logo
DATABASE RESOURCES PRICING ABOUT US

atolcd.com Cross Site Scripting vulnerability OBB-1218685

Description

Following coordinated and responsible vulnerability disclosure guidelines of the **[ISO 29147](<https://www.iso.org/standard/45170.html>)** standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence. Affected Website:| **[atolcd.com](<https://www.atolcd.com>) ** ---|--- Open Bug Bounty Program:| **Create your bounty program now**. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| **[XSS (Cross Site Scripting)](<https://www.owasp.org/index.php/Cross-site_Scripting_\(XSS\)>)** / CWE-79 CVSSv3 Score:| 6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N] Disclosure Standard:| Coordinated Disclosure based on **[ISO 29147](<https://www.iso.org/standard/45170.html>)** guidelines Discovered and Reported by:| **atmon3r ** Remediation Guide:| **[OWASP XSS Prevention Cheat Sheet](<https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.md>)** Export Vulnerability Data:| Bugzilla Vulnerability Data JIRA Vulnerability Data [ Configuration ] Mantis Vulnerability Data Splunk Vulnerability Data XML Vulnerability Data [ XSD ] Vulnerable URL: ![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAAA3CAIAAABVZQ1/AAAACXBIWXMAAA7EAAAOxAGVKw4bAAANyklEQVR4nO2cYUhb1/vHMxttCJm6kGXOhdW6IqWMLhQnsslerKU4EcmKOCuhZE7EDhER6VxfiIhkRbJRNhAZfeGL0fXFcCJF3BAZQVzJbEizIJrZkoaQOZfZtARJY+j5vzj/3+XunnNvbtRr/fn7fl55Ts55znO+57n3uefkmhcIIToAAABAAwqetwMAAAAOLcgxAAAAtAI5BgAAgFYgxwAAANAK5BgAAABagRwDAABAKw5ujjl+/Pi9e/fkimCXQM+8gFwS7t27d/nyZa1H2d7evnjx4l9//aWyPZbpAHJAc8zvv//+7Nmzt956i1sEuwR65gXkYnG5XBUVFVqPUlhYWFRU1N/fr6YxlulgkiPHPHz48MUXX+R+9Pjx4y+++EKuuEump6ebmprkis8RNdNUEE2u/UsvvbQ7v/Jjr/TMd6bamX306NHHH3/88ssvv/baa5999tn29vbORuSuxT6Hn8rp7/iK29mqiYf7559/gsFgb2+v8OnTp08vXrwoMbu6uvrBBx+UlJS88sorn3zyyePHj+XqHz58+MK/OX78OG3c29s7NzenxsM9WSY14uztve7Qs/N9TDKZdLvdcsVdcmBzzN5O83lxcPTcK1wuVyaTCQQC8/Pzi4uLg4ODe2h8n+U6duxYIpHI2WyfQ1E8XCqVMhqNR48epcWnT5/W19dns1lJl4aGBpvNtrKy4vf70+l0V1eXQr3JZEr/h5GRkdOnT9PGZrM5lUqp8XBPlkmN+IfjJrB/EEUikYjJZFLzkULLfInH46WlpZlMhlt8vqiZZr5SRCKR0tLS3fmVB3uo5x4u+m7Mbm1t2Wy2VCpFiz6f78SJE3mNGIvFzpw5Q/+oqakRf3Sgwk/MjsXfWUdxL/baHxkZkVSm0+nr168/efKEFoPBoM1mk6tfX1+vr68X+p46dWpycjIvb/dzmTQK+8OKqhxz/fr1iooKs9nsdDqTySQhJJlMCllqYmJCXPzyyy9NJtPo6KjVai0tLb106dLW1ha15vP56urqTCZTeXn5hQsXlpeXuYOOj4+3tLSwRYfDMTo6SisDgUBRURF1hhDS2dnZ39+v3ODEiRPK3SVu+Hy+2tpag8FgsViam5tjsZhk1oSQVCrV2dlpsVhsNtvQ0FA2myVMCGaz2YGBAavVajQam5ubE4kEISQWi50/f95kMlVVVbndbm6O4XbkDkpH9Hg8FRUVRqOxpaUlkUj09/dbLBaz2exyuYT7r0Re2tHtdlsslrKyshs3bhBC0ul0e3u7yWR6/fXXBwcH6aS4zsiFh5wR7nCs5XzNSrh58+Z7770niGw0GisrK7/66qudJXKxXLOzs8qNhQZyoS43WbEm7N2cvZrYUOT6xsYwYeKTlZR1STIc9yarcOfNZDJXrly5dOmSmnqfz2exWIRsIWdWMl/xMnHFVwhgrvjqlQfK5D4rS6VSgUBgcXHR5/PF4/GBgQGdTldSUrKyskK3t06nU1z88MMPU6mUz+dbWlpaWlry+/2jo6PUVGNjo8vlikajCwsLdXV1BoOBO6LcQVljY6NwMnv79u1nz57Nzs7S4tzcXENDg3IDh8Oh3F3iht/v7+zsXF9fD4VCNputu7tbMmudTtfT0xOPx/1+/+zs7PT09NjYGDud0dHRubm5ubm5cDhcXl6+vLys0+m6u7uLi4uXl5dnZmZu3rzJ1YHbUW5QukwLCwuBQCAej588eTKRSASDwTt37kQikatXr8rJm0qlVlZWQqHQxMREXV2dTqcbHh7e2toKBoOzs7Ner3d8fFzBGW54yBnhDse1nK9ZgdXV1f7+fo/HI4i8srLy888/T0xMCG1eZuDqz8rlcrnOnj179+5dttlvv/129uxZl8tFi3KhLjdZiSZiuFcTG4pc39gYZj3nSipxiR1OPT/++KPRaPT5fN9++62a+omJiba2tsLCQjmDEqkp4mXiiq8QwHLiq1Qe5EA5BUUiEZ1OJ2xsFxcXKysrhY+4Z2W0SzQapfWTk5PV1dWEkM3NTb1en06n2VGi0WhFRQX9O5VKmUymzc1NthiPx41GI7VQU1PT19fX1tZGRywuLs5kMsoNotGocncFHdbW1srKyiSzzmazJpPpwYMHtDg9PV1bW8sqY7Va/X6/2Fo2mzUYDGKJuI/YbEe5QanmwsP+wsJCQUGBsH1cXFwUzo4k8tKOQpFisViEfU8gEKBnR1xnFMKDa4Q7HGs5X7MCsVissrLy1q1bRFHkGAORgY1Gt9ttNptbWlrC4TCtDIfDLS0tZrPZ7XZT3xRCXW6yYk0k+xju1USYMOP6JoYbw4QnKXeZFM7KFCoJIVtbW16v98033xwfH89Zn06nS0tLxRKJzbJSC3MXlklOfIUA5oqvXnmgTH7fx4i/OVDIMQaDQahfXl62Wq3079bWVrvd3tfX5/F4fvnlF6FNNpuNx+P078nJyffff1/4SFK02+3z8/Pr6+s2my2ZTFqt1mw2e+PGjQsXLqhpkLO7GL/ff+7cufLycnriRCcunnU8Hi8qKhLah8Nh9hpOJpN6vV5ypBOPxyUSsTmG21FuUIVlkhQlerJXy+bmpk6ns/wHs9lstVrlnJEbl2uEOxzXcr5mBWpra7/++mtBqJwi50QiF2Vzc9PhcOj1elrU6/UOh0NI8BRuqKuZLGHu5nJXE/dOJ/EtZwxzJc2ZQvI9KyOEzMzM0G+8lOtv3bp1+vRpObNcqQmzTKz4KgOYqLuPIcfkhX5/dkuU77///u7du6FQKB6P9/X1vfPOO998841Opzty5Mirr75K2yi/UdbQ0DA3N/fgwYPGxsaSkhK73e71esUnXcoNcnYX43A4Ojo6xsfHDQZDLBarr6/f8cSPHDmyzx3lyPnuTTqdLigoWFpa0uv/PzYKCgrydUbBCBeVlpXN/vnnn8Fg8Ndff81phz0c+/vvv7ktWbnu378/ODjo9XqHh4dpzfDwsMfj+fTTT4eHh9944w1aKRfqOg3WVMG3nDHMlTSTyezeme3t7UAg8Pbbb9NiZWVlPB5XqKdMTEy0t7fL2eRKrWOWiRV/ZGREp6XyQAnlFLSzfYxOtMecmpoS9phiAoEAfc9ETDabtVgswkGQpEgIWVxcrKmpaWpqmpmZIYSMjY319PSUlZUJ2yDlBjm7C2xsbAgPg9Rb9hlQ/VlZIBCQTFN8jDM1NSV3VibpKDeoyn0Mqyf3icxkMrGnClxnFMblGuEOx1rO1ywlm82Kp6YgssqzMlaurq4