Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:
      a. verified the vulnerability and confirmed its existence;
      b. notified the website operator about its existence.
Affected Website: |
sprinklerthai.tarad.com |
Open Bug Bounty Program: |
Create your bounty program now. It’s open and free. |
Vulnerable Application: |
Custom Code |
Vulnerability Type: |
XSS (Cross Site Scripting) / CWE-79 |
CVSSv3 Score: |
6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N] |
Disclosure Standard: |
Coordinated Disclosure based on ISO 29147 guidelines |
Discovered and Reported by: |
Tanzil |
Remediation Guide: |
OWASP XSS Prevention Cheat Sheet |
Export Vulnerability Data: |
Bugzilla Vulnerability Data |
JIRA Vulnerability Data [ Configuration ] |
|
Mantis Vulnerability Data |
|
Splunk Vulnerability Data |
|
XML Vulnerability Data [ XSD ] |
|
Vulnerable URL:
![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAAA3CAIAAABVZQ1/AAAACXBIWXMAAA7EAAAOxAGVKw4bAAATqUlEQVR4nO2df0wTVxzAT6hQpK38VrEGcAadMYwljmCGjmjiD0ZMh4jKmLIfccwgI8QZ1GRjuqHzx+bQscWwxe0P54wzhBjGTOOWiswhYxURsSIpFQqyghYrK1i5/XHZ5e3uvXfX0gKy7+evu+v7/njv+66v9971+6awLMsAAAAAgA/wG28HAAAAgEkLjDEAAACAr4AxBgAAAPAVMMYAAAAAvgLGGAAAAMBXwBgDAAAA+IqJO8bExcVdu3aNdApMJiC4kwCPg+iW4Gi6CnSzcWGCjjHXr18fGRl57rnnsKfAZAKCOwnwOIhuCY6mq0A3Gy8kxpiOjg61Wo39yG6379+/n3Q6SqqqqtauXUs69RhKdegFJAVJoM3irhL5je9FOjo6QkNDfaGZhLeC6zsore27QPDI7DZe8cTjfk4PIq9W3LtQQYF1sTMCK255y8tOwYGqGoOY/r9gqZjNZpVKJecjSkkPSEpKunDhAul0NDidTsqnpFp4XDtU0AMlJG+929oCzSEhIb7QTMKLwfUR8u+CMbbudU88VkIPIq9W3Ls4wZ6ens2bNzc0NKhUqra2tuzsbJfLJXaGt4ItL9NDp9PpdDpbW1tDQkKc/8Ii99oYxPR/xUScK+vu7jaZTKmpqdjTURIYGOgVPWPD0+WtB3g3uMC4IBlEhUIRHx+PHggEZ8yYkZqaunHjRqfTmZmZuXnzZn9/f1JhhmGw5WV6GBgYGBgYqFQq+WPuLpv099p4IWuM+fzzz+Pi4sLDw1977TW73c4wjN1uj42NdTgcU6ZM+fbbb9HTTz/9VK1WHzp0aMaMGaGhoVu2bPn77785PVevXl26dKlarZ49e/a6detu3ryJNVdVVbVy5cqpU6eKT7EauOdcsUXu+v79+yMjI2fNmvX111+jz+xqtfrIkSNxcXGhoaGvvvoqVy+UGzduhIeHX7p0Cevk0NDQm2++qVarY2JiPvjggydPnojNCVqJ1Jh84yxZsiQoKCgyMnL9+vVdXV2kqQCBWrEgtu5YE5zCrq6uVatWqdXq+fPnnzp1ClvfJ0+e7Nq1a8aMGcHBwevXr+/r62MY5tGjR2+//XZkZOScOXM+/PDDJ0+eCNo2ODh4w4YNfX197733XmRkZHh4+Ouvv/