logo
DATABASE RESOURCES PRICING ABOUT US

rabota-na-computere.ru Cross Site Scripting vulnerability OBB-1208390

Description

Following coordinated and responsible vulnerability disclosure guidelines of the **[ISO 29147](<https://www.iso.org/standard/45170.html>)** standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence. Affected Website:| **[rabota-na-computere.ru](<http://rabota-na-computere.ru>) ** ---|--- Open Bug Bounty Program:| **Create your bounty program now**. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| **[XSS (Cross Site Scripting)](<https://www.owasp.org/index.php/Cross-site_Scripting_\(XSS\)>)** / CWE-79 CVSSv3 Score:| 6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N] Disclosure Standard:| Coordinated Disclosure based on **[ISO 29147](<https://www.iso.org/standard/45170.html>)** guidelines Discovered and Reported by:| **geeknik ** Remediation Guide:| **[OWASP XSS Prevention Cheat Sheet](<https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.md>)** Export Vulnerability Data:| Bugzilla Vulnerability Data JIRA Vulnerability Data [ Configuration ] Mantis Vulnerability Data Splunk Vulnerability Data XML Vulnerability Data [ XSD ] Vulnerable URL: ![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAAA3CAIAAABVZQ1/AAAACXBIWXMAAA7EAAAOxAGVKw4bAAAO4klEQVR4nO3db0wb5R8A8FvpsIPDQWkLlE7aqUjIgkoIokGdm5kEG4Ibw38dQyWIC1kImQswRewm21BMJAvZmyWTmGiMWQzhxVxwmoYQNv6sYoOsIiu11goFgRUstfR+Ly6/y+XuuadHoWuF7+dV73juuS/f58bTPtd9bxtFUQQAAAAQBpJIBwAAAGDTgjkGAABAuMAcAwAAIFxgjgEAABAuMMcAAAAIF5hjAAAAhEtUzDE6ne6nn34S2gSbGww3AJtY5OeYn3/+ORAIPProo8hNsLnBcAOwuQWZY6amphISEpA/WlhYOHv2rNCmeN3d3SUlJUKbQWEiRAo5zk0jqjLADPfs7OyRI0eUSmV6enpjY+O///4rdAim5crKyquvvsq+HpjLY2pqKikpaa3hrfXqAgBwhP45Zn5+vrW1VWhTvHXOMWsVcpybRlRlgBnuioqKQCBgNpuvX7/+448/Go1GoUOEWq6srBQVFfn9/g0MLyMjw+12b2CHAGw5FJbNZiNJUsyPMC0xnE5nYmKiz+dDboqx1vOGFudmEj0ZYIbb4/FIJJL5+Xl6f19fX2ZmJvIQTEubzXbmzBnOb+dwOHJzc+kX+fn5YfxlAAAooj7HfPbZZzqdLjk5+ciRIwsLCwRBLCwsaLVaj8ezbdu2zz//nL356aefJiQkfPzxxykpKUlJSUePHv3nn3+Eeu7u7j5w4MD27ds5m/QaxdmzZ5VKZVpa2qVLlwiCGBwcfPLJJ3fs2KFUKg8fPvzHH38w/Zw/f55/uqWlpbffflupVO7atevDDz9cXV3lhI3vk42Op729XafTJSUlvf7663QexPdAW11dbWxsTElJiY+PP3z48OzsLDJOzhnj4+Nffvnl2dnZd999V6lUJicnv/HGG0tLS0wzfrY5izzMShE/AysrK2+99VZCQkJGRsYHH3zAPjsn/8iWnBSxDxGKgT/6brc7Li5u586d9H6NRjM9PX3nzp34+Phbt24RBDE7O5uUlPTDDz8gW9KvMzIyTp06xUl4enr68PAw/eLGjRv0zu+++w4zRuwG7KU2McNBEMSff/754osvJiQk6HS69vZ25ALd4ODg