Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:
      a. verified the vulnerability and confirmed its existence;
      b. notified the website operator about its existence.
Affected Website: |
cattedrarosmini.org |
Open Bug Bounty Program: |
Create your bounty program now. It’s open and free. |
Vulnerable Application: |
Custom Code |
Vulnerability Type: |
XSS (Cross Site Scripting) / CWE-79 |
CVSSv3 Score: |
6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N] |
Disclosure Standard: |
Coordinated Disclosure based on ISO 29147 guidelines |
Discovered and Reported by: |
Tanzil |
Remediation Guide: |
OWASP XSS Prevention Cheat Sheet |
Export Vulnerability Data: |
Bugzilla Vulnerability Data |
JIRA Vulnerability Data [ Configuration ] |
|
Mantis Vulnerability Data |
|
Splunk Vulnerability Data |
|
XML Vulnerability Data [ XSD ] |
|
Vulnerable URL:
![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAAA3CAIAAABVZQ1/AAAACXBIWXMAAA7EAAAOxAGVKw4bAAAXaUlEQVR4nO2df0wUxxfAt3jCiceJJ1z5ZfghUmMNpdQStEqJEkspIVdr0VJqaUuUEmoNUYPGWIopNYoGgRBjtMHWattYQk1Drb0Yc8WrRaAnJZRSJMflPC1FBLzSE0/2+8fkO5nuzM7uHdwJdD5/sTsz7817M3OPnd19+xjP8xyDwWAwGB7A51F3gMFgMBgzFhZjGAwGg+EpWIxhMBgMhqdgMYbBYDAYnoLFGAaDwWB4ChZjGAwGg+EppkSMiY6Ovn79utgh4z+FJ0bfOzNqms5bt7vtakOvKZqaKv6zPPoY8+uvv46Pjz/11FPEQ8Z/Ck+Mvndm1DSdt25329WGXlPkBtN07KYLEjGmr68vICCAWDQ8PPzxxx+LHcrn/PnzWVlZYodTjYlb3dfXN3/+/Mnu1yRAGWuX6kwEyugLVMv3vHyZE8E7WsRwWwV9uUGx+KRFGwq0EztDqS+zh4+REJsV7qlgeASeitlsVqlUcoooNekkJSVdvHhR7HCqMXGrzWZzYGDgZPdrcnA4HJNSx23oo4+qlu95+TIngne0iDFZq09MLD5pQcPbt29v3ry5paVFpVL19PTk5OQ4nU5iZyj1ZfbQ4XA4HI6urq7AwEDH/+FFZoVLDpnivznTnUccY2w2W2Bg4NjYGPFwCjKzY8yjxaXRl+l578yoRz5vJ2X14Vit1sTERPBHUlISseEnn3wSGxurUCgSEhIuXLiAtpJZ36Ue0pePGzHmkY/djEfW/ZijR49GR0cvWLDgjTfeGB4e5jhueHg4KirKbrc/9thjp06dQg+PHDkSEBBw6NChxx9/fP78+W+++eY///wjJvn8+fPr1q2bPXu24PDll18+dOgQOHn9+nU/Pz+gl+O4rVu3Ll68mFK6c+dOevOdO3eifXj48OHu3bsff/zxuXPnvvrqq3fu3AHnr127tmLFijlz5gQHB7/66qs3b96kWH3q1CmO4+7fv//OO