Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:
      a. verified the vulnerability and confirmed its existence;
      b. notified the website operator about its existence.
Affected Website: |
indianbackpackers.com |
Open Bug Bounty Program: |
Create your bounty program now. It’s open and free. |
Vulnerable Application: |
Custom Code |
Vulnerability Type: |
XSS (Cross Site Scripting) / CWE-79 |
CVSSv3 Score: |
6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N] |
Disclosure Standard: |
Coordinated Disclosure based on ISO 29147 guidelines |
Discovered and Reported by: |
xav0 |
Remediation Guide: |
OWASP XSS Prevention Cheat Sheet |
Export Vulnerability Data: |
Bugzilla Vulnerability Data |
JIRA Vulnerability Data [ Configuration ] |
|
Mantis Vulnerability Data |
|
Splunk Vulnerability Data |
|
XML Vulnerability Data [ XSD ] |
|
Vulnerable URL:
![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAAA3CAIAAABVZQ1/AAAACXBIWXMAAA7EAAAOxAGVKw4bAAAPfElEQVR4nO2dbUxT1xvAr1hZhdshpVTelJcQIMSwxjHWZegIGsdYY7oNncvYqNOwSpARwhgwszHMkCG4zS1kWdT4kmx+WAghxriFOVMZ8YV111oQOzRYoLCtVOquWKB4/x9uvLn/+9YL7UXF5/ep5/T0Oc/LOffpPW2fLiEIAgEAAAAACQh62AoAAAAAixbIMQAAAIBUQI4BAAAApAJyDAAAACAVkGMAAAAAqYAcAwAAAEjFI5FjEhMTr1y5wtcEFhMQXEkB9wKPGg8/x1y9evX+/fvPPPMMZxNYTEBwJQXcCzyC+Mgxt27dUigUnE+53e59+/bxNcXT0dGxefNmRlNgXgFVw8PDhXX2KWF+Lwy4kIcifAGgx/r27dvbt2+PjIyMjY396KOPZmZmxMt53P3Aif9GMbaSdDr43OyUHGpXLiRirJj39WpRrj1Jmf99zMTERENDA19TPJw5Jj4+3ul0zk8xf14LSAo91gaDYXp6GsOws2fPdnd3f/LJJ+LlQIg58T/HiHTsvDf7wiDGikfchMXEQz4rGx0dtdlsOTk57OZTTz01b7H+vBaQCHpw7927Zzabv//++9jY2NTU1AMHDvz0009zkrb4QiyTyVJSUub9csZWmjcBcSxli59GzZvFtzweX0TlmK+//joxMTEiIuKdd95xu90Igrjd7oSEBBzHlyxZcuzYMXrzwIEDCoVi//79K1euDA8PLyoqunfvHp/kjo6OTZs2LVu2jNGk32srFIqWlpbExMTw8PC3336bVIBkZGTk5ZdfVigUqampP/zwA9lJv5m9fPnyCy+8sHz58sjIyC1btoyMjPiU+cUXX7A155SDIMjs7GxNTc3KlStDQ0O3bNkyPj5Ot663tzciIuL8+fPUpJxu8V84giBTU1M7duxQKBTx8fGffvrp7OwsNem+ffsiIyOjo6MPHz5MTrdu3TqFQhEbG/vGG29cu3aNERS+ee/evfv+++9HRkauWrXqs88+m52dpXsyNDT0zTffHB8f//DDDyMjIyMiIrZv33737l3OWC9fvnxoaCg0NJR8amBgICYmhs9FbCvoIebTltMhnPB5aU4rZ3R09NVXX1UoFImJiS0tLdQBkXg1YmNj//jjD6r5888/843kHEB3L2eI2Y4SdixfOBh7n1NVypbY2NiLFy+KtIg+RqQJiODy8McEhH9jAnPCd47BcRzDsO7u7kuXLjkcjurqagRBwsLC+vv7URT1eDyFhYX05muvvYbj+KVLl3p6enp6esxmc1NTE59wzoMytgIWi4VUwG6319bWUk+VlpY+/fTTfX19p0+fpnIMHbPZXFxcPDY2ZrVa4+LiSktLhWXiON7zALrmfHKampo6Ozs7OzttNltMTExfXx81tdvtfv311xsbG9etW0cJ53RLQITX19dPTk5aLJYzZ86YTKbvvvuOmrS/v99qtR49ejQ7OxtBEJ1OZzAY7HZ7V1dXdna2XC5nOI1v3rKyMofDYTabz5w509HR0draijxYHl1dXRiGORyOtLQ0p9NpsVguXLgwODhIDxbfSc7169crKyubm5sFXMS2wqe2fA7hhC1/riuntLQ0ODh4YGCgs7Pz+PHjlGQ+NSJZMFQyGAwbNmygZx2Ky5cvb9iwwWAw0Dvp7uUMMaejBBzLFw7G3hdWVaRFbKPEmyBshT8m8K0BYG4QggwODiIIcufOHbLZ3d2dlJREPYWiKH0k2SRfYrfbyf62trbMzEzysd1uT0hIoF6C4ziKoi6Xi91kSKMU6OrqohTwer1yuZw+0YoVK9iKUQwMDERFRQnIFNCcUw5BEGq12mw2MzxGzp6fn19SUsLwpETCCYJQqVQ4jpOPMQzLysqiJqU8TBCEy+WSyWQej4c9NQV7XoIgvF4viqI3b94kmx0dHVqtlpQ/MTFBdnZ1dQUFBU1OTpLN7u7u5ORk8jEj1hTDw8NJSUknT54UcBHbCnqIObXlcwgnbPkMfK4ccilSzqGWooAawywYk+I43tDQoFQqt27darPZyE6bzbZ161alUtnQ0ECJJf7fvXwh5lxOAo4VWLGMLcapKhu+YWyjxJsgbEUATaCvAc7LC8CH7xzDSCTU5hHIMXK5nOrv6+tTq9XkY6/X63A4qKfa2tpyc3M5m3RpfAo4HA7GROwcYzabN27cGBMTo1KplEolZxKiZApozilnYmJCJpN5vV62x2pra4OCgo4cOULvl064y+VCEET1AKVSSQrn3A/btm3TaDQVFRXNzc3nzp1jPMs5L+nt4OBgqmmz2aKiogSiw2gyYk2h1WoPHjwo7CK2FVQPn7Z8DuGE00tzWjkM51BLcU5qcOJyufR6vUwmI5symUyv11NJnYLhXnaIBZYTX4/AiuX0GENVkRbxGSXSBGEr/DRBzBoAfLKgn/kvXbo0Ojqaaoo5KPMTvV6/fv16k8mEYdjp06elkLN06VLG4MnJyba2tpMnT1ZXV9M/6ZFOuMfjCQoK6unpwTAMwzCLxYJhGN90P/7446FDhzIyMqanpysqKnbv3s0ew57XTziDOzo6arFYOBWYE2xt5+QQTgKycgTU8HlWhiDIjRs3SktLTSZTfX092VNfX28ymUpKSm7cuEEfyXAvX4gDHlYBVcUP4zTqUTAhUFePJx3hFDS/+xiEdn/a3t7OeSjk9XpVKhV1vMBoirmPYZyVtbe3M95o/PPPP/S3SxiG+byP4dScTw5BEGq1GsMwhsdkMllfXx9BEDqdrrS0lOqXTjhBECiKch4jCL/nwjAsLi6O0cmel+A/KxNzH8MILl0mvZPPRcJvtzm1JXgcwglb/lxXDrkUBwcHyX76WRmfGj7PyoxGI4qiFRUVTqeT3u90OsvLy1EUNRqNZA+feynlyRBzLifh+xi+jcx4IZ+qIi3iNEqkCcJW+GOCyDUA+GT+OQbHcZlMRp1dUk0yrgUFBcPDw1arVaPR1NXVURKoM1aTybRmzRqqn9EUk2MIgtDr9fSJ2ItArVa3trZOTEzYbDa9Xi8mx3BqzimHIIiGhoasrCyLxTI8PEy+CaIL7+/vl8vlFotFauEEQRiNRq1Wa7VaHQ5HU1NTfX0921KCIPr6+vLy8s6ePet0Ou12+86dO3U6HT0unPOS/Tt37ty8ebPdbrdarWvXrj148KDIHMMILh36vHwuEr4U8mnL6RBOOK8ac1o5BEEUFBTo9frBwUGr1ZqRkUH1i1eDQWFhIZW0OHUuLCwkHzPcyxdi4eXEdoXAimXsfWFVRVpEN0q8CYSIHDNvEzjXwJ07d2QyWX9/P/vUDuBk/jmGIIi6urqQkJCjR4/Smy0tLSiKNjY2qtXqFStWvPvuu9SHwHRplZWVtbW1lChGU2SOGR4e3rRpE4qiKSkpzc3N7AuByWTKzMyUy+VRUVEVFRU+cwyKok1NTWzNOeUQBOH1equqqlQqlVwu1+v1TqeTIbysrGz9+vWUcE63+C+cIAiPx1NeXh4XFxcSEpKfn0++q2Vvv+np6bq6upSUlODgYLVaXVhYODY2xhjGnpfsx3G8uLhYpVLFxcXV1dV5vV6ROYYRXIHxnC4SvhTyacvpEE44c8ycVg5BEGNjYzqdDkXRhISExsZGql+8GvOG4V7OEBMilhPByjF8K5Zg7f3AIt4EwleO8ccEvo1ZXV0tne2LDx85Zh6IvJdMSUm5cOECX3Px8STfYosM7qJxUX9//1w/2/cHifbOIgjHIjBhESBbuE9+/p/r168LNIHFxJMWXAzDkpKSFmy6J829wOOFVN8ru3Llyq5duwQGzMzMvPXWW3///bdIgVC0HPAT9le5SP777z//he/du/fw4cP//vvvxYsXa2trjUaj/zIBYBEg1X2MwWDYtm2bwIBly5YFBwdXVlaeOHHCpzQoWg74D9/XlwNSRjcnJ6e8vLykpGT16tVlZWVFRUX+ywSARcASgiACIsjtdre2ttbU1CAIMj4+rlarJycnqcp0U1NTBoPh1KlT9PeMf/75Z35+/ujoqE/hn3/++djY2DfffOOPhrdu3VqzZo3wm1a6FQAAAICfBOysjF4rG8fxkJAQeoLJy8vzer2MlyiVShzHxQgPyM8zoeI3AADAArMQv/MfGxvbuHEjWfRwHgSqaDkCFb8BAAAWFt85hl2cnF1Mm10rm058fPzHH38sXif/i5YjUlb8BgAAAETiO8dwFidnFNNm18qeHwEsWs5Wki4zsEXLAQAAAG58/oKGXZx8kKsWOvsXwgw5wj8qDmzRcuJBGQmpK34DAAAAAvj47vLt27edTmdCQgLZvH//vkwmQxAERVHqn/4CQnp6uk6nu3nzZlhYGL3/l19+ycrKIucKDw8vKCjQarW5ubkxMTGZmZkvvfSS2+12uVwZGRlsmQJKyuXyVatWkY/T0tLsdjvnsNDQ0JqaGqPR+N5776Wnp8/MzPhlJAAAwBOGj7My/2uki+RxL1oOAAAAsPGRY6Kjo0NCQlwuV+wD6H8AE0BqampsNptardZoNFSBgNnZ2VOnTjG+tfzss88WFRXV1NQcOXKkvb09LCxMqVTOtQSAx+MZGhoiH9tsttWrV3MO27Vrl0ajiYqKstls8KMZAACAueL7M//CwsKSkpLe3t7R0dH9+/fv3buXc5hKpfJ4PH/99ReCIEFBQexfw7Dxer3kyRtJRETEl19+abVaqR/NdHd3R0VFJSYmks1r16698sorv/322/j4+NDQ0LfffqvRaBAEKS8vLy4uvnr16sjIyO7du8+fP+9zagRBKioqRkZGent76+rqdDod2woEQXAct1qtLS0tERERYmQCAAAAdHznmK+++kqr1ebl5SUnJ587d47va2OhoaF79uzRaDTHjh1Tq9UIglBXaj4wDGPfQMTHx1PVZRgHZcnJyVqt1mg0kh/GeDyeQ4cOIQhSVVWVk5OTm5ubnJw8PDycnp7u0ygURTMzM9euXZudnZ2RkVFVVcW2AkGQEydOxMfH+5QGAAAAcBKwWjIMPvjgA6vV+uuvv/INmJqaSktL27Nnz44dO/jGpKamHj9+/Pnnnw+sbmKKygAAAAD+I1WOmZmZwTDsueeeExjz+++/v/jii1LMLgzkGAAAgIVBqhzzKAM5BgAAYGFYiHplAAAAwJPJk3gfAwAAACwMcB8DAAAASAXkGAAAAEAqIMcAAAAAUgE5BgAAAJAKyDEAAACAVECOAQAAAKQCcgwAAAAgFZBjAAAAAKmAHAMAAABIBeQYAAAAQCogxwAAAABSATkGAAAAkArIMQAAAIBUQI4BAAAApAJyDAAAACAV/wOHJ/uZvfXYFgAAAABJRU5ErkJggg==)
Screenshot: ![indianbackpackers.com vulnerability](/twimages/screen-1205380.jpg)
Mirror: Click here to view the mirror
Coordinated Disclosure Timeline
Vulnerability Reported: |
24 June, 2020 09:31 GMT |
Vulnerability Verified: |
24 June, 2020 09:40 GMT |
Website Operator Notified: |
24 June, 2020 09:40 GMT |
a. Using the ISO 29147 guidelines |
![](/images/done.png) |
— |
— |
b. Using publicly available security contacts |
![](/images/done.png) |
c. Using Open Bug Bounty notification framework |
![](/images/done.png) |
d. Using security contacts provided by the researcher |
![](/images/done.png) |
Public Report Published |
|
[without any technical details]: |
24 June, 2020 09:40 GMT |
Vulnerability Fixed: |
4 August, 2020 20:10 GMT |
— |
— |