Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:
      a. verified the vulnerability and confirmed its existence;
      b. notified the website operator about its existence.
Affected Website: |
ilitings.com |
Open Bug Bounty Program: |
Create your bounty program now. It’s open and free. |
Vulnerable Application: |
Custom Code |
Vulnerability Type: |
XSS (Cross Site Scripting) / CWE-79 |
CVSSv3 Score: |
6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N] |
Disclosure Standard: |
Coordinated Disclosure based on ISO 29147 guidelines |
Discovered and Reported by: |
xav0 |
Remediation Guide: |
OWASP XSS Prevention Cheat Sheet |
Export Vulnerability Data: |
Bugzilla Vulnerability Data |
JIRA Vulnerability Data [ Configuration ] |
|
Mantis Vulnerability Data |
|
Splunk Vulnerability Data |
|
XML Vulnerability Data [ XSD ] |
|
Vulnerable URL:
![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAAA3CAIAAABVZQ1/AAAACXBIWXMAAA7EAAAOxAGVKw4bAAAQNUlEQVR4nO2df0xb1fvH78qPFbgdo7SF0U4oGiDEIIk4p06dbpk4iZlxG1NRmDPICJtNnXOtBpEtbNlgRl3mYpyZxLj9sRhCjJkGXUSC+8G6jnUMOmD8prLCQMtWukI/f9xv7vfm3ntuT3939Xn91XN77nnez3Oey+k9t31Y5HK5CAAAAAAIAKJQCwAAAAAiFlhjAAAAgEABawwAAAAQKGCNAQAAAAIFrDEAAABAoIA1BgAAAAgUYbHGqNXqK1euoJoRTyT5G4a+hEoSpt0wjFgkAeENOaFfY65evbqwsPDII4/wNiOeSPI3DH0JlSRMu2EYsUgCwhsOuFljBgcHJRIJ71szMzP79+9HNfFpbm5++eWXWU3aLksAs8m0KKAzzGH5i8/g4GBSUlIgJHkdTNZUBgG3UmlJnjrlY3gxQ4EfMfwr0YvRbt++vXXrVrlcrlQqP/zww3v37nk0WuDw8br2S0Lev39bwgTv72Omp6fr6upQTXx415j09HSr1crtzDzOtIjqH/4I+3t/Efw1xi20pCBH2O9rjABeX3o0ZWVlDofDaDT+/vvv7e3t1dXVPkoKE/wS3si4NkNIiPfKxsfHzWbz6tWruc3FixfznuLp8XAGx9/7BdZUhgMsSUGLMGYowiRid+/eNRgMX3/9tVKpzM7OPnz48OnTp0MriSY6OjorK8u7c/0Y3vv92gwtWGvM559/rlark5OT33zzzZmZGYIgZmZmMjIybDbbokWLvvvuO2bz8OHDEonk0KFDKSkpSUlJpaWld+/eRY3c3Ny8bt26mJgYVhN1f0ofZwlg7a01NDSo1eqkpKQ33niDEkwxPj7+0ksvSSQStVrd0NBAb4ZcvHjx6aeflkgkSqXy1VdfvX79Osvu/Py8TqdLSUlJSEjYtGnT5OQkQRCzs7PvvvuuXC5fvnz5p59+Oj8/zxKQkJBQXFw8OTn5wQcfyOXy5OTkrVu3zs7Oct1n+ivgwujo6AsvvCCRSLKzs3/44Qd6nLm5uW3btkkkkvT09E8++YRScvPmzYSEhMuXLxMEMTk5mZSUdPbsWW4wUTPFnXTh/syp5I0nr0iq8xNPPBEXFyeXyzdt2jQ6Okrb2r9/v1wuX7Zs2fHjx1GzwCuVKwknQ/wVXqZdVMqxuqGCw8LtlehR+lHExcUNDw8nJCRQzd7e3rS0NOHriDtl+HYxPaVQKpWXLl2iXv/yyy8CPbkd3CYkbzpxEw/2ynzE/Rpjs9mMRmN7e/uFCxfGxsb27NlDEERiYmJ3dzdJkna7vaSkhNl85ZVXbDbbhQsXOjo6Ojo6DAbDwYMHUYPzbpTh6GYJYAnu7OykBA8NDen1evqtqqqq2NjY3t7elpaWxsZG+nhRUVFZWdnQ0FBbW9uqVavEYjHL3MGDB1taWlpaWsxmc1paWldXF0EQO3fuHBsbMxgMZ86caW5uPnr0KDNibW1tRqNxbGwsJyfHarV2dnaeO3duYGCAqQflL8qFqqqqJUuWdHV1/fzzz8w/grW1tXfu3Ons7Dxz5kxra+uxY8cIglCr1Xq9XqPREARRXV29fv365557jmuId6Z4J12gP8sX3njyiiQIwmAwlJeXWywWk8mkUqmqqqpoW93d3SaT6cSJE6tWrULNAkpqCMPLtItKOVY3VHBYst1eiYQn6celp6dn165d9fX1AlFCTRmmXZSncg4sbWVlZWvWrKGXHCYXL15cs2ZNWVkZKry8CcmbTgRf4gE+4RJkYGCAIIh//vmHara3t2dmZtJvkSTJ7Ek1qVOGhoao4z/++GNBQQH1emhoKCMjgz7FZrORJDk1NcVtMkfjtYJ6zRLc1tZGC3Y6nWKxuL+/nxa2dOlSl8s1NTUVHR1tt9sF4qBQKAwGA/OI0+kkSZIerbm5eeXKlbSA6elpWoBIJLpz5w4dwIceekjAXwEXKP3MwFL6XS6XTCaz2WzUa6PRuGLFCuq1w+HIycmpqamRyWQWi4XlFGqmUJMuMLNMX1DxRIlk0tvbm5qaStuic4OCOwsC+cnKLrcZ4q/wMu2iUo4rz21wMK9EzPRjXVYUIyMjmZmZp06dEogSF2rK8NMe5ekIB5Yhm81WV1cnlUo3b95sNpupg2azefPmzVKptK6ujh7WhZeQ3HRy8SUeb6wAfKLdLkIkSdK3imlpaVNTU25PEYvFy5cvp17n5OQMDQ3Rp7e3t9Pdfv311xUrVtC7B6ym1zAFq1QqWvDExMTCwoJaraaFUS+SkpI2bty4cuXK559/Pi0traCg4Nlnn2UOODMzMzU1lZeXxzw4MTHhcDiYo1HZSQlITEykBSxZsiQuLo6OAP38UMBfXhcmJiYIgmAGlnpx+/Ztq9WakZFBNRcWFqKj/29aY2Jijhw5snbt2i+++CIlJYVrCDVTqElH9Wf6whtPAZGXL1/evXt3V1eXw+FYWFhYWFigNTCDwzsLAlJDFV6mXVTKsboJmMDxlNsNJ/24bNy4UaPRFBcXC0SJgnfKcOwKeKpUKlHCKBISEnQ6XUVFxdtvv52bm0t9+S03N7eoqKi/v582TeE2IVHpRHASD/AR92uMH4mKilq2bBnd9HqjzO+cPHny0qVLJpNpbGxMq9U++eSTX375JatPVFSUf436y1+73S4SiTo6OujLVST6/y1Qi8UiEoksFovvhgRg+cKNp16vR4ncsGHDO++8c+zYMbFYPDIyUlhYKGAIfxZCFV4vvlEmbCI4jI+Pd3Z2/vXXXzidPZoyJgKecjfHbt26xTrS19dXXV3d2tpaW1tLHamtra2vr6+srKytrX3wwQfpnm4Tct++fUQALmqAB+HbHO5WFX2zj7lX1tTURO+oMHE6nTKZjN5GYDV92StDCaY2LgYGBqgmc+OCidFoVKlUrIMKhcJoNLL0o/bKUAKYTZS/AiOwNnOamprokUmS5N71u1yu6enp1NTUU6dOSaXSrq4u1ruomUIJQPVn+cKCjievyImJiejoaGZn2hZ3g4I7CwKxYklymyF+CS83q3lTjisPZcKtpy685GE1ueF1Op284eKOwztlmHYFPHW7V1ZRUUGSpFartVqtzONWq1Wj0ZAkWVFRQfuCk5DcdOI6znsE8AjvPy7JZDK73X7jxg3eplarHR0dvXbtWk1NTVFREX3W3Nwc9aK9vT01NZXeRmA1aaRSqd1u7+np4X7/hGXRLVFRUUVFRRqNZnBwkBJGHb9+/fqLL7549uzZycnJ4eHhI0eO5OfnM6USBKHRaMrLy69evTo6Orpjx44///wzKipqy5YtGo1meHiYGu3111/HVCLgr7D+wsJCZmDpt0pKSiorK69duzY+Pn7o0KG9e/dSx/V6/TPPPFNcXKzVaisrK6mDTL8I9Eyh4PZn+YKKJ69IuVwulUq/+uqrmZmZGzduMJ3iwp0FVM9QhZdlF5VyXHkoE6zJ4sXTC4Hgu6yioqLS0tJwzvVoyrigPFVyYJ1os9lMJlNDQ0NycjLzeHJy8meffWYymWw2G3UEMyHx0wnwCeElSPjjSU1NTXx8/IkTJ5jNhoYGkiQPHDigUCiWLl361ltv0Y/+mKPt2rVLr9fTQ7GazJ579uyhrbD00AJw7mNcLpfFYikqKiJJMiMj48CBA9RbDoejpqYmKysrNjZWoVCUlJRYLBbWOE6nc/fu3TKZTCwWb9iwgfokZbPZysvLZTKZSqWqqalxOp1uBdBNAX8FRhgZGVm3bh1JkllZWfX19fRxu92u0WhUKlV8fPz69eupT3AdHR0kSVIfzO12e0ZGRmNjI9cQd6YE7mN4+7N84Y0nSqTL5WptbS0oKBCLxampqVqtVuA+hjsLKKksScwBAxperl3elON24zWBf4PCvRB4uzGbzMuKt6fAONwpw7eLSgM/gpmQvBc13Mf4HTdrjBdgTklWVta5c+dQzSDQ3d2tUCiCaZFJ8P3l4unFg+ofDr6wCJUkYbt0yoVhxCIJCG9YEdRn/kx6enoEmkHAaDRmZmYG2ShN8P0NHGHoS6gkCdulUy4MIxZJQHjDitDXXQ4me/fuPX78+K1bt86fP6/X6ysqKkKtyGOuXLmyfft21Lv37t177bXX/v77b8zRZmdnofJ5QImAlAMAX/hvrTGrV68+evSoSqUqKSnZuXNnaWlpqBV5TFlZGf3zAi4xMTGxsbG7du3CGYr6uAeVzwNKBKQcAPiE17tsVLVXgQ7Mp6y83xIOHJhPGty6EA4wRVqtVpFIxPzFst1u37JlC9NZg8FA/VTeLfv27auqqvJRXiSFGgAAv+O32v5hBWY57nB2gYYp0mazxcfH01Vg5+bmCgsLnU4ns79UKqW/xClMMCuf3xehBgDA7wRwr4yuy+1LgW6v+S+U47ZYLGvXrqUqGHoKVD4HACAIYP0fTG45d1ZFcd6y23RdbqVSef78eeogfoFuVL19bkVu4XLcmC7wakOdy1t53pdS//gimaSnp3/00UfC8eSNLYFR+TzIoQYAICLBqu3PLefOqiguUHabBX6BblS9fVSBd4Fy3DguoLQJVL9nWfSx1D+mSO/gFj93W/k8+KEGACACEX5cI1DOnfmwl7fsNi+YBboF6u2jCryjynFjusCrTbj6PdOij6X+MUXyPmAXKOnGG1sXXuXzIIcaAICIxP19DKqcOxOq7HZvb6/D4cjNzRUYjbdnbm6uw+Ho7+/X6XTU/+Ojy3G///77DQ0Nf/zxB9VToMC7QDluHBdQ2gSq3zMt+l7qH1Okp3BjSyAqn4c81AAARB5+e+bf19dXVVXFLLuN37O2tra1tbWysrKvr4/udvLkyW+++SYvL8/hcGi12h07dtBvBa4iN74X9wu8seVWPodQAwAQCNyvMXa7fXh4mHptNpsfeOABbp/t27fn5+enpqaazWadTicwGm9PnU5nNpsVCkV+fj7zR+yPPvpoaWmpTqf79ttvm5qaCIJITEyUSqWe/jQdxwWUNsxzFQpFbGzszZs3qWZ3d7fALyV9Eekp3NjOz8//9NNPrG8th0OoAQCIPLDuY3jLvzMriqPKbnPBLNCNKsdNeFuR260LAtpwqt/7WOofU6RIJGL9GoaL0+lk/RdFVmwxK58ToQg1AACRhvDjGlQ5dwpWbX8/girH7cIo8O7ie07unQuY1e8pfCn1jynSbreLxWLWQ3KWidOnT+fl5QnEFrPyuSu4oQYAICJZ5HK5BFagwcHBhx9++N9//w3amud3fHEhaO7jG3rvvfdMJtNvv/3G++7c3FxOTs7HH3+8bds21AjZ2dmNjY2PP/6493IRREC2AADgX0JW2x/wjvr6eqPRiHp38eLF33///VNPPSUwAlQ+BwAgaPy36i5HADExMY899phAB+EFBgAAIJjAGgMAAAAECjfPYwAAAADAa+A+BgAAAAgUsMYAAAAAgQLWGAAAACBQwBoDAAAABApYYwAAAIBAAWsMAAAAEChgjQEAAAACBawxAAAAQKCANQYAAAAIFLDGAAAAAIEC1hgAAAAgUMAaAwAAAAQKWGMAAACAQAFrDAAAABAoYI0BAAAAAsX/AIohpjycGBp9AAAAAElFTkSuQmCC)
Mirror: Click here to view the mirror
Coordinated Disclosure Timeline
Vulnerability Reported: |
5 July, 2020 09:31 GMT |
Vulnerability Verified: |
5 July, 2020 09:38 GMT |
Website Operator Notified: |
5 July, 2020 09:38 GMT |
a. Using the ISO 29147 guidelines |
![](/images/done.png) |
— |
— |
b. Using publicly available security contacts |
![](/images/done.png) |
c. Using Open Bug Bounty notification framework |
![](/images/done.png) |
d. Using security contacts provided by the researcher |
![](/images/done.png) |
Public Report Published |
|
[without any technical details]: |
5 July, 2020 09:38 GMT |
Vulnerability Fixed: |
27 July, 2020 15:36 GMT |
— |
— |