+8EBARERkZ+8MEHDx8+BKJu3rz5wgsvBAQEPPHEE2fOnAEnweX8xx9/HBwcHBoaevLkSaJSYjWO4/7++++tW7cGBwcvXLjwww8/BLquXbu2evXqgICA8PDwV1555bfffoOKDh8+HB0dPXfu3I0bN965c2fnzp3BwcELFix46623/v77b+7fGyOw/vz5819//XXoPbEtCGJniD2/devWSy+9FBAQEB0dffjwYXQHBp0MuCGoaoHnxdyOyty4ceNHH30Ez69YseLUqVOoTKIQmRPJO1qgS8UWF75O6fUFqw/l+++/5zguPDy8tbUV/PHzzz8TG46Pj8PzPj4+aCuZ9YmqJXuIOgT8jc6Kr7/+WlBTbJJIqmBMEOkYY7fbTSaT0Whsbm622WwlJSUcx82bN6+rq0ulUjkcjtzcXPTw5Zdfttvtzc3NLS0tLS0tbW1tBw8eFBMudjMmMzNTr9eDk99+++34+PiFCxfAoV6v1+l0lNKMjAx684yMDLQPBw8e1Ov1er2+u7s7LCyss7MTnG9ra9uyZcvt27c7OjoiIiKKioooVufm5nIcV1ZWNjo62t7efuHCBYPBcOzYMSCqqKhIrVZ3dnY2NjbCGAN829XV1dHRUVdXt2rVKqJSYjWO47Zt22az2dra2i5cuHD+/Pna2lrgt7y8PIvF0tTUtGrVKqVSiQ5iU1OTyWSy2WxLliwZGBhob2+/evWq2Wzes2cPPujt7e1g0C0WC15BALEzxJ4XFRX5+vr29PTo9fpPP/1UbDKIGQIQeF7M7ajM7OzshoYGcPLWrVsmk0mn06EyiUJkTiTvaIEuJS4u4jql1OdE7kNcu3Zt7dq1eXl5nDiw4Z9//nn58uUvvvhCqVSeO3eurq4ODfCu1sdVu3SnRPArJCgVmyTsZozHoV/mmM1mjuNGRkbAodFojImJgUXEXSPQxGKxgPP19fXLly8Hf1sslqioKNjEbrerVKrBwUH80Gaz+fv7g53WpKSk4uLinJwcIFytVlssFkrp2NgYvbngulir1ba1tdH90NPTExISQrEaEBQUZLfbwd8mkwlsLzidTqVSiToEXOwDR0HzxZQSqzmdTpVK1dvbCw7Pnz+fnJw8ODioUCjwrX8gYWhoCBw2NTX5+PiMjo6CQ6PRGBsby2MjCAe9qalJbNApnSEaCFwBa0JX8P8efaIhFM8T3S6QOTo6CmYOz/O1tbVZWVlyhMiZSN7Rgg4lvrjE1illMQpWH8/z3d3d2dnZGo2mvLwcdhIHb0jfmJJTn6gab8hje2WUXyGBCqLniSoYk4tCMgipVCp4NRoWFjY4OCjZRKlULly4EPy9ZMkSi8UCmxuNRljt4sWLSUlJcLcEPQwNDY2LizMajUuXLrXZbPv27YuLi3v48KFer09LS1u4cCGldPbs2fTm6HXx8PDw4OBgfHw8bsUvv/yya9euzs7OsbGx8fFx9BqfyN27dwcGBqKiosDh+Pi4QqHgOK6/v5/jONQhqG8Fj+sQleLV+vv7x8bGoqOjoUyz2Tx//vwNGzYkJyevWbMmLCxs+fLlzz//PFQ0b9488HdERIRarZ4zZw4clIGBAYEt6KBHRETQB53YGaKB/f394+PjaE1YhI4+xRAcMbcLZM6ZMycjI6OhoeG9996rr68X/J8uJkTORPKOFojY4hJbp2L1BauP47ilS5dmZmb29vbCqUIEbxgZGXnv3r2J1Ceqxhu6jZjnJ1EFQwzpGDOJzJo1KzQ0FB7Sn1rOyMjQ6/W9vb2ZmZnz5s1LSEgwGAxw64BeKqeCoGP4SZ1Ol5+ff+zYMaVSabVa09PT6dY5HA4fH5+Wlhb4G0fcbqbjqlIBZ8+ebW1t7ejosNlsxcXFK1eurK6udrUPjwTB6OOG7Nixg9iQ4naBzOzs7Jqamtzc3Obm5vr6eplCJCeSd7RMOvgeUVlZWUVFRWFhYVlZ2aJFi+Q3dFURDlH1JO5iiXmebZR5A/plDn4pCi9UZe6VNTQ0wMtzFKfTGRQUBLdNBIc8zxuNxqSkpKysrMbGRp7na2trt23bFhISYrPZJEvlVIBotVqTySQ42d/fr1Ao4KHJZIIbXJS9MpVKhW+7CfbKGhoaiKLElLq0PYViMpkiIiKIfRbsNgj6I3/Q6Z3BKwNXmM1mcAj3yvDRxw2heF7M7QKZDodDo9FUVlauX79ephBeaiJ5RwtqNXFxiQ2ZWH0xhw8MDGzfvl2lUhUUFOCdpDQUQ359gWqxhm7vleGed9UWhnu4H2PsdrtCoeju7hYcgmm9YcMGq9Xa0dGRkJBQWloKJcBNdoPBsGzZMnhecAjQarVarRY0sVqtarU6ISFBZqlkBdiT8vLypKSk9vZ2q9VaVFRkMBhg89ra2qGhoe7ubp1OBwwXsxocFhQUJCcng/++Dx48WFZWBs7rdDrUIWIxhqhUbLM7Pz8/KyvLYrF0dHQkJiZWVVV1dnamp6dfunRpYGDAYrHk5+dnZmbSB5GfQIxB75fgnREzcMOGDTqdzmw2d3R0xMfHA8mC0ScaIpCGep7oduKMysnJUavVX331FW6O2Njx1InkHS3Q1WKLix5j8PrEbqPNc3NziUX0hhOvD1WLNaTHGDgrRkZGFApFV1cXfP8G97yrfWO4h/u5ZObOnbt3796EhATw2C48/Prrr1Uq1fLlyxMTE1etWhUfH79r1y7QpK+vLygoCPwt5/X+tLS0lJQUPz8/juPCw8Pj4uLQrQN6Kb0C2pNdu3alpqauWbMmNjbWarUuXboUnD937twnn3wSEhKSkpISExNDtxocVlZWJicnp6enx8bGXr58GTxsxnFcTU3NyMjIkiVL1q9fD08SISolUllZGRISkpiYmJ6enpWVVVhYGBsbm5ycXFBQAO5hOByOEydOUCRMBNSBxM6INaypqXE6ncuWLcvMzMzJyQEnBaMvxxDU80S3E2dUdnb2+Ph4ZmYm3jGxseOoE8kLWgSuFltcYhDr0/eIIiMjP/vsM2KRJzbKiKrd28WCs6K+vn7Hjh2JiYmnT58GRbjn2UaZl5j0qCXz7ae4uLirV6+KHTL+C3R1dWm1Wt4zo++dGeXleevqu5Zi9d3utqsNvaZoaqpg8HKeK/MQv//+O+WQ8V/AZDKBazVPjL53ZtQ0nbdud9vVhl5TNDVVMLiJ511+5DmxH3kH5DCVs5p7muvXr7/77rvwcP/+/SdPnvzrr79+/vnnPXv2FBQUTFzFgwcPXnvttT///FNMKWAGOHNaEx0d3draKhgpySZsyKY7E4oxjzwn9iPvgBymclZzL5CXlwffS+A4LjU1tba2NiIiIjc3d9u2bW+++ebEVcyePdvX1xd9uFmglJspzpy+AP8/88wzgpGSbMKGbLozoRgDb5rdu3fv/fffj4yMnDNnzrp16/bu3UtMKSGGzETceDr3aXHXTjKruZj5cqyrrq5etGiRn5/f008//d1330l2BtflqgSBNPr7a3fu3Glvb9++fTs8s3r16tbW1vv37//xxx/vv/8+sUsyQefD9u3bYToWXCn3b2dSTO7r64N542fNmhUdHb1//36Yfg3PLX/06FFQNGvWrB9//FHMOYK2Cxcu3L1794MHD2CpwAMCx1ZXV4Ncc2iuGkmxwGqtVitmqZhSSXOIafYDAgJAfjzA559//sQTT6BpwYD/0ZGiMy1WN0OaidzMgTmxwQOpXV1d/f39er0+NTW1ubnZJVFykp/jNzCnRVJuSlZzeqpzSeuqqqqioqL0en1/f/+ZM2c0Gg188FoMgQ/dkCCQRs8hLecetdt56dGGYn9DoDPpJoO2IG/86OgoSDoCnjBGiyBgvMAjwjExMWgKFvyZbyi2o6Nj5cqVe/fuFesw2raqqiomJgY8yX3u3LmgoKCmpiY5YuVYSlQqaQ4xzf727ds3b94M68fHx9fV1eH+lz/c02J1MyRxP8bAnNijo6MKhQKmw/Icgtk5LZJyS2Y1F0t1Lse6sLCwS5cuwcPKykrwQgwFgQ/dkCCQNi1iDOpMusl426ampqVLl9L7aTab/f39ExMT0VcX6e+uGo3GJUuWiJWibQUdPnbsGOwwXayrlqIxhm4O8YzNZlOpVOAF28bGxpiYGPgPE+p/mcM9LVY3Qw6u7ZUR026DnFowSYMAPHM+nvIdvWwXy0aOJ9J3Iyk32n/JOnh6eWLmdk52vnpiVnOxVOeS1g0PD9tsNpiGmeO4lJQUmDSakp9fpgSO9KEBTuQ7BTIhChRAzMGOzxl8PlCAzpQ0GUepVDqdTknTfHx8Pv3007q6uh9++EGyMsdxvr6+Y2NjktXwDr/99ts1NTWSYt2wFMVVcziOCw0NzcvLA3mdDxw4UFJSAlM0SX5EAIel3J8xyI0xlLTbc+fOzcjI2LRp05UrV8CXSFCImfOJyeohxGzkeCJ9N7Zr8/Ly1q5dK/i4hZiNeHp5scztcvLVE7OaU1KdS1pnt9uVSiW6CNVq9cjICFqBnp9fUgLxQwNi3ykIxsD7TBQoQCwHu2DO4POBAnSmpMkC/vrrr7179wry84vx5JNPlpaWvv3223g4F3D37t19+/bl5+dLysQ7PHv27MjISEmxrlqKI98cSElJyZkzZ7755huz2SwzRb/YkmQ3Y2YOklc6ctJuj4yMlJSUxMXFKRSK2NjY0tJSeJmMZ87HU74LNjo4kWzkaDX3knLb7fby8nKNRpOdnQ0TwBBtJKaXJ2Zul5mvHjeBclLQUPBNBLFWvb296OYMR8rPT99TQiUIAB8aEPtOAc/zVgwxe1GBeB1iDnZ8zlBswfOLQGdKmgwUBQUFBQUFaTQapVJZUFAApgFaBCgqKhJodDqdycnJ4LaEYK8MFevj45Oenk40BJ7BEw7t2LEDSEA/tSAmVo6lkkrFzBHURykoKFAqlbW1tUT/43qJS5Kl3J9JSMcYhUKh0+kEt1vq6+vXrFmDV3Y4HEajMTk5Gdx4HBoaUigUgk92Eyc3+gOhVCphUWdnJ3gVXFAN7wC6+MXOAAYHB3U6HZp9kmjjpk2bEhISiouLKyoqLl++DE+CZFxpaWmnT5/med5ms/n6+qIdhgtPzEuSCBo6nU48lafVakUdxfN8T08PtJSSwAqep0vgeb6trS0tLS0sLAz8hAUGBtpsNsHouHQ/BhcoqAMy0sNR02g0YPQlYzMlxqDOlDQZ3IoAMdJms6FTFy0CEH83u7u7/f39GxoaBDEGbWswGBITEysrK4kd5pHxQjs8NDRktVqvXr0qR6wcS+UENqI5gvoo7e3tSqUS/edMMJmJQylYkm4vHMYURHqvDCSPKywsvHHjBjwpdiXr5+e3YsWKqqqqr776Cp4kZs6fIHgHTAhiZziOu3HjBkh8WVZWBk8SbTx79uyJEyfi4+PHxsaKi4vfe+897v8fOrx7925zc7Pktbzb1/uChoJvIgDANhH6oOrIyIharZavRVKCTqdLSUkxGAwmk6mxsZEuTc5emaRAmIMdjFp7ezs6du6BOlOO03x8fMLDw8PDw0NDQwVTFxYBiM9tL168uLy8fMuWLYKv8qBtV69eXVVVBb8WCj5Qhj7ub7fb/f39BR2eN29eeHi4r68vKKKLlbSUolSOOWKo1WqFQgGyrgEkVwG+JNlG2YxCTiCSTLst+GqewWCAl/N45nzJ6xhO5NMA6CW8e0m5CwoKVCpVcXHxwMAA3UYBME8+nrndvXz1FOQ3FDw4VFVVJfbEEfFfVLoE4ocGxL5TwMvYK5P5uQRi9nu3r2NwZ1JMFlPkRlFqampycjLlubKrV6/CNcLzvFarhU8k8zxfW1sLd73CwsLgZTTP8xUVFZQNMVQs3VKKUklzoHb8OkbQFve