uk8nU19cnvH9BSSQSvb29JpOpq6uLtSMO9ZyTJcyOQe5qknRkfVMTw4Qn6Z7sY9LptF6vF46hpqen6cGmXD0hJBaLGQyGjY0NBbOs1OwyiRHEVxPARN19DPuYvNh5jkmlUnq9Xjj5FYp0behLLKFQyG63Dw0NEUKWl5fr6+vn5+cTiUQ0Gu3o6GhsbBQs0/NTej4rVEqKFKvVarVaaftYLFZcXGy329U3UP5UfIxrtVrHxsaSyWQ4HHY4HHTikll3dHQ0NTVFo9FQKHTmzBl6UPPkyRO9Xr+yskL35m63u6amJhgMxmKx7u5ur9dLCHE4HGKJBFXFDnA7cgdVmWNYPblXS1dXV21tLX0MHB0dHR4elnNGYVyuEe5wrOV8zXKXT0FklbByOZ3OSCQi1z4SiTidTqIY6jknS3g5hr2aCBOKXN+4MSyJT1ZS7jKJh4tGo+JzJNZtSmNjY2traywWCwQCp06dGhsbU66/du2aw+GQmF1bW2MXTpCaMMskJ76aACZMjlGjPFBm5zmGEDI0NGQ0GoUX+GiRvrt87do1yTt/mUxmaGioqqqqqKjIarU6nc719XXJKP39/VevXhXsS4qUtra25uZmoVhdXS1po9xA4VPJZL1eb3V1tcFgKCsr6+vrEyYunjX33WVCyMDAgNAmm81euXLFYrEYDAaHw8G+u+zxeLgPmNyO3EFV5hhWT+7dJJ1O9/b22mw2o9HY0NBAnxC5ziiMyzXCHY61nK9Z7qzJv99dFkRWDzf81KAQ6jknS3g7BvZqokguQBa5GBbHJyup3HO6MFw6nTYYDJKbLNtrY2OjtbW1tLTUZrONjIzkrD958uTU1JRk0B9++EHyDY0EyTLJia8mgMm/c8xulAcCOXLMDtjNRrKqqurOnTtyRbBL/pf1ZDNQTg6CXAf2WKanp4d9G2LPSafTFRUV9P+o5NBomQ6s8v917Ot3/jlZXV1VKIJdAj3zAnIp4PF4AoGA1qMcPXr0u+++e/fddxXaYJkOOAf0d5cBAAeZwsJC4d0wTVFOMODggxwDAABAK14ghDxvHwAAABxOsI8BAACgFcgxAAAAtCJ3jvnpp5/2wQ8AAACHj9w5RuH3zAEAAAAFcueYtbW1c+fOnT9//qOPPvrjjz/2wScAAACHA7XvlT169Ki9vf327dvb29ta+wQAAOBwoOo7//v379NfkRN+MxwAAADISe4cc/nyZbvdXlZWFg6HP//8833wCQAAwOEg9++VpVKpUCh07NixffAGAADAYQL/5w8AAEAr8D+YAAAAtAI5BgAAgFYgxwAAANAK5BgAAABagRwDAABAK5BjAAAAaAVyDAAAAK1AjgEAAKAVyDEAAAC0AjkGAACAViDHAAAA0ArkGAAAAFqBHAMAAEArkGMAAABoBXIMAAAArUCOAQAAoBXIMQAAALQCOQYAAIBWIMcAAADQCuQYAAAAWvF/IE/mEcoK1+wAAAAASUVORK5CYII=) --- **Screenshot:** ![atolcd.com vulnerability](/twimages/screen-1218685.jpg) **Mirror:** [Click here to view the mirror](<http://1218685.openbounty.org/mirror/>) ### Coordinated Disclosure Timeline Vulnerability Reported:| 8 July, 2020 10:42 GMT ---|--- Vulnerability Verified:| 8 July, 2020 10:58 GMT Website Operator Notified:| 8 July, 2020 10:58 GMT a. Using the ISO 29147 guidelines| ![](/images/done.png) ---|--- b. Using publicly available security contacts| ![](/images/done.png) c. Using Open Bug Bounty notification framework| ![](/images/done.png) d. Using security contacts provided by the researcher| ![](/images/done.png) Public Report Published [without any technical details]:| 8 July, 2020 10:58 GMT Vulnerability Fixed:| 9 July, 2020 05:45 GMT ---|---