Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:
      a. verified the vulnerability and confirmed its existence;
      b. notified the website operator about its existence.
Affected Website: |
napoleongames.jobs |
Open Bug Bounty Program: |
Create your bounty program now. It’s open and free. |
Vulnerable Application: |
Custom Code |
Vulnerability Type: |
XSS (Cross Site Scripting) / CWE-79 |
CVSSv3 Score: |
6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N] |
Disclosure Standard: |
Coordinated Disclosure based on ISO 29147 guidelines |
Discovered and Reported by: |
MeneerKrabs |
Remediation Guide: |
OWASP XSS Prevention Cheat Sheet |
Export Vulnerability Data: |
Bugzilla Vulnerability Data |
JIRA Vulnerability Data [ Configuration ] |
|
Mantis Vulnerability Data |
|
Splunk Vulnerability Data |
|
XML Vulnerability Data [ XSD ] |
|
Vulnerable URL:
![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAAA3CAIAAABVZQ1/AAAACXBIWXMAAA7EAAAOxAGVKw4bAAAQH0lEQVR4nO2cf0zcZB/AOzzggHKMn/IzHAxvC1kQFySgTOcgSPBCmCIIno4hYcwgEsImYoIICozBnGCQkJkwQ3QxhhCyIC6EP048J7DzwAsyhgROdiAeP9fBATf6/tH3bfr22l4HFBh8P3/d8/Tp83x/td/2214P4DiOAAAAAIAAWO20AAAAAMCeBXIMAAAAIBSQYwAAAAChgBwDAAAACAXkGAAAAEAoIMcAAAAAQrF7c0xAQEB/fz9bE9i3QCQA3PT39587d07oVdbW1lJTU//55x+ei9LG7x92aY75448/1tfXn376acYmsG+BSAAskp6eLpVKhV7F2traxsamoKCA56K08fsHCzlmfHzc0dGRcdPCwkJFRQVbc5O0tbUlJCSwNR93OKy6l+BWc2NGoEbC3NzcmTNn3N3dfXx8Pvjgg7W1tY3LujlWVlZSU1Op6pDajY+POzs7I8I7/f79+++//76/v7+dnd3hw4cvXrz48OHDDcxz+vTpZyk8//zz5Ka6urpDhw7Z2to+88wzP/74I5/ZhNCaNCkjMzMzAwMDeXl5QkhFO8vl5eV1dnYyLmoeEtTx+4qN38fMz8+Xl5ezNTfJ3s4x+wR/f3+DwbC1c1IjIT09fXV1VaPRdHV1qVSq4uLirV2LJysrK3FxcSaTaUdWJ8nIyNDpdDdv3tTpdPX19R0dHWq1egPzDA4O9lJYXV0l+uvq6i5fvtzY2DgxMXHhwgWFQvHzzz9vqQZbA4Zh9vb2tra2QkxOO8u5uLhgGGa+KFtIkOP3FaKdFoCBycnJ4eHhEydOMDaBx4itPdSpkbC8vKxWq4eGhhwcHBAEuXz5clpa2hbeSfNnamoqJiZGoVB0dHSQnSKRSCaTMf4QguXl5dbWVoPB4OTkhCBIdHR0dHT01i5RWVnZ3Nz80ksvIQiSmpo6PT1dVVV1/PjxrV1lb8AYEvsWXvcxX3zxRUBAgKur61tvvbWwsIAgyMLCglQqxTDswIED165dozYvX77s6Oh46dKlJ5980tnZ+fTp08vLy8Q8vb29x48fd3R09PHxee211/7880/G5dra2mJjY62trWnNU6dOXbp0iejs7++3tbUlhEEQ5OzZs+fPn+ce8NRTT3HvTpWBuJuuqakJCAhwdnZ+8803ycG9vb2RkZF2dnbu7u6vv/76vXv3yPGMWj948ODs2bPu7u5+fn6ffPIJYwVjZWXlnXfecXR09Pf3//jjj4kxjDtyCDY5OfnKK684OjoGBATU1NSQ9QQOgYl5HBwcUlJSZmZmzp8/7+7u7urqeubMmQcPHnDIxsebZEWCwwIXL17kHyfUwLCzs/v777+JBIMgyMjIiLe3N4cXGI3AZjE2lRnx9/f/6KOPaJ0+Pj63b98mfvz222/UHv789NNPPMesr68jCCISMVwypqSkfPbZZ2QzMjLy2rVrCLvujCwsLOj1+qioKLLnhRdeGBwcRDgDkgO2kGB0E4Ig9+7de/nllx0dHQ8fPvztt99anJ+EbUIqjO4m9KqoqHB3d/fy8vr6669pJz2ORRlDYt9iOcdgGKbRaFQqVU9Pj16vLywsRBDEyclpaGgIRVGj0ahQKKjNU6dOYRjW09PT19fX19enVqurqqqIqeRyeXp6uk6n6+7ujoqKEovFjCuyFcrkcjlZzbxx48b6+jp5mdDZ2RkfH889IDExkXt3c8UHBgYIxXU6XVFREdGvVquzsrKmpqa0Wq2vr29OTg45nlHr3NxcvV6vVqs7Ojra2trq6+vNVS4tLV1aWhoYGOjo6FAqlQ0NDRw7sgmWk5NjY2MzMjLS2dn5zTffkJNzCKzRaLq7uzUajV6vP3LkiMFgGBgYuHXr1tjYGDkto2z8vcmtSN//4BMnbCXTO3fuFBQUVFdXc3iB0QhsFmNT2d0MNpW3hPT09OjoaLbM1NvbGx0dnZ6ejiCIg4NDfHz8G2+88csvv5AXBwTJycmtra3E78nJSY1Gk5iYiLDrzgiGYWKxmLzsQxBEIpEsLi6SWxkDkgO2kGCL1ZycHIlEMjg42N7eTs0xFj3CNiEVNndjGDY0NKTVapuamqKiomgnPYs6Av8F52RsbAxBkMXFRaKpUqkCAwPJTSiKUkcSTWIXnU5H9Le0tISFheE4Pjs7KxKJjEaj+So6nU4qlRK/MQxDUXR2dta8qdfr7e3tiRnCw8Pz8/PT0tKIFSUSyerqKvcAnU7HvTuH4t3d3aTiVEZGRjw9PTm0NplMKIqOjo4S/W1tbRERETTT4Tju5uaGYRjxW6PRhIeHM+7IIZjJZBKLxeT4lpaWgwcPWhR4fn6enMfKymppaYloqlSqoKAgNtlwTm9SbYiiKLci/OOEFhgkExMTgYGB169f55iT0QgcFmNUmViLBk1ZDmtsAAzDysvLXVxckpOTh4eHyf7h4eHk5GQXF5fy8nJSzsXFxcLCQplMJhKJgoKCSkpKTCYTjuNLS0tE8OM4Xl9fn5CQgHNGC81iRNNcu9HRUWIX7iOF0SxsIUGDjFVCWqpbSWnNPcLhCGrwU8cwupvQixZvHCc980XNO4UIkt2P5ecxKIqSb0d4e3vPzs5a3EUsFvv5+RG/jxw5otPpEARxdnZOSkqKiIg4efKkt7d3WFjYiy++SE6rUqmI3zdv3gwPDyfv3KlNLy8vmUymUqmCg4P1en1xcbFMJnv48GFnZ2dMTIy1tTX3AD8/P+7dORT39fUlFf/9998vXLgwODi4urq6vr5OlCnYtJ6enl5dXQ0ICCD7idilMjc3ZzAYyBcf19fXRSIRx46Mgk1PT6+vr1PHk/OzCYyiKFG+J+aRSCR2dnakR4jH9YyycXuTBocijxQntMAgSUpKysvLS0lJ4ZiT0QhsFmNTGUEQHx8fRh03APWK+99//2XscXBw+PDDD7OzszMyMoKDg8kX54KDg+Vy+ejoKOk+BEGIwk5FRcXKyoparc7PzzeZTGVlZXZ2dvHx8a2tre+9915LSwtx38MRLYyIRCLaE2yqWdiOFDY4QoIxVqenpxEEobqVnMrcI+Pj49QmW/CTcLgbRVHuEiLAh2195v/dd9/dvn1bq9Xq9fr8/Pznnnuurq4OQZAnnnjCy8uLGMP9Rll8fHxnZ+fo6KhcLndycgoNDVUqldRKF/cAi7vzITExMTMzs6GhQSwWT0xMxMXFbdIsRqPRysqqr6+PDG4rq63839JmBOaQjc2bm4dxZsZC2eTk5MDAwK+//mpxTv5G4FDZvBRDJIMNoNFoLPYgCPLXX38VFxcrlcrS0lKys7S0tLq6+t133y0tLT106BBtF1tb28jIyNraWoVCUVZWhiBIcnLyl19+qVAoenp6WlpaNiAtUSBaW1sjL8UWFxclEskGpuLmUWPV3CN9fX2PNKHQRx9guVZGuzck71J51spaW1sZ6xUajcbX15fWaTKZ3NzcyJtoWhPHcZVKFR4enpCQ0N7ejuN4fX19bm6up6enXq/nM8Di7hYVn56eFolEVC2oFQNzrXnWylAUVavVNFOwlZgYBSPqCWNjY0Q/WU/gEJjNs7SmuWzmMHrzkWpl3HFiHgmklaidbHMyGoHNYhwqb3OtLDs7G0XR/Px8g8FA22QwGPLy8lAUzc7OJnrIag+BUqkka1ZGo9HFxeXKlSuvvvoq0cOhO2OtDMdxb2/vrq4usr+2tlYul+M8Aol/rYwtVmm1stbWVp61Mp7Bz+huPuUvqJXxYeM5BsMwkUhElonJJnGcJyUlTUxMaLXa0NDQkpISHMcHBwfj4uK6uroMBoNOp8vMzCRilICovyuVyqNHj5KdtCaBh4eHh4cHMX5iYkIikYSGhvIfwL2VfAzAobiHh0d9ff38/Pzw8HBiYiI1x5hrjeN4ZmZmQkKCTqfTarXHjh2rra1dXFwUiURDQ0NExRzH8ezs7IiICOLKvaqqqrS0lHFHbsGSkpISExPHxsa0Wm1ISIhFgXnmGEbZ2LxJfY5CLsGmCP84YYwEmsu4vcBoBDaLMarMjRCnD4VCQaYBtkUVCgWO40NDQx4eHo2NjXq9fn5+njBXeXk5OTItLU0ikXz//fdkD5vubDmmtrZWKpV2dnYaDIbr16+7uLgolUqcX44x/j8mk4kxJHAWN+E4npiYSHUr47NGAp1OJxaLySbjhLQDkNHdjA6lnfRGRkaICWmLUnWn9pDj9xUbzzE4jpeUlNjb2zc1NVGbNTU1KIpWVlZ6eHgcPHjw7bffJp4kr66ulpSUyGQyGxsbDw8PhUIxNTVFW6WgoKCoqIicn9YkSEtLS0pKIpthYWG0MdwDOLZSleVQXKlUhoWFicViT0/P/Px86inbXGscxzEMy8rKcnNz8/X1JZ/EFhYWUk1nNBrz8vJ8fX3t7e3j4+OJSzzGHTkEm5qaksvlKIpKpdLKyko+AjPOQ2syysboTbarPA5Fqqqq+MQJYyQwis3mBUYjsFmMUWVudvwStb29/cSJExKJxN7ePiQkpLGxkbq1tbUVRVHSGji77mH/D9W8tbW1gYGBNjY2oaGhRCUA5xFI5rWThoYGxpDAWdyE4/jExERsbCyKojKZrLq6muNMbTQaxWIxmQbYJqQegIzuZnMo9aT3ww8/hISEmC/KaBnq+H2FhRyzATZzsMlkslu3brE1dzM7foqhQVzY7qwMW2gTnpGwmRV3g8V2ij2me25u7smTJ4VexWg0SqXSq1ev8lyUNn7/sLv+53/nzh2OJsAfjUYTGBi401JsGdsQCXvMYo/EHtO9urqa8QWKrcXW1ra5uZn8npvFRWnj9w+7K8cAm6GsrMzb2zshIWF0dLSoqGinvt9FsLa2plKpfH19d1AGi+wqi20ze1h3a2vrZ599dhsWoiYMPovuwwSDIJbeK9sAu61qtD3sBq2VSuWxY8dsbGyCgoKuXLmys8Kkp6e7uLi0tLRs56KP6oVdZbFtZj/rDmwnB3Ac36p0NT4+fvTo0fv372/VhAAAAMBjDfzbCAAAABAKyDEAAACAUFjOMRY/MM7nC+QAAADAPsRyjuH4wDj16+IAAAAAQMNyjhkZGYmJiYmNjU1JSbl79y7Reffu3ZSUlLi4uJiYmJGREYGFBAAAAB5L+L5XNjc3l5GRcePGDeID49bW1nK5vKmpifp1cdp7ZXy+Xg4AAADsYXj9B9P8A+PcXxcn4Pn1cgAAAGCvYvk+5ty5c83NzVlZWUVFRa6urmT/zMzMp59+evXqVYVC8dVXXwksJwAAAPD4Yfl5DIZhWq22pqaGmmAQBHF1df3888+1Wi2GYWTnysrK1ssIAAAAPJ7A//wBAAAAodjKHAMAAAAAVOB//gAAAIBQQI4BAAAAhAJyDAAAACAUkGMAAAAAoYAcAwAAAAgF5BgAAABAKCDHAAAAAEIBOQYAAAAQCsgxAAAAgFBAjgEAAACEAnIMAAAAIBSQYwAAAAChgBwDAAAACAXkGAAAAEAoIMcAAAAAQgE5BgAAABAKyDEAAACAUECOAQAAAIQCcgwAAAAgFP8B46Bhd+IpQIEAAAAASUVORK5CYII=)
Screenshot: ![napoleongames.jobs vulnerability](/twimages/screen-1201070.jpg)
Mirror: Click here to view the mirror
Coordinated Disclosure Timeline
Vulnerability Reported: |
18 June, 2020 23:10 GMT |
Vulnerability Verified: |
18 June, 2020 23:21 GMT |
Website Operator Notified: |
18 June, 2020 23:21 GMT |
a. Using the ISO 29147 guidelines |
![](/images/done.png) |
— |
— |
b. Using publicly available security contacts |
![](/images/done.png) |
c. Using Open Bug Bounty notification framework |
![](/images/done.png) |
d. Using security contacts provided by the researcher |
![](/images/done.png) |
Public Report Published |
|
[without any technical details]: |
18 June, 2020 23:21 GMT |
Vulnerability Fixed: |
25 July, 2020 02:51 GMT |
— |
— |