OWASP XSS Prevention Cheat Sheet |
Export Vulnerability Data: |
Bugzilla Vulnerability Data |
JIRA Vulnerability Data [ Configuration ] |
|
Mantis Vulnerability Data |
|
Splunk Vulnerability Data |
|
XML Vulnerability Data [ XSD ] |
|
Vulnerable URL:
![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAAA3CAIAAABVZQ1/AAAACXBIWXMAAA7EAAAOxAGVKw4bAAAPsUlEQVR4nO3db0wb5R8A8BuWUqAtUKAywFAYMl8sWBckoJuZQpBgQzpF/lldNwljhiAhTAmaiUwZMsAJBgnBhBmiizGEkAXREGIq4gTWFGyQsUqgdgVnYcA6KNBxvxfPz8t5vbsWxo1/38+r3tN7nud7z/Ncv71rKftwHMcAAAAADrhtdQAAAAB2LcgxAAAAuAI5BgAAAFcgxwAAAOAK5BgAAABcgRwDAACAK9s3x4SHhw8NDTFtgj0LVgJgNzQ0dObMGU67WF1dzcrK+vvvv13v1LHKHrFNc8zvv/++trb25JNP0m6CPQtWAnBKrVbLZDJOu3B3d+fz+cXFxa536lhlj3CSYyYnJ0UiEe1T8/PzFy5cYNp8QB0dHampqUybO87k5KSfn99WR8HIaXgsy4A7tJ0SK+HOnTsnT54MDAwMCQl59913V1dXH3J4ZMvLy1lZWeRoieCJseV6DO/evfv222+HhYV5enoePHjwk08+uX///nobOXHixNMkzz77LPnZ+vr6AwcOeHh4PPXUU99//73T1rg4ZKdrdWZmZnh4uLCwkIvAyK9yhYWF3d3dTJ06LglKlb1j49cxc3NzFRUVTJsPaJflmJ0uLCzMYrFsdRQYRloJarV6ZWVFp9P19PT09fWdO3duq0JaXl5OTk622+1bFQBy6tQpo9H4448/Go3GhoaGrq4urVa73kZGRkYGSFZWVoin6uvra2trm5qaTCbTO++8o1Kpfv755009gs1htVq9vLw8PDy4aJz8KieRSKxWK22nTEuCXGXv4G11ADSmpqbGxsaOHTtGuwm2BEcn7boQK2FpaUmr1Y6Ojnp7e2MYVltbm52dvYmX0esyPT2dmJioUqm6urqIQh6PFxUVRfuAC0tLS+3t7RaLxcfHB8OwhISEhISEze2isrKytbX1+eefxzAsKyvr9u3bVVVVR48e3dxedgfaJbFnuXQd89lnn4WHh/v7+7/++uvz8/MYhs3Pz8tkMqvVum/fvsuXL5M3a2trRSLRxYsXH330UT8/vxMnTiwtLaF2BgYGjh49KhKJQkJCXnnllT/++IO2u46OjqSkJHd3d8rm8ePHL168iAqHhoY8PDxQMBiGnT59+uzZs+w7PP744+zVKWEMDAzEx8d7enoGBga++uqrt27dYipEl94XLlwIDAzcv3//l19+iWHYrVu3XnzxRZFIdPDgwa+//ppo9t69e6dPnw4MDHzsscc+/PBD4oYGbTlquaamJjw83NvbOyMjY2Zm5uzZs4GBgf7+/idPnrx37x6qvry8/Oabb4pEorCwsA8++OD+/fvkun5+fq+99hpxvCzhObaD/ffegtM4KX1NTU299NJLIpEoPDy8pqbG8UYHe5y0C8PT0/Ovv/5CCQbDMIPBEBwcjNphWniOs8YSG+0gMAkLC3vvvfcohSEhIdevX0cPfvvtN3KJ63744QcXd1hbW8MwjMejvmXMyMj4+OOPic34+PjLly9jLkwKxfz8vNlsPnLkCFHy3HPPjYyMYOuZPjKms4B2ppjWqiuYpp6M6dyhnNGUFz2WTmmXxJ7lPMdYrVadTtfX19ff3282m0tKSjAM8/HxGR0dFQqFNptNpVKRN48fP261Wvv7+wcHBwcHB7VabVVVFWpKoVCo1Wqj0djb23vkyBGBQEDbI9ONMoVCQdzNvHr16traGvE2obu7OyUlhX0HpVLJXp0Shlarzc3NnZ6e1uv1oaGh+fn5TIVolEZHR/V6fUtLCzoV8/PzxWLxyMhIZ2cn+cQoKCgwm81arbarq6ujo6OhoYG9HI1/b2+vTqczm81PPPGExWIZHh6+du3axMREaWkp2q28vHxxcXF4eLirq0uj0TQ2NqK6w8PDaO6MRiOxM0t4tO2QscRJ21d+fj6fzzcYDN3d3V999RXtjLPESUZ7y/TGjRvFxcXV1dWoHdqFxzRrTLExDUKgA9o4N4tarU5ISKDNTAMDAwkJCWq1Gm16e3unpKRkZmb+8ssvxNsODMPS09Pb29vR46mpKZ1Op1QqMdcmhcxqtQoEAuJtH4ZhYrF4YWGBeNaV6SNjWkW0M8W0Vl2ZDqapJ2M6dyhnNOVFz+kxgv/DWU1MTGAYtrCwgDb7+voiIiKIp4RCIXlPtImqGI1GVN7W1hYTE4Pj+OzsLI/Hs9lsjr0YjUaZTIYeW61WoVA4OzvruGk2m728vFALsbGxRUVF2dnZqEexWLyyssK+g9FoZK/OMg4GgyEoKIipEB0yETOO43a7XSAQkAfB19cXlQuFwvHxcVTe0dERFxfHUo5anpubQ+W9vb1ubm6Li4vEdERGRqLHAQEBVqsVPdbpdLGxsZS56+3tJeaOKTzadnDS5LLH6dgX6ojYn9wRgakuZYFRFgZiMpkiIiKuXLmCMy88CmLWWGKjHQTUHQX5KMjRbgqr1VpRUSGRSNLT08fGxlDh2NhYenq6RCKpqKgggsRxfGFhoaSkJCoqisfjRUZGlpWV2e32xcVFtPJxHG9oaEhNTWU/cMqIEZuORzc+Po5qsSwzpjFhWkUUaKZY1irtdLBMBPmEJe/DdO5QFhulItNj2p3ZB2R3c55jKImEmGCWHCMQCIjykZERqVSKHmdmZsrl8qKiourq6p9++onYx263m81m9Litre2FF14gnqJsyuXynp6e6enp0NDQubk5qVRqt9ubm5tffvllV3ZwWp1Mq9UmJiYGBwcHBARIJBJ04LSFjkvHbDZTBgHtaTab+Xw+UT42NoYWPVM5y/iTN2dnZzEMC/iXRCKRSqUsdZnCo22HHMZ646TsT3RExlSXUk5ZCUhcXFxdXR1RkWnh0c4aU2xMg8BuXS8fASTshSgepVLJ4/HQJo/HUyqVxNsORzabra+vLy4u7v3338dxPDMzEw1RYmJia2sry4HjzDnGZDKRxxbHcYPBgOJ0/SWCwLSKcLqZYlqrTCidOj1hXTl3aBuHHOOih/qZ/zfffHP9+nW9Xm82m4uKip555pn6+noMwx555JH9+/ejfdi/UZaSktLd3T0+Pq5QKHx8fORyuUajId/pYt/BaXUypVKZk5PT2NgoEAhMJlNycjJT4Zaz2Wxubm6Dg4PEHXk3Nzfyl4IepJ3NDPQBON4om5qaGh4e/vXXX53WXdessQyC492Yf/75Zx3H8C+dTudi4Z9//nnu3DmNRlNeXo5KysvLq6ur33rrrfLy8gMHDjhW8fDwiI+Pr6urU6lU58+fT09P//zzz1UqVX9/f1tb2waixTAM3SBaXV0lbpctLCyIxeKNtcZiXTPlynQ4bXCzzh3AiD0Fbew6BiPdsmhvb6e9ZaHT6UJDQymFdrs9ICCAuIimbOI43tfXFxsbm5qa2tnZieN4Q0NDQUFBUFAQcRnEvoPT6oTbt28T7xxRtL6+vrSFjkOBO9yMam9v3/C9MleuY3AcFwqFWq2WHANLXabwaNshN7XeOFFHExMTqJzpXpnT6xjHlYAKySVMC49p1lhiox0E/KHfK8vLyxMKhUVFRRaLhVxusVgKCwuFQmFeXh5RSL5vhuO4RqNB96xsNptEIrl06RJxsc5y4EzXMTiOBwcH9/T0EJt1dXUKhQLf0HUM0yqinSmWter0XpmLJ6zTc4e2HK5jXLTxHGO1Wnk8HnGbmNhEp3paWprJZNLr9XK5vKysDMfxkZGR5OTknp4ei8ViNBpzcnLQGkXQxyQajebQoUNEIWUTkUqlUqkU7W8ymcRisVwud30H9mfJHxdJpdKGhoa5ubmxsTGlUokOnLaQdukolUryIBDjlpOTk5qaajQa9Xr94cOHiVs9tOWu55i8vLy4uDh0jVhVVVVeXs5elyk8x3YoYaw3zrS0NKVSOTExodfro6OjiXJiqJnqLiws8Hi80dFRu91OuxIo88W08JhmjSU22kFgx8XLh0qlIjIBbY8qlQo9Hh0dlUqlTU1NZrN5bm4ODVdFRQV6Njs7WywWf/