logo
DATABASE RESOURCES PRICING ABOUT US

ooptuao.ru Cross Site Scripting vulnerability OBB-1205663

Description

Following coordinated and responsible vulnerability disclosure guidelines of the **[ISO 29147](<https://www.iso.org/standard/45170.html>)** standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence. Affected Website:| **[ooptuao.ru](<http://www.ooptuao.ru>) ** ---|--- Open Bug Bounty Program:| **Create your bounty program now**. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| **[XSS (Cross Site Scripting)](<https://www.owasp.org/index.php/Cross-site_Scripting_\(XSS\)>)** / CWE-79 CVSSv3 Score:| 6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N] Disclosure Standard:| Coordinated Disclosure based on **[ISO 29147](<https://www.iso.org/standard/45170.html>)** guidelines Discovered and Reported by:| **ELProfesor ** Remediation Guide:| **[OWASP XSS Prevention Cheat Sheet](<https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.md>)** Export Vulnerability Data:| Bugzilla Vulnerability Data JIRA Vulnerability Data [ Configuration ] Mantis Vulnerability Data Splunk Vulnerability Data XML Vulnerability Data [ XSD ] Vulnerable URL: ![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAABLCAIAAAAphcDFAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAWRUlEQVR4nO2df0xT1/vH77BgVy8CXa0IVYE5ZohhhLBOMzQMjXOMkDqVMcbUqFFGHBKixJFNGTplqJ8wZghZ1KghblmcI8wYZwgzjSOKiJU1DDtU6GrtFBFdxypW7vePk93v3f1xetveS1t8Xn/1nHvuc57zPA89vafw5jmKoggAAAAAkIGwQDsAAAAATFhgjwEAAADkAvYYAAAAQC5gjwEAAADkAvYYAAAAQC5gjwEAAADkIij2mMTExGvXrgk1AZ8JxUj67HNAFgulKy1yBNAfm5BQ/wn8HvPrr7+OjY298sorvE3AZ0Ixkj77HJDFQulKixwB9McmJFQSPOwxAwMDkZGRvJcePny4d+9eoaZ4Wlpa8vLyhJohhM8RkIlQjKTPPnNvhNLlgolJMCBHAP2xGfwJDQ0oLP39/SRJirmEGYlHr9efO3dOqBlC+BwBmQjFSPrsM/dGKF0uwVaiLOQIoD82gz+hIUGAz8ru3LljsViysrJ4m4DPhGIkffY5IIuF0pUWOQLoj01IqFSI2mO+/PLLxMTEF1544YMPPnj48CFBEA8fPkxISHA6nc8999yxY8eYzf/973+RkZH79u2bPn16TEzMmjVr/vnnHyHLLS0tS5cuDQ8PZzWXL1++b98+1Hnt2rXJkyejeQmC2LRp00svvYS5um3bNvzt27ZtY/rw999/b9q0adq0aTNnzvzss8+ePn2K6UenDdzVsQLCOpQYGBiIiYlBry9fvrxgwYLnn39+2rRpq1atun37Nt4N2kJkZOTevXunTZs2Y8aMw4cPY6ZgBVZyZ1g8fvx4/fr1kZGRs2fP3rlzJz346dOnH3/88fTp06dMmbJq1ar79+/jLdM++7NYFl6VLp04MdXrW+mKKU6vqvfOnTtvv/12ZGRkYmLigQMHUFjwq/jiiy9Y/ULhxYedN7/MwT4nUcgyb7nKUVHc/AI+43mPcTqdJpOpvb29o6PDbrdv376dIIioqKje3l6SJF0uV1FREbO5fPlyp9PZ0dHR2dnZ2dnZ1dVVW1srZFzoRDs3N7e1tRV1nj59emxs7OzZs6jZ2tpqMBgwV3NycvC35+TkMH0oLS212+1dXV1nz55taWlpaGjA9/OujhUQTDy7uro2btzocDjMZrNOp9u8eTN+OmYient7zWbz0aNHMzMzMVNwAyu5M0yqq6tHRka6u7vPnj1rNBobGxtRf21tbWtra2trq8ViiYuL6+npwVtm+izJYr0tXZQ4kdXrW+mKKU6vqnfz5s0RERF9fX2tra3Hjx9nrp13FU6ns/Nf8D+bHuHNLxOfkyhkmbdc5agoAr6MkRD8UVp/fz9BEI8ePULN9vb2pKQk+hLvoTa6xWq1ov5Tp05lZGSg11arNSEhgb7F6XSSJDk0NMRt2u12lUrlcrkoitLr9eXl5YWFhcj41KlTrVYr5uro6Cj+9tHRUdoHt9tNkuTNmzdRs6WlZf78+Zh+zOqYAeEGJzo6mhvevr6+2NhYzHSsRNCxwk/BCqzkzrDQaDROpxO9NplMer0evdZqtV1dXcyRGMtMn/1ZLHOMt6VLia5en0tXTHF6Vb1KpZKO56lTp1BYhFaB6ecNL75yuPnlxt+3JOItI1C5ylFRXH8Af1B43IRIkqQfKuPi4oaGhjzeolQqZ86ciV7PnTvXarXSt7e3t9PDzp07p9fr6UdUZnPGjBnJycnt7e0pKSl2u33Hjh3JyclPnz5tbW1dsmTJzJkzMVfDw8PxtzOff+/evTs6OpqYmEh7i8pRqB+zOpFcvXq1oqKip6dndHR0bGxsbGwMPx0NSZKsx3khWIGVwxmaBw8eDA4OJiQkoObY2JhCoSAI4uHDh0NDQ6mpqczBGMssnyVZrA+lS4irXp9LV0xxelW9Y2NjzHh6XIWf1UvDm18WviURY5lbrnJUFPdewB887zESMmnSpBkzZtBN/K9+5uTktLa23rx5Mzc3NyoqKi0tzWg00mcF+KtiBgQKg8GwYcOGxsZGpVJps9mWLVsm+RTiH/P9d8blcoWFhXV2dqKthSCIsLD/P4CdNGmS5D5LdaO3MKvXn9KVZECQID6/eLhJ5LXsVbnCby0HCbL8XpnL5frjjz/Qa4vFMmvWLO6Yp0+fnj59mk4kq0n8e65NJ9tgMDQ3N58/fx79mOGvihmA0Gq1ERERt27dQs3e3l70kVyoX+Tq1Gr1yMjIX3/9hZo2mw29uHfvnt1u//TTT1988cX4+HilUol3A4PQFNxIyurMjBkzVCrV0NBQ/L+gN+KoqCi1Ws36G2khy1yffV6s/3jMr5+lK8kAhFarDQsLGxgYQM3e3l6Pq+DtFwqvUD8hkF88IpMoZJm3XCWvKDH3At6BP0rDH6EqFAqLxcJqomfVlStX2mw2s9mclpZWVVVFW0CnzBRFGY3GefPm0f2sJkKr1Wq1WnSLzWabOnVqWlqayKseB9CebNiwIS8vz2q1ms3m9PT0+vp6TD9mdayA6PX6DRs2OBwOi8WSmZlJx02r1TY0NAwPD1ssFoPBQPfzTkc7yfuXDbxT8EZSEmeEKC4