008/nZCQkJ6efujQoV9++QWZcOTVgoTMFf53BODeCD7HeDwes9nc399/8+ZNp9PZ0NBAEMTOnTvHx8dJkvR6vQaDgb350ksveTyemzdvDg0NDQ0NjYyMtLW1CXWOWSjzeDzj4+MWi+Xy5cuFhYUEQYyMjFRXV7tcLovFotFoamtrmZZD/8c+3fHjx51O58jIyNWrV7u7uzs7OzlhY/pE5mF0dJTOg91ub2pqoveL74EgiLa2tt7e3t7eXqvVqlarx8bGkHGyM9/X12c2m51OZ1ZWltvtHh0dHRgYsNlsTADis80fOIIgjEbj8vLy6Ojo1atXTSbTxYsXhfIv1JKdIs4hePh1UZ1O19TUVFdXRxBEc3NzcXHxc889F7RPMSorK/fv30/PPRyDg4P79++vrKzk/0jkcNTW1sbGxk5MTPT29nZ1dSED0Ov1lZWVdru9r6+vsLBQJpMRqOwhrxYlT1hzBcB64T/m2Gw2giAWFxfpzf7+/t27dzM/Qq6V0YfY7XZ6/5UrV/Ly8ujXdrtdq9Uyh3g8HpIk5+bm+Jt0J8yP+CYmJlJTUzGn8/v9JElOTk7S+7u7uwsKCvhhI/sMmoe+vj4mDyJ7oKlUqpGREfYeTJwEQbAXhSQSyfLyMr3Z39//0EMPYX59/ugkJiYyr9k/UigUHo+Hfm02m+kFJWT+kS05KWIfgomB4g03sqXP58vKymppaVEoFC6XK2if/AZIHo+ntbVVLpeXl5dbrVZ6p9VqLS8vl8vlra2tzK/JuaqDDoff75fJZMxoXrlyhRMeRVFzc3NSqdTr9eKzR6GuFoqiHDz0fn6uAIgG0qCTEEmSzIqHWq2em5sLeohMJtu1axf9Oisry263M4f39/czza5du5afn88sJnA2SZLkrDPcunXr5MmTY2NjPp8vEAgEAgHM6aanp30+n06nY/bT/4w5hPqk3x7SZmZmOHnQaDRMHsT3sLCwMDc3l5OTww4AEydJkuxFofvvv3/Hjh1MJpl70ULZFuPvv/92u91arZbeDAQCUqmUOTs7/5iWDP6QYXCGG2n79u0XLlx4/vnnOzo6UlJSRPYcVHx8fGNjY01NzZtvvpmdnU1/My07O1uv109OTjI55xAzHNPT04FAgD2a/H6SkpLKysoKCgr27dunVqvz8vKeffZZgpc95NVCEER6ejoyvDDlCoB1Cj7HbKCYmJi0tDRmc63fKCstLa2qqrp48aJMJnM4HEVFResPSahPs9kcph5iYmLWH/ZG8Xq9EolkaGiImTAkEvTyqfiWIon8AqHL5ZJIJC6Xaz3n4vvtt9+am5tNJhPztTSj0fjJJ58cO3bMaDQ++OCDG3s6ji+//HJ4eNhisTidzvr6+qeeeurEiRPIlvyrhf3ehUa/gyHClisA1gX/MUf8kovQWtm3337LrJWx+f1+hULBrCpwNvkrHtPT01KplNk0m810JEKnE7NWJtSn+DyI74GmUqnMZjMnD2LW9DiLQsym0K+/uLgokUjYi3tCA0eSJH9BBrnihGyJOQQTA2e4hb4tNj8/n5qa+tVXX8nl8rGxMUxLfOQcNTU1JEnW19e73W72frfbXVdXR5JkTU0NpzeRw0GvldlsNno/cq2Mw2w2azQaZNj8q4USXivj5wqAaBD6HOPxeKRSKbOczWzSf/XKysocDofFYnnsscdaWlqYHphlaJPJtGfPHmY/Z1Pon1xnZ+f8/LzVai0tLWX/kUWerqqqqqSkxG63WyyW3Nzcjo4OftjIPteUB5E90FpbW/Pz80dHRx0OR21trclkEopzTXMM8tfPz8+vqqpyuVxWq7WwsFBo4GpqagoKCuj31G1tbUajUSj/yJbMgCIPEYqBM9wURRUVFRkMBqfTSbd87733KIo6duxYeXk5RVFnzpzZu3cvpqXQSCEZDAZmGuCz2WwGg4HTm8jhoCiqrKystLTUZrNZLJacnBz+9TA2NlZUVHT9+nW3222326uqqvR6PTJs5NUiBJkrACIu9DmGoqiWlpa4uLjLly+zN9vb20mSPHfunEqlSkxMrKioYG6Nsns7ceJEU1MT0xVnE/lPzmQy5eXlyWSy1NTU+vp65o8sSZJtbW3803k8nurqaoVCodFoWlpa/H4/P2xkn2vKg8geaH6//+TJkwqFQiaTlZaW0u+jkXGKn2OEsj0xMbFv3z6SJLOzszs6OoQGzuv11tXVaTSauLi44uJi+rMFMv/8luxmyEOEYuAMN0VR09PTr732mlwuV6vVDQ0NPp9vaGiIJEn6I5rX69VqtV1dXciWmJFapxDmGJfLpdfrSZLUarXnzp3jXw8+n6+lpSUzMzM2NlalUhkMBpfLhQwbebUgCeUKgIjbRlHUxi6+TU1N7dmz5+7du/hmjzzySFdX1xNPPIHcBCKJzHa02SLDffv27Weeeeavv/6KdCAARMw9vefPdvv2bcwm2Ny2yHCbzebdu3dHOgoAIinydZf/E1ZXV8+fP//rr79GOpD/qq2TwNOnT1+6dGlmZubGjRtNTU01NTWRjgiASII5RpSYmJhAICD0BVMQ1NZJ4N69ezs7OzUajcFgOH78+NGjRyMdEQARFekbQuEV8h1gujgxe4/f78/NzR0YGNig0ILYqHvX96YCJj9dfCITyL7NHvSLvwCAKAefY9D4BfBjYmKGh4c3/W3q0Ih5XgAkEIAtCOYYEF2kUmlmZib7BQDgvyv4HMOvPI8pdE+gKsALVX3nVDLHlLjntEQSU2NfZB17fgF8kZkhhIvt488ulEz+MwswBfMxVeVFPvsA0z8mTna6KioqXnjhBebwU6dOYW5IIGvsh1aNHwAQnYLPMcjK80KF7gmBCvD8uuX8PZgS95yWyPLmYmrsi6xjzy+ALz4zhHCxfczZkckUemaBEKGq8uKffYDvXyhOdro++ugjk8nE/H+d7u7ugwcPCnWIqbEfcksAQHTB365BVtPCF7rnV4BHVn3n7MGXuOfUPBcq2cRgV/4PrY590Fvl+ICRjzbAnJ2fzLUW7ReqKr/OZx9witYIDTr7qIKCgm+++YbZySliz4assb/OlgCAqBLk/2AKVZ4XKnQvVAGeX/Wdswdf4p5zLLK8uVCNfYb4OvZiYAJGFtvHnx2ZzDUV7cdUlV/Psw/YhOLkKC0t7enpOXToUE9PT3Fx8X333SfUIbLG/jpbAgCiygb/P39kBXifz7exZ0GWNw9a+X/Dq9OvSWTPfi8dPHiQXtLs6elBPlCSjV9jf/0tAQDRI8gco1KpYmNj79y5Q7/hHR8fZ96JI6WlpcXFxc3NzT3++OPMzqmpqaBxrOlE/EezzMzMOJ3O999/n95knt8VNLaQYQL2er2///47/dHBarU+8MADoZ0d2Y9cLl9eXr579y79kcLhcDDxSCSSqampjIwMOh58P0LxC/Uv3sMPP6xSqb7//vuBgYGvv/4a0/Kdd9754osvqqurrVZrcnLyhrQEAESXoKtp/Mrz+Bq0/Arw/HsbyLsdYkrcYyBr7C8uLkql0vHxcbqYsfg69pwC+CIzQ2GL7Ys5+3qK9iOryq/12QdC/Qd9cDI7Xc3NzTk5OXq9Hj9k+Br7obUEAESV4HMMv/I8/s8NvgI8cwjyz3rQEvcYQjX2GxoaQqhjT/GeXCAmM0xvyGL7Ys7OKdqPfGaBUMF8ZFX5EJ59gOwfP+icdNEfNDGpAwBsERtf23+Li5Ji+5GtKr+0tKRQKJxO51q/SQEA2GQ2521nENmq8teuXSssLIQJBgAQsefHgA13+vRptVpdUlIyOTnZ1NTU3NwckTAWFhYuXLjwyiuvROTsAICoAp9jNo8oqSrP3PiJyNkBAFEF7scAAAAIF/gcAwAAIFxgjgEAABAuMMcAAAAIF5hjAAAAhAvMMQAAAMIF5hgAAADhAnMMAACAcIE5BgAAQLjAHAMAACBcYI4BAAAQLjDHAAAACBeYYwAAAIQLzDEAAADCBeYYAAAA4QJzDAAAgHD5HzraqC2HFwPUAAAAAElFTkSuQmCC) --- **Screenshot:** ![rabota-na-computere.ru vulnerability](/twimages/screen-1208390.jpg) **Mirror:** [Click here to view the mirror](<http://1208390.openbounty.org/mirror/>) ### Coordinated Disclosure Timeline Vulnerability Reported:| 27 June, 2020 15:08 GMT ---|--- Vulnerability Verified:| 27 June, 2020 15:14 GMT Website Operator Notified:| 27 June, 2020 15:14 GMT a. Using the ISO 29147 guidelines| ![](/images/done.png) ---|--- b. Using publicly available security contacts| ![](/images/done.png) c. Using Open Bug Bounty notification framework| ![](/images/done.png) d. Using security contacts provided by the researcher| ![](/images/done.png) Public Report Published [without any technical details]:| 27 June, 2020 15:14 GMT Vulnerability Fixed:| 2 August, 2020 14:41 GMT ---|---