Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:
      a. verified the vulnerability and confirmed its existence;
      b. notified the website operator about its existence.
Affected Website: |
myfitnesslifestyle.club |
Open Bug Bounty Program: |
Create your bounty program now. It’s open and free. |
Vulnerable Application: |
Custom Code |
Vulnerability Type: |
XSS (Cross Site Scripting) / CWE-79 |
CVSSv3 Score: |
6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N] |
Disclosure Standard: |
Coordinated Disclosure based on ISO 29147 guidelines |
Discovered and Reported by: |
geeknik |
Remediation Guide: |
OWASP XSS Prevention Cheat Sheet |
Export Vulnerability Data: |
Bugzilla Vulnerability Data |
JIRA Vulnerability Data [ Configuration ] |
|
Mantis Vulnerability Data |
|
Splunk Vulnerability Data |
|
XML Vulnerability Data [ XSD ] |
|
Vulnerable URL:
![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAAA3CAIAAABVZQ1/AAAACXBIWXMAAA7EAAAOxAGVKw4bAAAP2ElEQVR4nO3db0wb5R8A8FthWOBwUEr51wmdioQsOAlBNDjnZqZiQypjTGe3oRJEggs2c4FOsYKyjYlGRLI3SwYx0RhjDOHFJJglSAgbf1ZZx6BDVhiUDgoCO7DU0v5eXH6Xy91z1yu0UPT7edU7nj7P93mehod7rnxvm8vlwgAAAAAfEG12AAAAAP61YI0BAADgK7DGAAAA8BVYYwAAAPgKrDEAAAB8BdYYAAAAvuIXa4xCofjjjz+4DsGWAzMIACBt/hpz8+ZNp9P55JNPIg/BlgMzCACguFljxsbGwsLCkD9aWFg4e/Ys16FwLS0tOTk5XIdr9sEHHwQHB3/55Zf0+NccpEfog8YeQDKwpqYmj+p0GznPTAknpBK3ZegzODs7e+zYsaioqPj4+IqKin/++YfrXTwlV1ZW3njjDXqjVAxjY2MRERFCuiY8fgCAN7l4mUwmHMeF/IinJL+MjIy2tjauw7WxWq0ikUiv1zscDpvNtv4gPcJohR4APbD11LmGAl5pRUgZ+gxmZ2cfPXp0YmJiaGgoMzPzo48+4noXV0mbzbZv3768vDzkh81kMoWHhwvsHYU+IwAAn9rkNcZsNoeHh9vtduThmnEFsylrjFcC2CprDH0GCYIQiUTz8/Pkjzo7O5OSkpDv4ilpMpk+++wzRqMTExNpaWnki4yMDKHdAwBsOEH3Y77++muFQhEZGXns2LGFhQUMwxYWFhITEwmC2LZtW1NTE/2Q3J66cOFCdHR0RETEiRMn/v77b66aW1paDh48uH37dsYhuaFRV1enUChCQ0OPHDkyOzv74YcfRkVFRUZGvvXWW0tLSxiGffvtty+99BJV25kzZ06cODE7O8sIhvwpO0iy/oiIiDfffJPsF2llZeWdd94JCwtLSEj45JNPVldXMQzr6el57rnnwsLC4uPjDx06dPv2bbIw13kSfWeGHlhTUxOyFWSFjNFG9poxsFyV062urlZUVERHR4eGhh4+fHh2dpYrcoy1K3X+/Hnk/NIn1Gq1hoSE7Nixg/yRXC6fnp6+e/duaGjojRs3yAGJiIi4evUqsiT5OiEh4cyZM4zI4+Pj+/r6yBfXrl0jT/7666/sPtKRBdg7mW4/ZhiGTU1Nvfrqq2FhYQqFoq6uDrlBx544sv6zZ89GRUXFxsZeunTJ7bDTIceKv48A+Bv3awxBEHq9vqur6/r162azuby8HMOwHTt2DA0N4Thus9nUajX98LXXXiMI4vr16729vb29vf39/bW1tVyV89yMIdvt7OzU6/Vmszk5OdlqtQ4MDHR3d5tMJq1Wi2GYSqXq6Oh48OAB9fbc3NzIyEh6MFTl7CAHBgbIfo2Pj5MVkqqqqpaXlwcGBq5cudLR0XHx4kUMw5RKZUFBwfj4eGdnZ1ZWllgsJgtznWejB6ZWq5GtICtkjDay14y2uCqnq62tbW9vb29vNxqNcXFxg4ODXJEzEATR+3+M+XV7O02hUGi12rKyMgzDKisrs7OzX3jhBYHt8isoKDhw4AC59jD09PQcOHCgoKCA/SMhHzMMw0pLS4OCgkZGRtrb25ubm5EBID8JBEEMDQ0ZDIbLly9nZWVhHMMexeLTsQJg4/Bf5phMJgzDFhcXycOurq5du3ZRP+LaIscwbHx8nDz/888/p6enk6/Hx8cTExOptxAEgeP43Nwc+5CshL55IhKJlpeXqTAee+wx8nVmZuZPP/1EBUButdOD4QmS6ldnZyfVL5fLJZVKCYIgX+v1+oyMjLm5ucDAQPY+PvI8vVGeHUV2K1wVsuth95pRAFk5g0wm6+/vFx45eeeDZ34ZE8pVg91uT05O1ul0UqnUYrHwlOTqPhJBEDU1NRKJJD8/32g0kieNRmN+fr5EIqmpqSEHhNFHIR8zh8MhFotHR0epLrNvAnF9EjAMowaExB52l8s1wUKeZ48VAFtLoNtFCMdxam8hLi5ubm7O7VvEYvHOnTvJ18nJyePj49Tbu7q6qGJtbW0ZGRnUtgPjEMdx+ubJww8/HBwcTNVjtVrJ1yqVqrW19dChQ62trdnZ2Q899JDb8Nj9ksvlVL/++usvq9WamJhIHjqdzsDAwIiIiLy8vMzMzP3798fFxaWnpz///PMYhnGddwvZivAK+XvNVTndwsLC3NxcamqqkGgZuOaXMYNctm/f3tDQ8OKLL9bX10dHR68hAKTQ0NCKiori4uK33347JSWF/GZaSkqKUqkcHR2lPksMQj5m09PTTqdToVCQ55OTk9n1cE0cjuP0AeEa9vj4eGR4PhorADaM+zXGiwICAmJjY6lDr3xrOTc3l9yCaG1tRW6GeMpms4lEot7eXur3skgkwjDs+++/7+vrMxgMZrNZo9E8++yz33zzDfL8qVOn1twKT0PCe81TOUNAQID7ERFM+AxaLBaRSGSxWLzYOoZhf/75Z2VlZUdHR1VVFXmmqqrqiy++KCkpqaqqevTRR73bHIPwTwJ72MnNMbqZmRnyhY/GCoANwn+Zw7OJIXCv7JdffqH2UugcDodUKqX2HxiH/JsnjMPdu3e3t7eHh4dTe19C9sp46sdxnL2bQafX6+VyOdd5gXtlbluhN8TeLGL0mlFASOUymUyv19PP0CtZXFwUiUT07UTkXhk1v4wZdHF/W2x+fj4mJuaHH36QSCSDg4M8JZGBcSkuLsZxXKPRWK1W+nmr1VpWVobjeHFxsUvYfiDjkNwrM5lM5HnkXhkD+5NAYQ+7i3uvjD1WAGwta/8/f6lUarPZ7ty5gzzUaDSTk5O3bt3S6XRKpZJ618rKCvmiq6srJiaG2n9gHHokNzdXo9FkZWW5/d86RpBc1Gp1SUnJrVu3pqamLly4UF1dffv27VdeeeXq1auzs7P37t1raGjYs2cPhmHI8xKJxGazDQ8PI7/NxdMKV4XIyBm9ZjSKrByjjT+GYWVlZUVFRTdv3pycnHz//fd///13eiVhYWHp6ekajeb+/ft37twhv+tBYc8vewZDQ0MPHjxYWlo6NTVF1pCfn49hmFar3bt375EjRzQaTUlJCU9JjxAEYTAY6urqIiMj6ecjIyO/+uorg8FAEISndZICAgKUSmVZWdnY2BjZZXYZroljYw87hmHxLGRh9lgBsMXwL0H8f+jpdLqQkJDLly/TD+vq6nAcP3funEwmCw8PP378OHUTlV7bqVOntFotVRXj0KPrGL1ej2EYFYaL+3qFESRXhTabraysTC6Xh4SEZGdnj46O2u12nU6XlJQUFBQkk8nUajV5A5brfHl5OTkyPNcx7FZ4KmSPNrvXVKNclTOCcTgcp0+flkqlYrFYpVKRf/7TKxkZGdm/fz+O4ykpKfX19dR1DI7jtbW1jPllzCBpenr66NGjEokkLi6uvLzcbrf39vbiOE5eBtlstsTExObmZmRJej1e/MemNVzHuFwui8WiVCpxHE9MTDx37hz7OgY5cciwkcOOxDVWAGwh21wul3cXrbGxsd27d1PfrOXyxBNPNDc3P/3008hDjywtLUmlUrPZ7GlakS3N33q9nhncWoaHh/fu3Xv//v3NDgSALWBD7/nTDQ8P8xx6pK2tLSsry09+1W4Yf+v1emZwa9Hr9bt27drsKADYGjY/7/I6LSwsNDQ0rGH73iOrq6vnz593eyNnw2xMr73I3wbQU9XV1ZcuXZqZmbl27ZpWqy0uLt7siADYGrb8GkPdFfBpKwEBAU6nU8iXkjfGxvTai/xtAD21b9++xsZGuVyuVqtPnjzJTt4DAEDb7BtCvrXme8Xz8/M1NTX0Mw6HIy0trbu720uhueGtu9wbkwaUPVxsAgdwnTmVAQB+Zctfx/gI+UuTfiYgIKCvr++/cE97DdjDxQYDCMB/EKwxwL8EBgYmJSXRXwAAti73a8zS0tK7774bFRW1c+fOTz/9dHV1lZ4RXUhifHaGc2TOc3ZD2P+zrzNKIvX09DzzzDPBwcFRUVGHDx+enJxkl0FmvGc3wcilL3xkqNqQjzbgaZ1rMNkp9HlS7vPkn0em4ueJn10/T5z04Tp+/Ljb5w5QkNn415a3HwDgn9yvMSdPnjSbzf39/VeuXGlpaWlsbMQwzNPE+OwM5+wzyIaQJZGJ0Pv7+4uKiiwWi8FgkMvlpaWl7L5wZbxnNMHIpe/RyJC1IR9twNM6cjB5UugjceWf56qHK34uXHHSh+vzzz93+9wBCk82/jWXBAD4F/7bNQ6HA8dxKglVS0tLZmamp4nx2RnO2WeQDSFLuriTO1FGRkZiYmJcrDveyIz3yCbc3irnDxiZ+p6ndfZgctXD9a/pXPnnuerhiZ8npT/XpNPfhXzaAhIyG/86SwIA/Iqb/8Gcnp622+30rObk7xqPEuNjrAzn7DNcDSHfi0yEfuPGjdOnTw8ODtrtdqfT6XQ6GQV4Mt6zm3CLJ2Bk6nv+1pGDyZVCnyservzzyHp44ufCFSeD8KctILPxr7MkAMCvePn//JFZ5e12u3dbQSZCV6lUhYWFFy9eFIvFExMTL7/8spDYvBsYj81tfSN59LQFdjb+9ZcEAPgPN2uMTCYLCgq6e/cu+Qfv0NAQ9Zc4UmxsbEhIyNzc3FNPPUWdHBsbcxuHRw2R6SDpZmZmzGbzxx9/TB5STzBzG9ua8QRss9nu3btHXjoYjcZHHnlkba0j65FIJMvLyw8ePCAvKSYmJqh4RCLR2NhYQkICGQ9/PVzxc9Uv3OOPPy6TyX777bfu7u4ff/yRp+R777333XffFRUVGY1GRrLkNZcEAPgXt7tphYWFOTk54+PjBoMhLS2tvr6eP1ttcXFxZmYm+aSm2traqqoq9r0N5N0OdkNcJZFkMlljY+P8/LzRaFSpVGRIi4uLgYGBQ0NDDocDGRtXEwRBBAYG8m/9cwWMYVheXt7ExITBYNizZ49Op+MaGXbrjPsfyHoyMjIKCwstFovRaMzKyqIGPy8vT6VSmUwmg8GQmprqth5k/Fz18086Y7gqKytTU1OVSiX/lKnVauqhLN4qCQDwK+7XGIIgioqKpFKpXC7X6XQOh4P/1w07q7zANYbdEFdJpI6OjvT0dLFYHBMTo9FoqJA8zXhPYeTSFzIyVG3IRxsIaZ2+xiBT6Ls4Uu67OPLP89SDjJ+rfv5JZwwX+7kDAID/Ju/n9v+PE/hoA1/b3Pzz/vbcAQDAZvl33nYGm5t/3t+eOwAA2Cyb9vwY4HXV1dVxcXE5OTmjo6NarbaysnJTwiCfO/D6669vSusAAL8C1zH/Hn6Sf37LPXcAAOA7cD8GAACAr8B1DAAAAF+BNQYAAICvwBoDAADAV2CNAQAA4CuwxgAAAPAVWGMAAAD4CqwxAAAAfAXWGAAAAL4CawwAAABfgTUGAACAr8AaAwAAwFdgjQEAAOArsMYAAADwFVhjAAAA+AqsMQAAAHzlf1QsCEotgC/WAAAAAElFTkSuQmCC)
Screenshot: ![myfitnesslifestyle.club vulnerability](/twimages/screen-1216790.jpg)
Mirror: Click here to view the mirror
Coordinated Disclosure Timeline
Vulnerability Reported: |
5 July, 2020 13:04 GMT |
Vulnerability Verified: |
5 July, 2020 13:12 GMT |
Website Operator Notified: |
5 July, 2020 13:12 GMT |
a. Using the ISO 29147 guidelines |
![](/images/done.png) |
— |
— |
b. Using publicly available security contacts |
![](/images/done.png) |
c. Using Open Bug Bounty notification framework |
![](/images/done.png) |
d. Using security contacts provided by the researcher |
![](/images/done.png) |
Public Report Published |
|
[without any technical details]: |
5 July, 2020 13:12 GMT |
Vulnerability Fixed: |
12 August, 2020 20:10 GMT |
— |
— |