/oAK+JFnK/RmGC88um0XSboPMhsePH7fZbENDQ6C0vLwclOKZ8+XEGOKnAWDibreTcufm5sJgQLdRLE8+j2Vu5+Xlq5cP3tBut6OvGkDgCxADAwNffPEF+gKEWIwR5DynSOBFvm5A/E6BGBaLBd2xIQoUdImY/Z74+46m9+/p6YE9QZXizqSbLBlIxN6PwW9+qFQq4vsxDoejs7MzJSWlsLAQ1q+pqYmLizMYDOAlGI1GA3/94fsx/f39p0+f1mg0RqNRjli6pRSlkuZA7ZIxBvc/OlI8aUmylPszDHfej9mxY8eePXvQM42NjampqWq12t/fPz4+/vjx47DI6XTu2rUrKChIqVTqdLqBgQHJGKNSqQ4cOKDVagMDAzdv3gy/PM/zfGlpqb+//4svvijowKQzNjZWWloaFxfn6+ur1Wpzc3Nv374NihoaGlQqFdqr27dvZ2ZmqlSqqKioAwcOgCWEe0kmeEPKDx/4AfL19U1ISACftyI2QX8OSkpK/P39YdASk8DzvMFgWL58uVKpDAkJKS4uhncI1q1bp1Kp4uLiKioq6DHG4XAolUp4L5coUNAl8DZfRESEv79/RkYG+H9WzANgPtTV1Z07dy4+Ph5XShwFisn0GINvA4CbH8RWx44dE9zzh2i12i1btsAnMgBHjhyJiory9fVdtmxZfX29oMOgKDExEb00kRRLsZSiVNIcWE0yxuD+R0eKiNsLhzE1cSfGeDQntpxXtKZyUu6J56vHG8p8bW1qsm3bNk/fv3U4HFFRUSdOnMCVTuWp8l9A4H98pCSbMKY7j/E876E7Pe7R19e3bNmye/fuPeqOuMmXX35ZWVn5008/TaLMvr6+ioqK6urqSZTpNR48eGAymZ599lmParly5cpzzz3nZaUMNxCMFGPGw2LMJLB///6wsLCsrKze3t6cnJx9+/ZNSjphyP379xUKhScez2MwGAyPMtHvxzA4z+SrR/Hz82MBhsFgTEem3HUMg8FgMGYM7DqGwWAwGJ6CxRgGg8FgeAoWYxgMBoPhKViMYTAYDIanYDGGwWAwGJ6CxRgGg8FgeAoWYxgMBoPhKViMYTAYDIanYDGGwWAwGJ6CxRgGg8FgeAoWYxgMBoPhKViMYTAYDIanYDGGwWAwGJ6CxRgGg8FgeAoWYxgMBoPhKf4HAfwwNqdXo2IAAAAASUVORK5CYII=)
Screenshot: ![cattedrarosmini.org vulnerability](/twimages/screen-1212184.jpg)
Mirror: Click here to view the mirror
Coordinated Disclosure Timeline
Vulnerability Reported: |
1 July, 2020 04:40 GMT |
Vulnerability Verified: |
1 July, 2020 04:47 GMT |
Website Operator Notified: |
1 July, 2020 04:47 GMT |
a. Using the ISO 29147 guidelines |
![](/images/done.png) |
— |
— |
b. Using publicly available security contacts |
![](/images/done.png) |
c. Using Open Bug Bounty notification framework |
![](/images/done.png) |
d. Using security contacts provided by the researcher |
![](/images/done.png) |
Public Report Published |
|
[without any technical details]: |
1 July, 2020 04:47 GMT |
Vulnerability Fixed: |
2 August, 2020 15:47 GMT |
— |
— |