7o0SNxrElBJLn9xRdfrFq1itezZ8+edevWybQrjh2lS2CDiA2EHM0UxygtgIJtDYEnWDdQ6LbEXZReXnDD8vz888/cwezZs//44w/u4Pfff8cKjoyM8Nf9/PxQKawVcXmSdYqHggYRtySpPCAf6THG4XAYjca6urr6+nqr1VpcXMwwzPTp01tbW1UqldPpzMnJQU9feeUVh8NRX1/f0NDQ0NDQ2Nh48OBBTlV6enpubq7FYqmtrU1JSeF+SoihLMaQNJAsOhyO1tbW5ubmkydPpqSkCOrV1NTE1ctisezevRv91G63Z2RkHDhwYOnSpVgn9+7dOzg42NTUVFNTYzAYvvrqK7E5QSuRGpOjsbFx69atPT09zc3NWq02Pz+fFBGBWpKguO6kkvn5+RqNpqWlpbq6mjTGHDx4UK/X6/V6k8kUHR3d0tLCMExBQYHVam1sbKypqamqqiovL+dNG43G2tpao9FotVoXLFhgs9mampquXLliNpvRpkaDSwoi1m2dTmcwGB4+fMjrWbNmjUy72NiRuoQ4iKRA0DXLcYzUAijY1hB4QnIDhXLLYLsoxTfxYszVq1dXrFiRm5srtovCC967d+/XX389ffq0Uqk8e/bsyZMnxeMiaoVeXmxd/pofJdyAh9Cn0sxmM8MwAwMD3GldXd3cuXP5j7DrMZyIxWLhrp87d27x4sUsy/b39ysUCuwCg8ViiY2N5Y4dDodKperv7xefkjSQLHLXeVViJ/l61dbWcvXiC6SlpW3btk0syBMREeFwOLhjo9GYlJQkNseK1mNIjSmgra1t5syZHiwDcILYupNKulwupVKJth52PSYqKqqxsRG94nK5VCpVe3s7d1pVVZWcnMybfvDgAXe9trbWz89vcHCQr/W8efO4YzS4pCCS3GZZNjk5+ezZs3xrmEwmmXbFsWPJXYJ1Zz2GolnSMUo3JllHWwMthnVD4DbllhF3UUp0BDesyWTKysoKCwsrLS3lfcAiEKTXVFwYWx5rnSSL9vNRrpsCFBSSg5BKpeJnbKKjo/v7+yVFlErlnDlzuOMFCxZYLBaGYUJDQzMzM5OTk5cvXx4dHb148eKXXnqJV1tXV8cdX7hwISkpiX/5BD2laMBa5JwnvSWF1kur1aL12rNnT01NTUVFBamC9+/ft9lssbGx3OnIyIhCoaCbExsVNOaff/65c+fOlpaW4eHhkZERdCqADklQ7Ay2ZG9vL8MwaOuJTdjt9v7+/oSEBPRib2/v8PBwXFwcL8h9E3Gmp0+fzh1rtVqNRhMUFMTX2mazcceCWJOCSKqgTqc7f/78unXrzp8/n5aWFhAQIMcuKXYMtUvIga5ZToOQWgBFsp9Q3ECh3DLYLkoqLwjiwoUL09PT29vb+fqSEAgyDBMTE8M/mEoWxpbHWsfKAmPGmK75f//99xUVFQkJCcPDw0VFRdu3b+eu+/v7z5o1izumv7VM0uBFBgcHz507d/r06eLiYvEiDYfT6fTz82toaDAajUajsampyWg0jtKuTqdbtmyZwWAwGo3V1dW+EPTYBAd9WdUDZM5gkNzOyMjgTs+fP5+RkSHTqC9i52vNKJJBHBs3eARB3Lt3r8Fg2LZt2507d9wS9EphrPWJ/3L8JIf+mCOeEOMfMGXOlVVWVmInPYxGo1arFVx0uVwRERH89IvglKSBZFH8zIs6ia2X2WxWKBQtLS0sy6anp+fn52Mry7KsSqUSzB1hH7Epz+BoY/b29ioUCrRqISEhcqZosIJYZ0glBXNllZWVpLkyo9GIXqHMlZGqiZ4KgksKIsltjkWLFun1+pCQkIGBAZl2WVzs6G7LnytzVzP7374n2Y0prYEWw7ohcEnOLSPpG/YOtdlshYWFKpUqLy+P5AD91h5NYYF1kizMlY0Znj/HREREOJ3O27dvY0+Lioq6urpu3LhRUlKSnp7OMMzNmzfXrFnzyy+/9PX13b179/jx44mJiby2oaEhhmHq6upmzpzJT78ITukaxBY9Q6lUPvvsswzDHD58uKKi4vr16wzDhIWFOZ3OW7du8UuLOTk527Ztu3HjRnd396FDh/bt2yenlUhERkaGhYV9+eWXdrv99u3bJSUl4jJcEwnUyhGkm/D391+9ejXaeliLhYWFW7duvX79eldX1/bt2y9duuTv779x48bCwsK7d+9ygtnZ2fRqogiCyyEOIr2CGRkZRUVFKSkpbv1zUGbseARBxAbCM81ixC2A9j1Ka6CekNxAPcfactc3bBDDw8M/++yz5uZmh8NBUoUV9EphgXW3ZDlk3rOAXOhDEP0nWElJybRp006ePImeHjlyRKVSHThwICoqKiQkZPPmzdzy5vDwcElJSXx8fEBAQFRUVE5OTk9Pj8DKjh07du/ezesXnJI0cOJii549x6DXCwoKli1bxh0XFxejlXU6nYWFhVqtdtq0aWlpae3t7aSfP3wr0RvTYDAsXrxYqVTOnDmzqKhI8BwjVs6rFQtiy2NNcNc7OztXrlypUqni4+MPHz6M1eByuXbu3BkREaFUKnU6nc1mY1nW4XBs3bo1IiJCq9WWlJRw/4OT+bNdEFxSEClusyzLzQJxQZH/HCOOnaQ4KYjsf+8CDzQL+h62BdC+R2kN3hNJN2TeMpK+CYIoH7cEPbZCkaU8x7CibzZgNEiMMR4wmifN+Pj4K1eukE59YREYLwTB9SyIDodDqVRSXp97ihjLbuyuLVJ5mXfoKAU9tjJKWcArSL9XNpbcunWLcgpMJrwS3AsXLqSkpMArQ+OFx0F0S3A0XQW+Q8Ydb75XJjN19rhn2B53B+QwNpnSJybXrl175513JIvZ7fbjx49nZWV5YOLx48ebNm26d++efKNiETqTIBAAMHq8NsbITJ097hm2x90BOYxNpvQJS25uLv/3Dgr82oAHJqZOnRoQELBjxw75RsUiFCZHIABg9Hie218A/xI65Y9UaLGHDx++++67MTExQUFB8+fP/+STT8TZI2Q6RrEoTtP9VLwsT0l4TrnIyKvdsWPHnnnmmcDAwOeff/6nn36SdEZsy10NAm3YqS0+iH19fU1NTYWFhZIuDQ0N/fjjj26lMkT7Q2FhoV6v547FRoeGhjZt2iSoOCpCx4NuRr9xvIu7tsbSN2CyQV+ukb82KDNDO18sMzNTp9O1trb29vbq9frU1NT6+no5hnjoWfo5xP5P/EzyLDXhOT2ruWTtysrKYmNj9Xp9b2/vqVOnwsLCDAYD3RlBG3qgQaCNvneAnC7n8fI46VU9gUKn05mampqZmUl6L1GSp6KbAcAY4J0xxmq1hoSEDA8Pyyw2ODioUCj4DE6+Q+C/TD/HF9TJb775Zt68eQqFIjExsaamhiuAvcjKq110dPTFixf506NHj6anp9P9EbShBxoE2ib+GGM2mz/66CPKu+90nopuBgBjg3vrMaSc4ZLJvQXFuCRL2DRKDC6NPCVLP0NOPC5O0y2Z4luMoAr0MuKtBzZs2PDxxx/zJZcsWcJ50t3d/fLLL6vV6ri4uCNHjqDTR/SE56SLcmpnt9utViuaf3rZsmVcBmVG3n4HdA0MIfO8nL0DSJD2I0CRs88C407a9piYmD179tAdo3QMD7oZAExW3BtjSDnDZSb35osFBwenpaVt3Ljx8uXL6G4iHNg08pQs/Qwh8bg4TbcHs+S5ubkrVqxA97GgVFO89UBWVlZlZSX3aXd3t9Fo1Ol0DMPk5+cHBAS0tbXp9frvvvsO20rYBOaUrOaSteP+TYJ+92k0moGBAbQAZb8DORqwmedJewdEihD7LGfLAzn7LDDeTttO6RhPxZofAIwR9MccOanLZSb3FhQbGBgoLi6Oj49XKBTz5s3j/yXO4tLIm8lZ+vlPsYnH0WLYFN+SOByO0tLSsLCwrKwsk8nEXxdXE7v1wODgoEaj4XwrLy9fu3Yt+2+KMD6HEppOX2bCc/FFgSC6XQJFqr29HU14xVD3O5DUIIDLPE/ZO6BTBKm+qEJxGZn7LFDqIrORBd0J2zE862YAMFlx4z+YpJzhMpN7C4pxUxn79+8fGhpqbGwsKipyuVz79u3DppFnpNLmy0mKLnAA/dX8119/kS4GBwfv2rUrLy/vjTfeWLhw4ePHj0nVxG49EBQUlJaWVllZuX379nPnznFPPL29vSMjI2hWfJKTDOGVHvFFgSC6XQKPQqFwuVzoFUHid8nk9pIaxJnnKXsHzJ49m5HC41T2kvssjBJSx4