unj9/vtlsttvttbW11dXVqH/Pnj16vb67u9tms23evNloNApZZvns52J5jYgpXQqbX+rfdPhfun4OoKuCoqiVK1caDIb+/n6z2Zyamsr8Poa7CszqhCpEqJ8SyK8kFctrmRIoV2krSiihgM/4vsdQFFVVVaVSqY4ePcpsHjhwgCTJmpoarVYbHR29evXqkZERrrWtW7dWVlbSplhNRGFh4cqVK+lmRkYGcwz+Kn4A0xOn07lx40aNRqPT6aqqqtxuN6Yf3ci7OlZA+vr6srOzSZJMSUmpr69nVnBGRoZSqYyNjS0vL2e+8bGmw/wSAYJ3Ct5I+u8MJYzL5SorK9PpdCqVKicnh/4C1u12V1RUaDQapVJpMBgGBweFLLN89nOxvEbElO7Ro0cx+aUN+l+6/gxgrcvhcOTm5pIkmZCQUFNTw/yunrsK1F9bW8tdnVCFCPVTfPmVqmJ5K4cSKFdpK4rXH8AfPOwxPiDyb4mTk5MvXrwo1AxagvwvpanQiSQTn32WfLFi8hu0pdvb26vVaqlQqFImcgTQH5vBk9CJwbh+58/k+vXrmCbgM6EYSZ99Dshig7Z0TSZTUlJSoL3wGjkC6I/N4EnoxCDwussECKRLjeQBTExMjImJmcYH/a3puDkjhmenonbt2nX48OF79+5dunSpsrKyuLhYjlmCSnJ/AmdzQhKw5xgaEEiXFskDiAyazWbeq3gdX5Dcl5usrKyysrKSkpJZs2aVlpauWbNG8imCSnJ/YmdzQiK9tv/s2bM9frZlEnIC6UGO5AFEBuMF8NaZIJfc97Z6/cdPvf2FCxdeuXLl8ePHv//++5YtW1CntKsIKsl9eH8IPfBf14BAOovg/zZV8gBKq44OFcXiGawof2wGeTYBLqDtP6GQPIAhp44OFSUtQSW5D9kMRUDbX151dPwladXRWfHkNe6tmD/3fwRMSMl9qCiuKW48Jakopk0JKwoIWkDbf+KooxMiBNK9FfNnJWiiSu5DRQkheUWxbMrxHyuA4AJ/lPYsaPvLqo6OvyShOjo3nh4F0j2K+XP/R4B4f0JLch8qimuKG0//K4qS4Z84AEEOaPtPEHV0QpxAuldi/lyF84kquQ8VxYvkFUXI808cgGAGtP0DjFTq6IQ4gfSJp44uleQ+VBQXySuK16bPzgAhAWj7y6uOjrkkoTo6N4C8xr0S8xejcD6RJPehogiZK4prU7w/oLcfwuCP0p4FbX+51dExl6RSR+cNIK9x8WL+XIMTXnIfKkrWiuLalKSigCDH9+eYKVOmfPLJJ2lpaceOHWM2v//+e5IkMzIy0tPTMzMzU1NTKyoq0C0DAwMajQa9FvPH2EuWLFm0aNHkyZMJgoiPj09OTmZ+ZsRfxQ9genLw4EG32z1v3rzc3NzCwkL6dqFVkCSp1+u5/SdOnLh58+acOXMMBkN+fj7TE6FLFRUVWVlZ2dnZc+bMsdlsKSkpTMd4ETLFDSDXOEEQJ0+ePHLkSGxs7KJFi5j6iXV1dbGxsenp6cuWLcvLyyspKRF5NMHrj2/HGkIVhZoeiwoqigjuihJKihh/4KAshJF81wppbf8QVUenZAhgUKmjh67kPlSUJDaDJJuAD4C2/38IUXV0QoYAhpw6OlSUtASV5H6QZBPwAdD2Hyd19PFEDm1/nw0Gg7b/ODPxKkpWrl279uGHHwpdffLkyXvvvffnn3+Op0uAhAR+jwm4EntWVlZDQ4NOpysqKpJJHX08kUnb3zeDwaDtP/5MsIqSm7Vr16LfOuMlPDw8IiJi69at4+gRICWg7e+dOrqfSuzjgEza/oF1xquiwkxKp48rzCUhdEWVlpbW1dVNmTLltdde6+vrk0RvX44K9C0aPnvCfOu4f/9+d3d3WVkZal6/fv2tt96KioqaPn36+vXrkShcWVkZLeQDhBy+P