logo
DATABASE RESOURCES PRICING ABOUT US

computerwoche.de Cross Site Scripting vulnerability OBB-1219941

Description

Following coordinated and responsible vulnerability disclosure guidelines of the **[ISO 29147](<https://www.iso.org/standard/45170.html>)** standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence. Affected Website:| **[computerwoche.de](<https://www.computerwoche.de>) ** ---|--- Open Bug Bounty Program:| **Create your bounty program now**. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| **[XSS (Cross Site Scripting)](<https://www.owasp.org/index.php/Cross-site_Scripting_\(XSS\)>)** / CWE-79 CVSSv3 Score:| 6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N] Disclosure Standard:| Coordinated Disclosure based on **[ISO 29147](<https://www.iso.org/standard/45170.html>)** guidelines Discovered and Reported by:| **Bindiya ** Remediation Guide:| **[OWASP XSS Prevention Cheat Sheet](<https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.md>)** Export Vulnerability Data:| Bugzilla Vulnerability Data JIRA Vulnerability Data [ Configuration ] Mantis Vulnerability Data Splunk Vulnerability Data XML Vulnerability Data [ XSD ] Vulnerable URL: ![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAAA3CAIAAABVZQ1/AAAACXBIWXMAAA7EAAAOxAGVKw4bAAAXKElEQVR4nO2df0xbVRvHrwywKx0/ulIYq45VgwQnMjKRTTRmLu5HCFbcEBEd23BOxIkElaFBJAsuvJ0SthE0mFRD5mIWJGRZcKnLJARJRVK7BhnBWUlXETtWZocdVM77x3nfk+u955zeFsovz+evntNz732e5zz3nntPT7/3DgAAx2AwGAxGEAhZaAMYDAaDsWxhYwyDwWAwggUbYxgMBoMRLNgYw2AwGIxgwcYYBoPBYAQLNsYwGAwGI1gs3jFm/fr1P/74I6nIWN5I7G6WFQzGImeRjjGXL1+emZl58MEHsUXG8kZid7OsYDAWPz7GmF9//XXVqlXYryYmJj744ANScZZ0dHTk5OSQiv8e5jaqAUBJgAB2FRMTI6WlxO6ew6wIwM0bN27s27cvNjZ27dq1b7/99vT0NKx/4403Vq5c+dlnn82JYX4xy866cuXKzp07o6Ki4uLiDhw4MDExwf92586dH3/8MTrQHf9k586d2Pr169fDTb799tuNGzdGRERs3rz58uXLARvpF/zTZw4zeX44ceLE+vXrIyIiHn744W+++WahzZkFgIrNZlMoFFK+orQMgIyMjAsXLpCK/x7mNqoLa4DNZouOjpbSUmJ3z2FWBOBmTk5OQUGB3W4fHBzMysqqrKwEADidzpCQELPZ7PV658Qwv5hlZ2m12uLiYofDYbfbCwoK8vPz0VeDg4NqtXpycpJ/IA+Pqakpcf3Ro0dzcnLgJvHx8e3t7ePj4zU1NZs2bZqFl37AD8iCn0p+0djYqNVqL1686HQ6z549q1Kpuru7F9qoAFmMY4zD4YiOjoZZKy7+q1jwE2P+xxiJ3T23WeGvm5OTkxqNxu12w6LJZLr33nsD2M/cMpujezyehoaGmzdvwqLFYtFoNOjbkpKSd9991+eBRkdHd+zYgYopKSltbW3ws0qlstvtAIBz586lpqYGZqS/LN0xJiEh4eLFi6jY3NycnZ29gPbMBkljTENDQ2JiolKpLCwsdLlcAACXy4WehAwGA794/PhxhUJRX1+vVqujo6NffPFFdPtjMpmysrIUCkVCQkJubu7AwAD2oM3NzXl5eeKiTqerr6+HlWazOTw8HBoDADh48GBFRQW9wb333kvfXGCG1+utrKxUq9VyuXz37t1OpxMA4Ha7Dx48qFKpNBpNTU0NvF2FUdLr9YmJiXK5PC8vz+l0VlRUqFQqpVJZVFQEL0awmTgy4tEaXosFQQYAeDye/fv3KxSKu+++u7q6mn/0uro6lUoVHx/f0tLiM1BYL7AukxIAgrWHj91uf/LJJxUKRVJSUl1dHRpjKBui7iaFS5wk4rwihTQAN336CAA4ffr0Y4895nQ6Bf2FTSGTyZSZmSmTyVQq1e7du+GVl+KsdO/El1EpxouZmpp66623XnzxRVh0uVxKpXJ0dJR/RLlcfvjwYbVarVary8rKxHs2mUwqlQrdBFRXV6emppaUlKSmplqtVn5LiacPkHD2RUdHFxQUYK9R9EwOmM7OTultxF2Zl5d39OhR1DIzMxNdTvn3T1NTUzabbfbWLgi+f/N3u91ms7mnp8dkMjkcjsrKSo7joqKiBgcH4XNxYWEhv/j000+73W6TydTX19fX19ff319fXw93lZ2dXVRUNDIy0t3dnZWVJZPJsEck/RiTnZ1tNBph5blz52ZmZjo7O2HRaDTu2rWL3kCn09E3F5hRX19vNBqNRuPQ0FBCQsLAwADHcYcPH3Y4HP39/Z2dnR0dHU1NTfwodXd3m81mh8ORnJzsdDotFktvb6/NZquqqkLNsJHBIggyx3G1tbWTk5MWi6Wzs7Orq6u5uRntdnBw0Gq1GgyGrKwsn4EieYF1GZsAEJI9iNLS0sjIyIGBgfPnz58+fVrKhvzep4SL30xiXiH8ctOnj1euXKmoqNDr9atXrxb0F/ZA/f39Bw8eHB0dtVqtGo2mtLSU7qy/3vHBGh8rgr/JV199JZfLTSbTJ598AmtaWlqys7Pj4uL4zSYnJxUKhdVq7enpMRqNDQ0NgkMbDIaCgoKwsDBYVCgUV69eNRgMnZ2d999/v6CxxNOHcvZZLBbYdyMjI7C9+PQhdTE9IHSKioqeeOKJH374Afvt999//8QTTxQVFcGiuCvz8vLa29vht7/99pvZbNbpdG63WyaTodBxHBcWFrZu3TrpVi0u6EOQzWbjOA49Qff09Gi1WvQVdq4MbjIyMgLr29ra4PTr+Ph4aGiox+MRH2VkZCQxMRF+drvdCoVifHxcXHQ4HHK5HO4hIyOjvLy8oKAAHjEyMnJqaoreYGRkhL65wCq1Wt3f38+v8Xq98FSBxY6OjszMTOQyui3q7u4OCQlB96E9PT1oIgUbGcpNt+ArlUqF7unMZnNGRgbaLYqYz0B5PB6sF1iXKQlAsocfLplMxvcX+UXakN/dpHAJmmHziv4c45ebdB/tdrtWqz1z5gz2uOIDCRgeHo6Pj6c465d34ucYrPF2EfxNJicnu7q6NmzY0NzcDGu0Wq3ZbObH0OPx9Pb2ok3a29sFYfF4PNHR0cj3lpaW1NTU0dHRxx9/HE6mDQ8Pq9VqZL+U04d+9qG+6+7uxl6jKF1MDwgdt9tdV1enVCrz8vKGhoZQ/dDQUF5enlKprKurg12A7crJyUl4aQIANDU1wZ+v+GbD5zmVSsU/75YW/v0eQ7n88ccYmUyG6gcGBlAy5efnp6WllZeX6/X6S5cuoTZer9fhcMDPbW1tW7duRV8JimlpaRcvXhwdHdVoNC6XS61We73elpaW3NxcKQ18bo5wuVyhoaGCGQCHwxEeHo6KQ0ND6AJBuaLxLwHYyEgM8vj4OMdxqv+jVCqxm/uMA8kLrMsU20j28MMl8BduS9mQ392URBJkhTivKGb75aZPHzMzMxsbG7H7wR4IANDf379t27aEhAS4Q3pu+OWdoN6n8RTOnz+fnp4OeKGm/Jw2ODgIUwhx5swZ/o8uaKx1OBwqlaqurq63tzctLU0cNPGBUDGAs4/ye4zPXwdVPOiVAIDx8XGdThcaGopqQkNDdTqdYDoOewHMz8+HKbRt27bW1lYAgN1uR8ngcrnsdntvb6/E9TKLkNB5eVj6H1988cUPP/xgtVodDkd5efmWLVtOnDjBcdyKFSvWrFkD29BXLe/atctoNF69ejU7OzsqKiotLa2rq4s/00Vv4HNzAStWrAhSKALA4/GEhIT09fWFhv6v10JCiFOd/nqKkO6yX/ZI3DCwVcvivKqoqKDvQaKbdB9/++03i8Xy3Xff+XUgnU5XXFzc3Nwsk8nsdvuOHTvoNgTgHd148VzQH3/8MT09bTabH3roIVij1WodDgfHcY2NjeXl5T6PNTMzwy8aDIb9+/ejnY+Pj2/cuJHjuDVr1hgMBp1O19fXl5WVJcWLeQAbELPZLG6Jrfz555+rq6u7urpqa2tRZW1trV6vLykpqa2tveeee2Al9gKYl5d38uTJwsJCk8nU1tbGcRyc35ueng4LC4uKioqKihobG5PL5XPm8DxDH4ICe47heE/97e3t2KWKZrOZv3AF4vV6VSoVehwWFAEAPT09GRkZOTk558+fBwA0NTUdPnw4Pj4ePQbRG/jcnI9arTabzQLzSE/rEp9jsJG5efNmSEgI/2GfFGSFQiGee8E+x1A8JXmBdZnuGtYefrj4c2Xt7e1oW+yGgu4mhUucFXxgXlFC6q+bFB+9Xq/ADPFcmeBAY2Nj/Ltds9lMzw2/vBNnAtZ47NSQx+MJDQ1FM64dHR1w+ovjOKVSCR+DQkJC4C280WhETyEAgLa2Nv5cGbwNHxsbQ1GSyWT8eaSDBw9yHId++Zd4+gRw9kl8jpnNXNmhQ4cUCkV5eTlc0MHH6XSWlZUpFIpDhw6JN0QXQI/Ho1QqGxoa+LMpCQkJ/JkevV7PX7C3tAh8jHG73aGhoSh1UBGeLXDBjNVqTUtLq6mpAQAMDAzs2LEDrvgeGRkpLi7mr8aD05RwIhhVCooQuJQFtrfb7ZGRkfx099mA/i1/trSuri4jI8Nisdjt9tLS0q6uLgBAcXFxTk7OyMiI1WpNT0+HD7l+jTHiyAAAMjIyiouLR0dHh4aGsrKySEE+dOhQZmYmvA+qr6+vra0VH12Kp1gvsC7TXcPaw4+hTqfj+4u2xW4o6G5SuATNSHlFCqm/bmJNRdB/KcGmkFqtbmpqcrlcQ0NDOp2Onht+eXfz5s3Q0NDBwUE0QUc3XkB2dnZ+fr7dbjebzSkpKU1NTYB3/e3t7Y2MjISfXS6XSqWqrq52Op39/f0bNmzgTxgeO3ZMp9Px91xSUrJlyxar1ep0Og0GA1wAiRZDSzx9gP9nH//08XeuTCKFhYX0FV82m62wsBBQL4AFBQWRkZFffvkl2gr9P2ZsbKy1tVWpVPb09Mze2gUh8DEGAFBTUyOXy+EyTVSEa5ePHTsmWIU5NTVVU1OTlJQUHh6uVqsLCwvRakh0lIqKiqqqKrR/QRFSUFCwe/duVNy0aZOgDb0B5VuBs16v96233lKpVDKZTKfT+Vy7TIqSYLpcHBkAwPDw8NatWxUKRUpKSmNjIynIHo+nrKxMo9HI5fJdu3bBezrSGEPxlLJ2WeAy3TWxPYL2/LXLer2e/6Ox2BFBd5PCJWhGyitKSP1yE2sqNhrivsCmUFdX