Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:
      a. verified the vulnerability and confirmed its existence;
      b. notified the website operator about its existence.
Affected Website: |
serfides.org |
Open Bug Bounty Program: |
Create your bounty program now. It’s open and free. |
Vulnerable Application: |
Custom Code |
Vulnerability Type: |
XSS (Cross Site Scripting) / CWE-79 |
CVSSv3 Score: |
6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N] |
Disclosure Standard: |
Coordinated Disclosure based on ISO 29147 guidelines |
Discovered and Reported by: |
KhanJanny |
Remediation Guide: |
OWASP XSS Prevention Cheat Sheet |
Export Vulnerability Data: |
Bugzilla Vulnerability Data |
JIRA Vulnerability Data [ Configuration ] |
|
Mantis Vulnerability Data |
|
Splunk Vulnerability Data |
|
XML Vulnerability Data [ XSD ] |
|
Vulnerable URL:
![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAAA3CAIAAABVZQ1/AAAACXBIWXMAAA7EAAAOxAGVKw4bAAAXf0lEQVR4nO2df0wUR9jHVzzggAPlhFN+GDhUtNZQSihFq5YqsYYScrb4o5QqtUSpoUqJWiSGUmzRKhpEQ4zRRo1Va4yhpqHWXq25KlVEPCmhSJHC9TwREYGe9MSTff+Y951Md3Zm9w5OwXc+f7G7M88888yzN+zs7ndH8TzPMRgMBoPhAtyetQMMBoPBeG5hcwyDwWAwXAWbYxgMBoPhKtgcw2AwGAxXweYYBoPBYLgKNscwGAwGw1UMizlGq9XeuHGDtMkYclwRYTZqDICjmTCYzGFZN/x59nPM77//PjAw8NJLL4luMoYcV0SYjRoD4GgmDCZzWNaNCCTmmLa2Nl9fX9FDPT09W7duJW3K58yZMykpKaTNEcEnn3zi5eV1+PBhUrja2tr8/f2fvmOiuCLCwCYlW0i4LjJOOPPgwYMPPvggMDAwJCTk008/ffz48RD64/QJIsemZGediIYca/jwodmFN4rvoZenA+uOEgM1hQZ/aEPBkIan0traqlKp5ByilKQTFxd37tw50ubwp7Oz083NzWg02u12nudtNhteprW1dezYsU/dNXFcEWFoU7T7FFwXGScSMiUlJS0tzWw2NzY2zp49Oy8v79n645BNycg7OjRy2sWHD2RCe3v78uXLa2pqVCpVc3NzWloaODvwINDL00GzzmazNTY2jh071oaAOyzqA8OlPOM5xmKxjB07tr+/X3RzRCCn48NnjnFFhAdjc/jMMX19faGhoVarFWxWV1dPnjz5GfrzrGzKwWw2x8TEgD/i4uLgfjQTvv7668mTJysUiujo6LNnzwoqyixPAc86Si6xOeYZIut+zO7du7Va7bhx495///2enh6O43p6esLDw61W66hRow4fPoxu7tq1y9fXd8eOHePHj/f391+xYsW///5LsnzmzJkFCxa4u7sLNhctWrRjxw6w88aNG56enqBdjuNWr149ZcoUytENGzbQq2/YsAH14erVq