Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:
      a. verified the vulnerability and confirmed its existence;
      b. notified the website operator about its existence.
Affected Website: |
webpaproject.lboro.ac.uk |
Open Bug Bounty Program: |
Create your bounty program now. It’s open and free. |
Vulnerable Application: |
Custom Code |
Vulnerability Type: |
XSS (Cross Site Scripting) / CWE-79 |
CVSSv3 Score: |
6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N] |
Disclosure Standard: |
Coordinated Disclosure based on ISO 29147 guidelines |
Discovered and Reported by: |
mistry4592 |
Remediation Guide: |
OWASP XSS Prevention Cheat Sheet |
Export Vulnerability Data: |
Bugzilla Vulnerability Data |
JIRA Vulnerability Data [ Configuration ] |
|
Mantis Vulnerability Data |
|
Splunk Vulnerability Data |
|
XML Vulnerability Data [ XSD ] |
|
Vulnerable URL:
![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAAA3CAIAAABVZQ1/AAAACXBIWXMAAA7EAAAOxAGVKw4bAAAQJ0lEQVR4nO3db0wT5x8A8BMLlHKAlLYCLQPcgoYwRwxDzdBtujBCGoKKsDE2UYwyg44QdOCcYyRDhmgcGsILt7iFbGYxhDBD2FKJ6VhjFNnRMYYNOqi1OFb+uRNrrTy/F/fb5Xa9u7ZAKdTv5xXP9e55vs9zTR/6tP0+yxBCGAAAAOABft4OAAAAgM+COQYAAICnwBwDAADAU2COAQAA4CkwxwAAAPAUmGMAAAB4yqKYY+Lj43t7e/mK4BkB9x0A3+P9Oea3336bmZl56aWXOIvgGQH3HQCf5GSOGR4eDgkJ4XxoamrqxIkTfEXXtbW1ZWVl8RXdIhDtwptdMHzDyKxtUXXTRU5jpu/7xMTE7t275XK5Uqn88MMPnzx5slAx/sfZs2fj4+ODg4PXr19/5coVr8QAgA+Y/fuYycnJmpoavqLr5nGOWVRiY2MtFou7V816GJc6+r4XFhbabDaCIDo7O3U63fHjxxc+mLNnz545c+arr74yGo1Hjhx56623fvnll4UPAwAfIPJu8yMjIwaD4bXXXuMsLnWBgYHeDmFpoO/7o0ePenp6BgYGgoODMQw7ffp0fn7+7N4fz0VtbW1zc/Prr7+OYdiOHTssFkttbe0PP/ywwGEA4ANceh/zxRdfxMfHR0REvPvuu1NTUxiGTU1NxcXFkSS5bNmyr7/+mlk8ffp0SEjIyZMnV65cGR4evmvXrkePHvHV3NbWlp6e7u/vzypu27bt5MmT1MHe3t7AwECqXQzD9u/ff/jw4cePHxcVFYWEhMTGxn7yySdPnz6l6/z8889ZTVMLNZwh3bhxY+PGjUFBQXK5fOfOnffu3RM4nzp+4sQJuVweFRX15ZdfYhj28OHD/fv3y+XymJiYTz/9lI6EXh3iC/Xp06eVlZUrV64MDg7euXPn2NgYa1SFb4pjN/mCcStsGufIcIbNvIq1JjY8PBweHs6q+ffff4+IiPj5558dnwZBQUF3796lJhgMwwYHB6Ojo+l4Nm3aFBISolQqd+zY8ccffwiPD+XHH39k9ohVQ15e3meffUafsHHjRurJbDab09LS6ON79uw5d+6cK80BAFiczzEkSRIEodPprl+/bjabKyoqMAwLCwsbGBjAcdxqtRYUFDCL27ZtI0ny+vXr3d3d3d3dPT09dXV1fJXzLZSp1WqNRkMdvHz58szMTEdHB1XUaDSZmZnV1dXT09N6vb6jo0Or1TY1NdHRdv+L2TRfSD09Pfv27bt//35fX59KpSopKRE+nyTJgYGBvr6+CxcuUC9Dhw4dMpvNPT09HR0dbW1tjY2NrD7yhVpXV6fRaDQajcFgiI6O7u/vZ42q8E3h7CZfMLMIm29kHMMWiNPR1NTU9u3ba2trN23aRB/kXCC9detWeXl5fX09VVSr1YWFhUajsaurKy0tTSwWYxgmd0BffuPGja1btxYWFtJHHGvIzc1tbW2lHh0ZGSEIIjs7myRJsVhM/9+DYZi/v39sbKxb3QQA/B8SNDQ0hGHYgwcPqKJOp1u1ahX9EI7jzDOpInWJ0Wikjre0tKSkpFB/G43GuLg4+hKSJHEcHx8fdyyazWaJRGK1WhFCqampZWVl+fn5VOWhoaE2m00mk5EkSV1IEERqaqpA0wIhMQ0ODkZGRjqthw4YIWS323Ecv3PnDlVsa2vbsGEDa0A4Q0UIKRSKnp4exwFnjirncb7w+IJxK2xO9Mjwhc0X/9DQ0IoVK5jHMzMzDxw4wLyE9TSgmEymVatWXbx4kSqOj4+LRCLq+cA6jQUhZDAYcnNzpVJpTU0NPfKcNUxPT4eGhlIj2djYmJWVxepCeXm5TCaTyWT00x4A4Bbnn8fgOE6vfkRHR4+Pjzu9RCwWx8TEUH+vWbPGaDTSl+t0Ovq0n376KTU1lV5LYRajoqISEhJ0Ol1iYqLZbD5+/HhCQsLTp081Gs0bb7xBkqTFYomLi6MunJmZEYlEwk3zHf/111+PHDnS399vs9lmZmZmZmaEz8dxnLn4Mzo6arPZ4uPj6TOpF3TaxMQEZ6hTU1Pj4+Nr1651OpicOMMTCMbdsDGekZlj2B999FFHR8f58+eZB1lPA0pOTk5paWleXh5VDA8Pz8nJ2bBhw5YtW6Kjo1NSUl599VUMw5RKpWMriYmJarX6zp07YWFh9EHOGoKCgjIzM1tbWw8ePNjS0kK96RGJRHa7nbrq2LFjpaWlJpMpIyNjdl0G4Bm3oL+PWb58eVRUFF0U/kZZZmamRqO5fPmyWq0OCwtLTk7WarXUQpnVavXz8+vu7iYIgiAIvV5PEMTsQsrOzt68ebNWqyUIor29fdZd4yMc6vLly+e9xfkiMDKzC3t6erqlpeXixYsVFRX0p2sY10LZyMiIXq8/ePAg8+B33313/vz5tWvX2my2srIy6lHOtbLq6mqtVnvgwIHbt287rYFaLpuYmLh+/ToVBrVWSX1nOiwsTKlUBgQESCSSWXQZAOB8rYxz6YPzIc61stbWVs6FKbvdLpPJ6OUaVhEhpNPpUlNTs7Ky2tvbEUKNjY2HDh2KjIw0m80IIRzHOReaOJvmOz46OioSiejLCYKgF3b46mEtZLmyVsYZKkJIoVAQBOHYBXfXyujwBNbKXA+bwjcyfGHTHjx44OfnRy+udnV10UMqEon6+/sRQmq1uqSkhI6Edd+pg6wjLARBqFQqxLNWhhCyWCylpaU4jhcXFwvXYLVapVLpmTNntm/fTj8aHR199epVulhfX5+RkSEQDwCAz+znGJIkRSKRwWBgFalXwJycHJPJ1NfXl5ycXFVVRddAL4hrtdqkpCT6OKtIUSgUCoWCusRkMoWGhiYnJ1MPFRcXb9iwoa+vz2w219XVVVdXo39ffB2bFghJoVA0NjZOTk4aDIbs7GzmHMNZj+MEsHfv3qysLKPR2NfXt27duoaGBtbQcYaKEKqpqUlNTdXr9SaTqaSkRKvVOo4qPVwPHjwQiUQDAwN2u12gO5zBuB428+MKzpHhC5t5YWpq6t69e+/fv28wGNLS0lifxyCEBgYGxGKxXq/nu++sChFC/f39GRkZnZ2dFovFaDTu3btXrVY7XsUyNDRUUFDgtIb8/PzQ0NDvv/+evrChoWHVqlWdnZ2jo6PNzc1SqVSn0zltDgDgaPZzDEKoqqpKIpFcuHCBWTx16hSO47W1tQqFYsWKFe+999709LRjbeXl5UePHqWrYhUp+fn5OTk5dDElJYU+x2q1lpaWqlQqiUSSmZlJ/dtL1V9XV8dqmjrOGZJWq01JSRGLxZGRkWVlZcwXRMfzOV+sSZLct2+fTCZTqVRVVVV2u53VWc5QEUJ2u/3IkSMymUwsFmdnZ1ssFtaospqrqKhgHnfsJl8wLobNOo1zZDjDZl04ODi4ZcsWHMcTExMbGhoc5xiE0KFDhzZv3sx331lPM4SQzWarqqpKSEgICAhQKBQFBQX3799H7hCoobW1FcdxegwpDQ0NcXFxAQEB69at6+zsdKstAABtGUJofhffhoeHk5KS/vnnH+HTVq9e/c0336xfv56z6JWQZn2+5yrxeR697wAAr/Pa7/xv3bolUATPCLjvAPg27+dd9kk3b94sKipSqVTeDmQJePLkydtvv/3XX395OxAAwPyDOcYj0tPTdTrds5nd0l3+/v4BAQHl5eXeDgQAMP+WxhzDmfbKdbGxsW59LuLu+dh/c/KPjY1NTk5OTExs27aNddocO7JgBHZqcMzSz+zU8PDwMoaYmJjKykrqtyYC6f1LS0vp1EEAAF+yNOaYxY+Zk58kSYlEsqSTLs9liwHqN4xWq3V6erq9vf3q1avV1dXCl0ilUpIkZ9ccAGAxgzkGzL/AwMDAwMCgoKAXX3yxvr7+0