16ZNm2QyWXx8fHl5OT03/PWusrKSf0pSjBczNjaWn58fHR2t0Wj4C2qxzsLJLoVCodVq0UJ5SHJycnt7O7/G4/FUVlYmJibKZLL09PTW1tarV6/K5XI46EofYwI4+9DpE6QxRjqUC2B7e7tCoeAvzQcANDY2JiYmhoeHp6en8/8rs+TwMcYEAOmSJ4WkpCT+ehVBcakzm8j8GxB0NylcyywrICw3GMuVef3N3ydXrlyhFBnLG4ndzbKCwVhCLFLd5aXOjz/++Morr5C+nZ6efu65537//ff5NInBYDDmHzbGBIWioqLExETSt2FhYeHh4RJXoDIYDMbSZWmMMdJl4RcKvor49evXLRZLWVkZLN64ceOFF15YvXr1li1bSkpKoAh8WVkZknuhsCCK6H4hlkyfq85at27dn3/+GfDmAp35u+6668iRI0iBf7Eh0dnFkw+3b99+7rnnBF2PUp3/vgNsJcdxv/zyy1NPPRUTExMXF/fSSy8JXiXAWDYsjTFm8eNyuerq6uBnt9stl8vvvPNOWNy/f//MzIzFYjEajV1dXbCZUql0u90+d5ufn19TUwP/qYf+1MaQiOL/OvOTk5Pnz5+/dOkS/19yS5FFkg+3b9/esWOH1+sV1GNTHVvJcVx2dnZycvLg4GBvb6/T6SwpKZlvNxjzw5yvIgjGCpn5X2joL6R/e8G/tvG1mFJSUoDkKC2IIrpfiB1ZJJ0lNqy7uzs5OXmh7JkTFkk+2Gy2o0ePCiKMTXVS/ov/iyr+RzZjeeD7OebWrVsvv/xybGzsXXfd9f777//9999weuT48ePr16+PiYl5/vnnpTznivcD67///vvNmzevXLkyNjZ2z549165dg/XXrl3bvn37qlWr7rvvPr5krxhoz3/+85+4uLiYmJi9e/f+9ddfqP6DDz6IjY1ds2bNp59+SjKD71FERMSzzz57/fr1N998MzY2dvXq1fv27bt16xblQBMTE4mJiW63+4477hC8ANHj8czMzISHh8OiTCabnJwUu/D1119jXSspKdm1a9err75aVVUlDgIMUURExD333PPRRx/BGSrB5BV/5ur27dsHDhxYtWrVunXr3nvvPb7v/CidOnVq+/btaA/vvPPO3r17KfGnQDJGYsA5QnoEloEymczj8VBCAQ/36KOPrlq1au3atc8888xPP/3EUXOG5Jog6/7+++8jR47ExcVFRETs2bPn+vXrFDOwNkBI+UDqMoqbpKgKLMeybt26d955R1CJTXVS/sfGxiYlJZ06dYrjuL/++qu5uXnxSMsw5hbfYwxWTxsrph3Afjiy1DlJFh4rxE3SRReI3lPMmI04v1hFHBEVFZWenl5VVTU9Pf3nn3/ClwCKg0NSCKcrosMQDQ4OXrhwwWAw+OwCia8G0Ol0XV1d6OeBjo6O3NxcUuQDRmLAKUr4fmXgxMRETU0NkmsjhQIrpE/KGYprgqzDivyTzKCI+ZPygdRlJDcpURVYLr3TsalOyf9z585VVVWtXLkyMjLy0qVLLS0t9Kgylir0xxysRpCNLKYNCLNAFI0sPkjqnCILLxYXspE187l/it4HSZwfkOfKAAADAwNpaWnh4eFQ1Q6+HljQBqsQTldEJ4WI8n9mia8GAABkZmaePXsW7Q0J0ohlneDmfD1apCVMMUZiwAUIlPBJGYiOxTcsPDy8oKAAuY8NBVZ93V+ZLGw8SSL/YjMor8Cg5wO2y+gvJsBGVWA5RctLfKZjUx1bCQA4fPhwenq6yWS6cOGCRqNpaWkR28ZYBvgYY7B62j61H8RjDEmXGxCkzkmy8Fhs0jTzKWZIF4MhCbBTxhiIy+X68MMPsWMSQqAQTldEJ4WI5ItfrwY4duxYUVERAODkyZP8d5KKsdlscrmcfw3i65BTLsQS5UNISvg+dUH4hhkMhvj4eDSGUUTvxerr/uaMOJ4kkX+SGaRXYNDzQdxlFDelRNUnpPaCVMdWTk1NyeVyi