8cMDw/v2bNHqCmegO8xE4wJuccE/6Rcvvrqq7q6uiNHjlit1oqKioKCgl9++SXQTgUFzPcKp9OpUqnQr+oRBJGTk6PT6Xp7e7u6ulwuFzpmVKvVTqczYO4C/hHg/4MJSuzSAtr++EkVCkVycjLzhXzU1NQ0NTW98cYbBEGsWLFicHCwpqbmxx9/lHXSkAY9+a1btw49Hm3fvj3YNBQAHwBtf1BiJwiZtf3RsAMHDiQmJsbExLz//vt0Oh4/frx+/frIyMjZs2fv3LkTzSsmfZcvX164cGFkZGR8fPyKFSt+++031qS3bt2aMmXK1atXCYK4f/9+TEzMzz//HB8ff+XKFYIg4uPjL126hG756aefCE/QY7jzvvvuu59//jk9csGCBegnwm63M4WE161bd/DgQa5l3shjIiaEUAaFMn779u0333wzMjLy5ZdfPnHiBN64kBEmvKnk1gzrrYNpYfLkyVu2bEEV9eTJk6ampuzsbO5EYvIFBA+g7Q9K7AQhv7a/0+ns7u5GVWS1WisrK1F/dXX1yMhId3f32bNnjUZjY2Mj4Sn7tPTL2rVrrVbrhQsXMjMzaRUTetLExMTKykp00L9jx46cnBz0SMFl7dq1ixcvRnsPl8uXLy9evHjt2rWoyZ03Pz+/ubkZXb1z547JZDIYDE6nU6lUMrUyw8PDZ8+ezbUvFHmhiAkhZEco45s3b546dWpPT8+ZM2eYe8w0DhgjTHhTSXBqhvtfG7j88MMPKpWqo6Pj66+/5l7F5wsIOvB/PgPa/qxVPFNK7FJp+7Oq6MKFC3QVaTQap9OJXptMJr1eT3nK/ujo6NDQkEKhoCVShCIwOjo6d+7cqqoqjUbjcDiE4uB0Ovfs2aNWq/Pz82klG4qiLBZLfn6+Wq3es2cPcpJ33pGREVSTFEU1NDTk5eWxIrN161aNRqPRaOhV0whFHhMx3r/lxGjpM2FmXKlUMsuYTpyNg5ARlie8qeTWDOtG3uWMjIwg8ZjGxkbuGKF8AcGJ73plmD1GqVTS/T09PejvnCmKcrvddrudvnTq1Kns7GyhZlpaWltbm8Ph0Ol0w8PDWq3W7XYfOnTonXfe8XhVzACE3W6PiIhgekvvMbyrwPR7u8cMDw8rFAq3280bee6N+FlYARQy3tXVtWTJkri4OI1Go1ar0e2sIFgsFvQmwsqIV/4w7xUahlT9Nf+iVqvpUvGYvoKCgrS0tPLy8v37958/f547KQI9DyGxLDxDQ0MGg0GhUNA9CoXCYDAMDw8zh/HOW1BQgKZYsmRJU1MTRVE2m42uk+HhYZvNdvHiRWayEEKRF19OeDuUcMZZZcz1jQmvEaYnQqnk9dbjHoM4c+ZMenq60BhuvoDgZFz/PsYHbf/Tp09jlNiFrooZECSMvxL7okWLjEajyWQ6c+aMtwb9cYaLy+UKCwvr7Ow0mUwmk6m7u9tkMqFLHtP3zTffHDp0KDU1dXR0tLy8/KOPPuKd1OFwhIWFORwOvCc3btxAIo/V1dV0Z3V1tdFoLCkpuXHjBt3JOy86Lnvw4EFHRwdyAJ0FPXnyhCCIqKio+Pj4iIgIlUolLnhS4lXGCYGzMo9GMKkUz5MnTy5fvkw3k5KS7HY770jefAFBCn4L8u05hmCcJjU3N9NnZUzcbrdGo6Gf7llNiqLa29v1en1eXt6ZM2coimpoaCgtLY2NjUVPQvirYgbQ8yqVyv7+ftQUOiujVyHU/+jRo7CwMObhBh0ozCWtVmsymUQGH2+KG0Cu8bt37zI/95lMJnQ770kL16B4f1j3YqqIJEneAz2R6aMXotPpuA4PDw/HxsZ+++23arW6p6eHeyOiuLiYJMny8vLBwUHWpcHBwbKyMpIki4uLhealKMrlcqnV6rq6OuZTclxcHP2gQ1HU/v37ly1bxrKAOSvz6jlGyA4m