BM8gCA4sZcGSlnuMzk3qQJhMDAwCVLlpSVlZ05c4a/6PU08mIHjAj0i3fu3MnPzzcYDHv37uUvYquJ3XqAmy67f/9+fX295BSKx9MsAkF0uwQebpqI/zZkGGZgYECj0ci3IqnBre0D5MyVTbRU9ijYjgETZQDwH+iPOZKpy2Um9xYXE+yRZzAY+G0HxWnk6bMWpMTjaDG30oOj5OXlqVSqoqIiLgskvZoo/NYDTqczLCzs6NGjGRkZ3Efc9JHZbOZO+ekjj52ULyh4K6ysrIx/K0xmnlCKBmzmecreAZJzZTJ3LpC5zwLr1bkybMfwOIIAMFmRGGMGBgYUCkVrayu3WJKXl5ecnNzc3Gy1Wg8ePMj9ll+0aBFW1mw25+TkcMeCYq2trVFRUSdOnLBarQ8ePOA+LS0t5T4tLS1NSkpqamrq7OzkfifKGWMyMzM7Ozubm5sTExNLSkq4jxwOh0KhMJlMFD/p5OTk8IMBvZotLS2rV6++ePGizWazWCxvvfUW/+WbnZ2t0WjOnDnDS3F/DzKbzc3NzQkJCdxXp8dOigUdDgc2ayz/7xabzXb69Gn03y2kMUbQBygaWJaNiooqLy9/8OCByWTS6XScBp1Oh0aH/u6yxWJRKpV0hZLdkjTG8P2BZdm2tjbeE4FRbIMIRLAdw+MIAsBkRTrvMppXXJwzXGbabXGx6urq1NRUjUYzbdq0hISEEydO8B+J08hLjjGkpOjsv2m616xZ43F6cJlQNi+orKxUqVSoVz09Penp6SqVKjY29sCBA9h09/IRC1JWzsvKyubOnRsQEJCYmFhdXU0SQf/IItjXgKSBJWSex+4dQMLpdCqVSn4VnZTKnt4tKdXn07afPXs2ISEBa5TUhqgIltFkoQeAScloc/vLTJ3t0wzbcv4ZN5FTfHNPdaxXM6U/1fsdFBQULF++3KcmnE5nbGxsRUWFfKNiETETuZsBwLgwhWXZ8V0QGj0dHR2LFi16evMp/fDDD0ePHv3tt9+8qLOjo+Pw4cPHjh3zos4x4/Hjx0aj8YUXXvCplcuXL7/44otuGRWIAAAgCYwx48O+ffuio6PXrl3b3t6enZ39/vvvb9myxYv6h4aGFAqFL17PAwAAkI83948B5JOamlpeXq7VanNycgoKCrw7wDAMExgYCAMMAADjzmR4jgEAAAAmJvAcAwAAAPgKGGMAAAAAXwFjDAAAAOArYIwBAAAAfAWMMQAAAICvgDEGAAAA8BUwxgAAAAC+AsYYAAAAwFfAGAMAAAD4ChhjAAAAAF8BYwwAAADgK2CMAQAAAHwFjDEAAACAr4AxBgAAAPAVMMYAAAAAvuIfhUJnY0j84lsAAAAASUVORK5CYII=)
Screenshot: ![sprinklerthai.tarad.com vulnerability](/twimages/screen-1215267.jpg)
Mirror: Click here to view the mirror
Coordinated Disclosure Timeline
Vulnerability Reported: |
4 July, 2020 04:20 GMT |
Vulnerability Verified: |
4 July, 2020 04:28 GMT |
Website Operator Notified: |
4 July, 2020 04:28 GMT |
a. Using the ISO 29147 guidelines |
![](/images/done.png) |
— |
— |
b. Using publicly available security contacts |
![](/images/done.png) |
c. Using Open Bug Bounty notification framework |
![](/images/done.png) |
d. Using security contacts provided by the researcher |
![](/images/done.png) |
Public Report Published |
|
[without any technical details]: |
4 July, 2020 04:28 GMT |
Vulnerability Fixed: |
4 August, 2020 14:45 GMT |
— |
— |