qVL3o4IAOAdzucYxyTw1KLHqVOn4uPjw8PD33nnHWZqENfroY7z5ZC/d+/em2++GRISsnr16m+//Vag5rmn4mf2KDg4OC8vb2xs7PDhw3K5PCIiYvfu3Q8fPhRoSDgnP19HOCPhzJzPlzDfxbAxnv0F+O6jW1sMOCUWi61Wq+vnM7PxAwCWOudzDGcSeJIk9Xo9lfDfaDQePXp0dvVg/DnkS0pKQkND+/v729vbmS/NnCmq5p6Kn9rCoKuriyAIs9m8Zs0ai8Wi1+uvXbs2NDREd5CzIeGc/Hwd4YzE3cz5LoYtsBWC4310fYsBp6ampqqqqjIzM12/pLCwcOvWrTdv3pxLuwCAxUL4J5qcia1YCf+7urqYmc85f1XuYjJ5Ooe83W4Xi8XM9PX0D78dU1TNPRU/debk5CTdIz8/P/qH3zqd7oUXXkAOicKYewSw8onRf/N1hC8SVxL+MxPmuxI24tlfQOA+8qVN43yIlcUOwzDZvwICAvLz86mmXayTJMmamhqpVJqbm0vn1AEALFFOfoPJlwSemfBfpVI5TfgvkEyeM4f86OgohmHM9PV0VY7p3IeHh+eeih/HcToVvEqlCg0NDQoKoorR0dEWi4X6m68hgY5zdoQzkllkznclbL79BTD376MrJBIJlVtao9FUVFScP3+eDskVwcHBlZWVxcXFe/bsSUxMpL6TBgBYorz/mb+72fUFtj70DfOe8H8et0LAMIzaO465NzP1PTq66Ofnp1QqlUrlrl27ZDIZa7cYV9y+fZvKtun0C2kAgEXOyRyjUCgCAgL+/PNPqjgwMED/O+wWvnr+/vtvs9n88ccfP//880qlktpAlzofw7C7d+9SRYPBQFdFOMAwzGq1Mk9+7rnnPNQdFxtitsjZEc5IwsLCpFJpb28vqxKpVDo9PU3/ZMdkMrkVc1RUlEQiGR8fV/6LuYuPu+RyuVQqvXbtGn1Eq9Xyvfc6duxYXV3d48ePXa///fffT05OjoyMNBgMlZWVs44TALAoOF1Nc0wCL5yMmXrU+l92u50vBz5fDvns7Gxm+npWIl6muafid9oj4Zz/6L85+Y1Go1gspi/n6whnJJyZ85ELCfMFwkb8WyG4uHEDK9P+uXPnEhIStFqtxWK5dOmSVCrt6uqiK2GNeWJiYlNTE+J/YiCEBgcH6aYLCgqGhoYQAMAnOJ9jnCaBd3xpc5zJmpqa+HLg8+WQN5lM6enpOI4nJCTU19cLzzFzTMXv+hzDt0cAYuTkt1qtYrGYfoHm6whnJHwJ/11JmC8wxwhshcB3Od8WA5TTp09Tqe+TkpJaWlpY94J5ZnNzc1xcnM1m43tiIIQuXbq0du1aBADwOfOf23/hLVgWfdcb+uCDD/r6+q5cueLpkHzA48eP16xZc+zYsaKiIm/HAgCYZ17L7e/b6uvr5/K5+jMlMDCwubn5lVde8XYgAID55/3vlfkkf3//l19+2dtRLBkwwQDgq2COAQAA4Cm+8HkMAACAxQnexwAAAPAUmGMAAAB4CswxAAAAPAXmGAAAAJ4CcwwAAABPgTkGAACAp8AcAwAAwFNgjgEAAOApMMcAAADwFJhjAAAAeArMMQAAADwF5hgAAACeAnMMAAAAT4E5BgAAgKfAHAMAAMBT/gdQLS3PJEmiYgAAAABJRU5ErkJggg==)
Screenshot: ![webpaproject.lboro.ac.uk vulnerability](/twimages/screen-1216347.jpg)
Mirror: Click here to view the mirror
Coordinated Disclosure Timeline
Vulnerability Reported: |
5 July, 2020 06:53 GMT |
Vulnerability Verified: |
5 July, 2020 07:01 GMT |
Website Operator Notified: |
5 July, 2020 07:01 GMT |
a. Using the ISO 29147 guidelines |
![](/images/done.png) |
— |
— |
b. Using publicly available security contacts |
![](/images/done.png) |
c. Using Open Bug Bounty notification framework |
![](/images/done.png) |
d. Using security contacts provided by the researcher |
![](/images/done.png) |
Public Report Published |
|
[without any technical details]: |
5 July, 2020 07:01 GMT |
Vulnerability Fixed: |
8 July, 2020 19:45 GMT |
— |
— |