vtt0RdpgNnyTF1dXUymay7u9tisVy5ckUikWg0GtyFHGP7L7vdjjOfBbQzxbRWaRmNRvK9NdoGyUsLd+HcIZBf9AwGAxEJpVPy4ZNLyFX2jo3nGBzHy8rKvLy8WlpayJs1NTVCobCyslIqlfr6+r7xxhvoM+qVlZWysrKoqCg+ny+VSlUq1fT0NKWX4uLi0tJSon3KJpKdnZ2WlkZsxsTEUPZh34HlWcrBajSamJgYgUAQFBRUVFSEDpy2kHZFmkympKQkoVAYFRVVXV1Nzs25ubkBAQGhoaHog1mWctdzjM1mKywsDA0N9fLySklJGR8fZ6/LFJ5jO5Qw1hvn9PS0QqEQCoUymayystJxxFjqlpSUoAVGuxIcR4N24THNGlNsTIPAbsvfonZ2dh47dkwsFnt5eUVHRzc1NRFPtbe3C4VCYjRw5gOP+S/KC2JdXV1ERASfz5fL5ehOAO4sxzjeOGlsbMSZzwLamWJaq7RsNptAICDe+zJNPbG0cBfOHTLiRe+7776Ljo6m7ZR2ZHAcJ1fZO5zkmA14kJMtKirq2rVrTJtgq2zWCyh6u72Biq6shAcMcsOx7XS778ALCgocvx6yuWw2m0wma25udr1Txyp7xPb6O/8bN26wbIKdTqfTRUREbKDiQ1gJG45tp9t9B15dXU37BYpN5OHh0draSv49N6edOlbZI7ZXjgHb0Orqal9fX2ho6Maqnz9/Pjg4ODU1dXx8vLS0dAt/WMzRdo6NU7v7wN3d3Z9++mmue6FkC1c63YMJBsOcfa9sA7b8xjTYXGq1WiKRtLW1bay6RqM5fPgwn8+PjIy8dOnS5sZGtoGF99Bi22727IGDh28fjuObla4mJycPHTp09+7dzWoQAADAjrZd/sIOAADA7gM5BgAAAFec5xjXf2AcAAAAIHOeY1z/gXEAAACAzHmOMRgMiYmJSUlJGRkZN2/eRIU3b97MyMhITk5OTEw0GAwcBwkAAGBHcvV7ZXfu3Dl16tTVq1dXV1cxDHN3d1coFC0tLeh/uyKU75WRfxUV/R6qYwkAAIBdzKW/wdzAD4xjdL9VzvUf3wIAANhWnF/HnDlzprW1NTc3t7S01N/fnyifmZn56KOPmpubVSrVF198wXGcAAAAdh7nn8dYrVa9Xl9TU0NOMBiG+fv7f/rpp3q93mq1EoXLy8ubHyMAAICdCf7OHwAAAFc2M8cAAAAAZPB3/gAAALgCOQYAAABXIMcAAADgCuQYAAAAXIEcAwAAgCuQYwAAAHAFcgwAAACuQI4BAADAFcgxAAAAuAI5BgAAAFcgxwAAAOAK5BgAAABcgRwDAACAK5BjAAAAcAVyDAAAAK5AjgEAAMAVyDEAAAC4AjkGAAAAVyDHAAAA4Mr/ABXl2PVsCJMlAAAAAElFTkSuQmCC)
Screenshot: ![aardoomendejong.nl vulnerability](/twimages/screen-1200990.jpg)
Mirror: Click here to view the mirror
Coordinated Disclosure Timeline
Vulnerability Reported: |
18 June, 2020 21:15 GMT |
Vulnerability Verified: |
18 June, 2020 21:26 GMT |
Website Operator Notified: |
18 June, 2020 21:26 GMT |
a. Using the ISO 29147 guidelines |
![](/images/done.png) |
— |
— |
b. Using publicly available security contacts |
![](/images/done.png) |
c. Using Open Bug Bounty notification framework |
![](/images/done.png) |
d. Using security contacts provided by the researcher |
![](/images/done.png) |
Public Report Published |
|
[without any technical details]: |
18 June, 2020 21:26 GMT |
Vulnerability Fixed: |
24 July, 2020 23:43 GMT |
— |
— |