8UCi6dPn8ZqgDKWAQv/P39/pc7FT+t9fX1Bs27OkMvlDQ0NJ0+eJDUQKITPuSK6X1L8ubm58EDnzp1Db/HDSqDD/axduxZVipcbzQZ/04MPMmzv3r16vb6lpeW1117jqKEQq69LmQeWgljkn2QGVgHeZz6Iu4zipvSokjqdAjbVBZXj4+NTU1MPPPAALKalpdntdvpuGUsV+hBEmivz9zmGNOFAkjqnyML7nCtDuuhiS4Ikzg8kPMd88skn8KVP2DZihXCfiuikEFFk7aW/GgAAsGHDBqPRGB0djXZFmiujrCuTqEJPCjhFCV/Kcwy/zZkzZzQaDZqDor+VAB1Oo9GQcka6wD7AifxLNAMtuPKZDwDXZdj9S4wqxK+5Mogg1UmVMplseHgYfm5ra8NOnjOWAb7XLov1tKWMMZ5/4vV6SXryWKlzQJaFF2Mj6KJjz4EgifPzVcRHRkb4s1gAAK/Xq9VqOzo6UM3w8DD/EFiFcLoiOiVEJFl7v14NUF1dnZqayn//Ahafa5exxkifKyMp4fs7xgAAUlJS0PuDsaEgqa+TUleKaxCsyD/WDIoCvM98EHcZSdtfSlR9QrqbFKQ6qbK0tHTr1q1Xr17t7+9PSkpCWtGMZYbvMUasp+3zAiF+WmpubibpyWOlzgFZFl6MjaCLjj0HgiTOD3gq4h6PR3DL+fnnnwtu4s6ePevz/w10RXQUIrlcrtVq+SEiCb/79WoA+Mo/n2e+zzEGa4z0MYaihE/anGRYa2trYmLi1NQUKRQk9XVS6kpxDYIV+ceaQVGA95kP4i4jaftLiapPsO3FqU6q9Hg8paWlarX67rvv1uv10o/LWFrcAQCYlzm5IPLrr79u2LBhNrojc36g119/3Wq1fvPNN9hvb9++nZyc/O677x44cGAObUtLS7tx48Zc7fDWrVsqlcrhcCxyFR8GgnUZYxGy8L/5L0v0ej321d+QO++8s7W19ZFHHplPk/zlwoULWVlZ7Gq1hGBdxliEML2yoBAWFvbQQw9RGizyAWZiYgIugV1oQxhSYV3GWJywMYaBAf3gtNCGMKTCuoyxOFkOv8cwGAwGY3HCnmMYDAaDESzYGMNgMBiMYMHGGAaDwWAECzbGMBgMBiNYsDGGwWAwGMGCjTEMBoPBCBZsjGEwGAxGsGBjDIPBYDCCBRtjGAwGgxEs2BjDYDAYjGDBxhgGg8FgBAs2xjAYDAYjWLAxhsFgMBjBgo0xDAaDwQgWbIxhMBgMRrD4L1+1by26byDXAAAAAElFTkSuQmCC) --- **Mirror:** [Click here to view the mirror](<http://1219941.openbounty.org/mirror/>) ### Coordinated Disclosure Timeline Vulnerability Reported:| 10 July, 2020 05:49 GMT ---|--- Vulnerability Verified:| 10 July, 2020 09:07 GMT Website Operator Notified:| 10 July, 2020 09:07 GMT a. Using the ISO 29147 guidelines| ![](/images/done.png) ---|--- b. Using publicly available security contacts| ![](/images/done.png) c. Using Open Bug Bounty notification framework| ![](/images/done.png) d. Using security contacts provided by the researcher| ![](/images/done.png) Public Report Published [without any technical details]:| 10 July, 2020 09:07 GMT Vulnerability Fixed:| 10 July, 2020 11:10 GMT ---|---