48yzsubmZsxZmZARlie8qfTqOcblcikUCvpgraWlhT5wYxrB5AsIQkDbH5TYKUpmbX9MFRUXF8+fP99sNtvt9tra2urqajHp6+npWbZsWVtb2+DgoNVq3bBhQ25uLtfhkpKS/Px8iqJ2796dlZVFCVBUVER/yOClv7+/qKhIaF40prCwcOrUqd999x19V319fVJSUltb2927d5uamtRqdXt7O9c4rwa+xz3G9V/cbjevHUo44waDgVnG+LMyXiOPHj1SKBS9vb3oSJY3lbw1w3zrsFqtzFO73NzcgoICm81mMplSUlIaGhooiurr62O65zFfQFDh+x5DUVRVVZVKpTp69CizeeDAAZIka2pqtFptdHT06tWrR0ZGuNa2bt1aWVlJm2I1EYWFhStXrqSbGRkZzDH4q/gBTE8cDkdubi5JkgkJCTU1NczPaNxVoP7a2lru6vr6+rKzs0mSTElJqa+vZwZK6JLb7a6oqNBoNEql0mAwDA4OejyqFjLFDSDXOEVRRqMxIyNDqVTGxsaWl5czPzFs3LhRo9HodLqqqiq32801KN4f1r2YKnK5XGVlZTqdTqVS5eTkMJ9CMOkbHR2tqqpKTk6OiIjQarVFRUUOh4M1aWdnJ0mS6KO6y+VKSEg4fvw45R+886JLzc3NJEnSxYCor69PSEiIiIhIT09va2vjtcmNPOVpj+GeRjQ2NvLaoYQzbrPZli5dSpJkcnLy/v378XuMkJHt27fT7wC8qRT6uoV+63C5XEqlkv6oevfu3YKCgujoaJ1Ot3v3btR58uTJ1NRUjHtAMAPa/v8BlNglMRiQbAZJCQHeUlpayvpNDSbo88GhQ4fG0yVAQkDb/z+AErskBoNB2x8IFfbv34/5BYHJkyc3NTW9/vrr4+kSICEB1pIJBnbt2hUXF5eXl3fz5s3KysodO3YE2iMAeIYIDw9/9dVXMQNggwlpAq/tH3BAiR0AAEAmnqMoKtA+AAAAABMTeI4BAAAA5AL2GAAAAEAuYI8BAAAA5AL2GAAAAEAuYI8BAAAA5AL2GAAAAEAuYI8BAAAA5AL2GAAAAEAuYI8BAAAA5AL2GAAAAEAuYI8BAAAA5AL2GAAAAEAuYI8BAAAA5AL2GAAAAEAuYI8BAAAA5AL2GAAAAEAuYI8BAAAA5AL2GAAAAEAuYI8BAAAA5AL2GAAAAEAu/g9UKU1DMr0u4wAAAABJRU5ErkJggg==) --- **Mirror:** [Click here to view the mirror](<http://1205663.openbounty.org/mirror/>) ### Coordinated Disclosure Timeline Vulnerability Reported:| 24 June, 2020 14:30 GMT ---|--- Vulnerability Verified:| 24 June, 2020 14:40 GMT Website Operator Notified:| 24 June, 2020 14:40 GMT a. Using the ISO 29147 guidelines| ![](/images/done.png) ---|--- b. Using publicly available security contacts| ![](/images/done.png) c. Using Open Bug Bounty notification framework| ![](/images/done.png) d. Using security contacts provided by the researcher| ![](/images/done.png) Public Report Published [without any technical details]:| 24 June, 2020 14:40 GMT Vulnerability Fixed:| 3 August, 2020 20:02 GMT ---|---