3PmzPH19Q0JCXnnnXf++OMPsP/Ro0cffvihr69vWFjYZ5999uTJE3CVvXXr1sDAwKCgoIMHD96/fx+NA3oZfvv27TfffNPX13fq1KnHjh2DzeFm6W5AHj58uHr16sDAwIkTJ37++eegIu4Sx3F37tx56623fH19tVrtzp070dUMNODyPQGtkMYU2kS7D/7euXOnVqv19/d/77334BA4FJm//vrLx8fn+vXrHMfdv3/f39//l19+QcNC9w1PXVJ5Ly+vv//+28fHB1Rsbm4ODg7mOO7JkyebNm0aP368j4/P4sWL79+/TxoOSpcF5wsnBqW66NDjJx00hfssWCC6evXqzJkzvby8AgMDFy9efPv2bZlJ+OOPP3IcFxIScu3aNfDHlStXRLNrYGAA7ndz+9/fGVhRZnm8adG6pGCCv+nBJ50FjKFCeo6xWq1Go7Gqqqq6utpiseTl5XEcN2bMmMbGRpVKZbPZ0tPT0c1FixZZrdbq6uqampqampra2trt27eTjJNuxiQnJ+v1erDz+++/HxgYOHv2LNjU6/U6nY5yNCkpiV49KSkJ9SE5OTkjI8NkMl28eHH27NlKpRLsLyoq6uvrq6urO3v2rMFg2LdvH4hGY2NjfX39oUOHZs+ePW7cODQOqNns7Gw/P7+GhobKykr0l1TULMUNyNq1ay0WS21t7dmzZ8+cOVNeXg4HCHUJNO3h4dHc3KzX648cOUIKuEOeUMaUdIPHarXW1dWBzDGZTPn5+U5ERqvV5ufn5+TkcBxXUFCQlJT0xhtv4A2J+iaauvS+AG7evLl+/fqSkhKO47Zv367X6/V6fVNTU3BwcENDA2U4SF0WnC+BGPSIibYlOOlQ/0k+Q2pra1etWtXe3l5fXx8aGpqdnU0ZesDVq1fnz5+fkZGBDzQEZsLdu3cvXLhw4sQJpVJ56tSpQ4cOif52yywv2rT824qC4AuOks4CxpBBv8xpbW3lOK63txdsVlVVRUREwEOia2WgislkAvtPnz4dGxsL/jaZTOHh4bCK1WpVqVRdXV34psVi8fb2BiuqcXFxubm5aWlpwLifn5/JZKIc7e/vp1dHr6+7uroUCoXoUnVAQABcOTEajXFxcaBr0GE8DvBvu92uVCrRIMCreNws3Q2A3W5XqVQtLS1g88yZM/Hx8TDaqEugaVgSbVoQcPmeUMYUtSkIBZo5Fy9eBJnjaGR4nu/v7582bVphYWFAQEB7e7sgMiTfSKlL6QvAbDZHREScOHECbGo0mtraWjnDQeoy9BMGx4xBj5jo0PP/PenQkxH3mbJA1NzcPGHCBJ6chE1NTUuWLFGr1cXFxXCAcATZRW9UZnlS03hd/r9rZZSVfMEhUtYxhgqF5CSkUqngVWdwcHBXV5dkFaVSOXHiRPD3tGnTTCYTrF5VVQWLnTt3Li4uDq7koJtBQUGRkZFVVVXTp0+3WCwFBQWRkZFPnjzR6/WJiYkTJ06kHHV3d6dXR6+v/f39U1NT4+Pj582bFxwcHBsb+/rrr3Mc9+DBg87OzvDwcFBsYGBAoVCAaMh5Dqqjo4PjODQI4A+SWZIbqMH+/n6tVgsNgp8k3KWOjo6BgQG0pGjAHfWENKaCQURBMyc0NBRkjqOR4TjO3d197969iYmJZWVl48ePxxsi+UZKXVJ5QGpqak5OztKlSzmO6+np6erqioqKErRIGg7RLuOEhISI7idFjDT0opB8Rrl+/frGjRsbGhr6+/sHBgbAOhVp6KdPn56cnNzS0jJmzBiKTTwTwsLC/vnnn8GUJzVNyTqHoGQdY6h4qgEdPXp0UFAQ3KQ/tZyUlKTX61taWpKTk8eMGRMdHW0wGOBKF/2onAKQ48ePX7t2rb6+3mKx5Obmzpo1a8+ePTabzc3NraamBuacm5tbf3//ICMgapbixiCbE4BG2CFP1q9fL8fmYKD4w3Fce3u7m5tbe3v74Buic+fOnbq6ut9++w3dOXr06KFtBS6OQe7duze0TdB91ul0mZmZ+/btUyqVZrN54cKFYL9oEhYVFZWUlKxZs6aoqGjSpEkkm45mgpzypKafTtYxhgb6ZQ5+ySl5NSpYi6ioqBCsRQDsdntAQABcARBs8jxfVVUVFxeXkpJSWVnJ83x5efnatWsnTJhgsVgkj8opIIrRaAwNDQV/q1QqOQsOctbKKioqYNxws3Q3YHxIa2UCl0DTra2tYBMuRuERlu8JaUwFNikrEjBznIhMd3f3hAkTTpw4oVarGxoaBEdJvpEcoOen3W5HQ8TzvEajMRqNgkZJa2Wkk4WXt1ZGipgTa2UCn9ECHR0dCoUCHjIajaKPY6FJ2NnZmZOTo1KpsrKy8JK8WHbRkV8eb5pU17m1MjlnAWMwOD/HWK1WhULR1NQk2ATncGpqqtlsrq+vj46OLiwshBbgaq/BYJgxYwbcL9gEaDQajUYDqpjNZj8/v+joaJlHJQuA/Q0NDQsXLjx//nxnZ6fJZMrMzExOTgYFsrKy4uPjwf9027dvLyoqkj/H8Dyv0+nQIMC44WbpbsCIZWZmpqSkmEym+vr6mJiYsrIyfIAAqampOp2utbW1vr4+KioKNI1HWL4npDEV2JQzxzgaGZ7n16xZs2TJEp7nv/jii4SEBEFYSL7R5xhSfvLYeyTFxcVxcXF1dXVmszk7O9tgMJCGgz7HCM4XHEp10aHn/3vSoXVxn/FJqLy8vLu7u6mpSafTgYYoSQhdSk9PF3Ve9Pyl4Gh5tGlSXcocgwa/t7dXoVA0NjaCV3BIWccYKpyfY3ieLyws9Pb2PnToELq5c+dOlUq1bds2jUYzduzY5cuX9/X14dbWr1+fn58PTQk2AWlpaampqXAzNjYWLUM/Si8APenv7y8sLIyMjPTw8NBoNOnp6fCuss1my8nJCQ0N9fb2TkpKamlpcWiOMZvNCxYsUKlUkZGRJSUlMG64WYobqEGr1bpq1aqAgIDQ0NDCwkLSS208z7e3tycnJ6tUqvDw8G3btoGm8QjL9wS0go+pwKbMOcahyID38sBlh81mCw8PP3LkCN4Q7htljiHlJ49lOM/zdrt948aNAQEBSqVSp9N1dnaShoN+svDY+SKA/v8cPvSoTXDSUXwWGDcYDLGxsUqlcsKECbm5uaAhyrkgiej5O4Tl5dSlzDH8f4Ofl5cH/xbNOsYQIjHHOIHMV5wiIyMvX75M2mQMFY2NjRqNhh9chEljOhxGzdFX6tgreK7A0UwYTOYMh6xjyOeZPURx8+ZNyiZjqDAajREREZxrIsxGjQFwNBMGkzks60YWDjxEIUdGW6vV4u8GP2WGv9y30x7KrLhly5aDBw/eu3fvypUr+fn5WVlZTrTlIm7cuPHRRx+5upXHjx+/++67d+/epTQ6/PPk+QbEXzBSjOcPuXOMHBltUOaFF14YCsecZPjLfTvtofyKCQkJ5eXloaGh6enpa9euXbFihVOeuoSMjAz4OoLrcHd39/DwgI9c440O/zx5voHxF4wU4/lD7hwj54F0UCYsLMxisaxbty4sLMzLy2vq1KlfffWVQypAMsW3RcXSh/+nASTFzEndl9O1PXv2TJo0KTExcWBgoKKi4s8//1y3bh2lPN4WsODp6fnyyy//8MMPYCf9ZTqBQcqbcffv36+rqwPCMPJdogN9E+RDTk4O0BMSNArKo8EU7TJ0BmrFjx49WqvVbtmyBSrF4Xryu3fvBodGjx7966+/kiIjqDtx4sRNmzbBTwmISuKjUd2zZ49Wq/Xx8Xn11Vd//vlnUW9xs5I9pTRK7xFJWh9d0vjmm2+mTp0KfwfQ+MORYjyfyLxvI0cQHpYBz842NjZ2dHTo9fqEhITq6mqHbhPJ0SEXvXk7/D8NQBEzpyucS3atrKwsPDxcr9d3dHQcO3ZMrVbDB21JCGLohAXcIEVHWc79dqfvyVNe2KLkCb3LoC4Qiu/r6wNaI+DxVvQQBD7sx3FcREQEKn+CP/UEzdbX18+aNWvz5s2kCKB1y8rKIiIiwBPGp06dCggIuHjxohyzcnpKapTeI1Fp/ZycnOXLl8PCUVFR6AN1aDKzpzCeb2TNMXLE22GZvr4+hULR3d09RB4SwVNz+H8aQFLMnKRwLqdrwcHB58+fh5ulpaWC9xtwBDF0wgJucPjPMWgw6V3G6168eHH69Ol0P1tbW729vWNiYtA3FulP1lZVVU2bNo10FK0rcHjfvn3QYbpZR3sqcJjeI3zTYrGoVCrwLnBlZWVERAT8h0mQzGyOeb6RtVZGktFG1bZhGaB9RJL9IamOo+r0uEQ8rsQuqtdNl/vGEaiF08uIyp4vXbr0yy+/hIVnzpx5+PBhmdL6omLmJIVzya719PRYLBaguwyYO3cuFNyl6MbLtMCRBeFJWv2SkAyiiEqv4zkjRzwfAoMp2WUcpVJpt9slu+bm5nbkyJFDhw799NNPkoU5jvPw8JCjVIQ7vHLlyr1790qadaKnAhztUVBQUEZGBtC03rZtW15eHpS3oSSznFOSMbKQO8cI7gTgatuwjI+PT1JS0rJlyy5duvTw4UOBKVHVcVydHkVUiV1Ur9vRmzEZGRnz589HP2hB6aOo7PmSJUsqKipAgTt37hiNRp1OJ0daX1TMnKJwLtk1q9WqVCrR89bPz6+3txctIKobL98CSRCepNVPUrCXNIhCkl4X5Axdv10ADKZklwXcu3dv8+bNOp2Obh/w4osvFhYWrly5Ep/OBTx48KCgoCAzM1PSJu6wu7t7WFiYpFlHeyqK/B4B8vLyjh079t1337W2tor+VuDQT0nGiETySkcgoy2qti0o09vbm5eXFxkZqVAoJk+ejL6ZLKo6zv1XnV7wFjdHUGLH5SJwuW/JrhUXF6vV6iVLlqAiH3gfSbLnfX194FsDPM+Xl5enpKTIl9bHu0DaiVcUfCVBtFZLS4tgPR3Xjae8mS+wIAAKwlO0+nFVLsqqCDQoKCMqvY7nDF6RtFZG+hiBaJdBQwEBAQEBAWq1WqlUZmVlgTRADwGys7MFTdvt9vj4eHBbAr+9Ac26ubktXLiQ1BG0rkApA1hAP7dBMiunp/S1MnqP8E1AVlaWUqksLy8XjT/eNOmUZIxcpOeY06dPz5s3D24qFAqdTie43SIoA7HZbFVVVfHx8eDGY3d3t0KhEHypWzS50R8+pVIJDzU0NIC31vGKAh/Qk5+0B9DV1aXT6VCVQNE+Llu2LDo6Ojc3t6Sk5MKFC+h+oB+VmJh49OhRi8Xi4eGBOgxPPFKUJMEr2u12gbin2WxGA8XzfHNzM+wpXVhFjgWe52traxMTE4ODg8FPGLBgsVgEAyT/foyoQbQMELeHo6ZWq8Hoy5mbSXMMGkzJLoP7EGCCtFgsaOqihwDwdxNtsampydvbu6KiAr+9ASsaDIaYmJjS0lLRjvDIeKEOd3d3m83my5cvyzErp6dy5hhSj3jCHFNXV6dUKtF/zvBkxpvGT0nGyEV6rUxwYVtUVGQwGNasWXPr1i1SGYinp+fMmTPLyspOnjwJdw65UrqoD0YE0h6O427dugVEA4uKiuBO0T4eP378wIEDUVFR/f39ubm5H3/8MdgPlssePHhQXV1NX85y+rlqvKLgKwkcx4FlIvRB1d7eXj8/P/mtSFrQ6XRz5841GAxGo7GyslLSoORamaRBKL0ORq2urg4dO+dAgyknaG5ubiEhISEhIUFBQYLUhYcAog9tT5kypbi4eNWqVZ2dnaS6c+bMKSsrgx82BZ/XQx/3t1qt3t7eAofHjBkTEhLi4eEBDtHNSvaU0qjMHoni5+enUCg8PT3hHsmzQPSUZIxg6FOQqIy2QG0bLyP4WJ7BYICX83TVcXxPK1mJHS3mqLQ4ICsrS6VS5ebmQqFDUh8FoLLnNptNrVaXlpa+/fbbvCPS+jKRX1Hw4FBZWRnpiSPR6xi6BZIgPEWrn75WRjIocEklJr3u9HUMHkxKl0kNOXEoISEhPj6e8lzZ5cuX0Y9majQa+EQyz/Pl5eVw1Ss4OBi9jC4pKaEsiKFm6T2lNyrZI55wHSOoKJrMaBnKKckYoUjMMRQJ7tb/U9sWlAEijPv377dYLN3d3eBocXExOCqpOs6LzTGiSuyoXrejUuGA9PR0OBnQ+0iXPU9LS/Pz8zt58iTYlCmtLxPRilarFZfvhS9AdHZ2gq+twBcgSHOMQOecYoEnCMLzZK1+HJPJhK7YiBqUI70u+vsuEM9vbm4GBtFG8WDSuyw5kZDej8FvfqhUKtH3Y2w2W0NDw9y5c9esWQPL7927NzIy0mAwgJdg1Go1/PWH78d0dHQcPXpUrVZXVVXJMUvvKb1RyR7x8uYY0WSGI8XLOCUZIw6JOUaOBDdeprKyMiEhwc/Pz9vbOyoqav/+/fCQpOo4L3YjmqTEDvW6ByMVLge67HlFRYVKpYKOyZTWl4loRdJvH/gB8vDwiI6OBh9nEy2P/hygOucUCzxBEJ4na/Xj2Gw2pVIJpwGSQUnpdVL3Uf32U6dORUVFCRoVDSaly/Q5Bl8VADc/RGvt27dPcM8fotFoVq1aBZ/IAOzatSs8PNzDw2PGjBmnT58WOAwOxcTEoJcmkmYpPaU3KtkjXt4cIxp/OFKM5xKJOUaOjLZLpbZlvp81bOW+By+tL1px5L62tnbtWucefHAI8KWZAwcOCBodtnny/wQ8/oKRYjx/jOJ53kV3eoaEtra2GTNmyBTLGoZ8++23paWlgu/DD562traSkpI9e/YMrdmnwOPHj41G4yuvvOLqhi5duvTaa6895UYZToCOFOP5g80xQ8+WLVuCg4NTUlJaWlrS0tIKCgqGXPn40aNHCoXCRU/oMRgMxlDhwPdjGDJ5CtL6np6ebIJhMBjDn+F+HcNgMBiMkQu7jmEwGAyGq2BzDIPBYDBcBZtjGAwGg+Eq2BzDYDAYDFfB5hgGg8FguAo2xzAYDAbDVbA5hsFgMBiugs0xDAaDwXAVbI5hMBgMhqtgcwyDwWAwXAWbYxgMBoPhKtgcw2AwGAxXweYYBoPBYLgKNscwGAwGw1WwOYbBYDAYruJ/AMKxDjdstBuYAAAAAElFTkSuQmCC)
Screenshot: ![serfides.org vulnerability](/twimages/screen-1208957.jpg)
Mirror: Click here to view the mirror
Coordinated Disclosure Timeline
Vulnerability Reported: |
28 June, 2020 07:43 GMT |
Vulnerability Verified: |
28 June, 2020 07:55 GMT |
Website Operator Notified: |
28 June, 2020 07:55 GMT |
a. Using the ISO 29147 guidelines |
![](/images/done.png) |
— |
— |
b. Using publicly available security contacts |
![](/images/done.png) |
c. Using Open Bug Bounty notification framework |
![](/images/done.png) |
d. Using security contacts provided by the researcher |
![](/images/done.png) |
Public Report Published |
|
[without any technical details]: |
28 June, 2020 07:55 GMT |
Vulnerability Fixed: |
27 July, 2020 15:37 GMT |
— |
— |