Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:
      a. verified the vulnerability and confirmed its existence;
      b. notified the website operator about its existence.
Affected Website: |
bocquet-gestion.fr |
Open Bug Bounty Program: |
Create your bounty program now. It’s open and free. |
Vulnerable Application: |
Custom Code |
Vulnerability Type: |
XSS (Cross Site Scripting) / CWE-79 |
CVSSv3 Score: |
6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N] |
Disclosure Standard: |
Coordinated Disclosure based on ISO 29147 guidelines |
Discovered and Reported by: |
xav0 |
Remediation Guide: |
OWASP XSS Prevention Cheat Sheet |
Export Vulnerability Data: |
Bugzilla Vulnerability Data |
JIRA Vulnerability Data [ Configuration ] |
|
Mantis Vulnerability Data |
|
Splunk Vulnerability Data |
|
XML Vulnerability Data [ XSD ] |
|
Vulnerable URL:
![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAAA3CAIAAABVZQ1/AAAACXBIWXMAAA7EAAAOxAGVKw4bAAAQjklEQVR4nO2dbUxb1RvAr6xAgfJWSsdrBiziQhYkBisq6sLIRGxIF9mcWB06wpAwxAYnQzORGTZ52eI0uA8uYYvJ/GCWhZgFSX1JXdANVgvrWGFAWFdehMIA61agcP8fbry5uffc0wv08vZ/fp96Ts99znle7n16z22fPkaSJAEAAAAAIuC11gsAAAAANi2QYwAAAACxgBwDAAAAiAXkGAAAAEAsIMcAAAAAYgE5BgAAABCL9Ztj4uPjOzs7+ZrA5mNTunhTKrWGgD03HOs0x9y6dWtxcfHJJ59ENoHNx6Z08aZUag0Be25E3OSYe/fuBQYGIt+anp4+efIkX3OFNDc35+Tk8DVXAYzia4JnzStkFg9a4IMPPvDz87tw4QJmjEdcLJLXli2WqdSDBw/eeeed8PDw6Ojojz76aH5+3rOrZUlbtnCRYsAjAlczSFbnjPu/gMQyODgok8mEvIUZuQxUKlVraytfcxXwrDorZ3XWw5rF6XSuXKbdbvfy8jKZTC6XCzPMIy4WyUrLFstUKicnJy8vz2azWSyW9PT0iooKz66WK2157hMjBviELxVPXQeEKLXergAbF8la5zgEIyMjvb29u3btQjaBVcPX13flQhwOh7+/P35/Y1O6mKnUo0ePjEajxWIJCAggCOL06dN5eXlFRUWiLsAj7vOIEBqJRJKYmLi8Yz0YJJ5VCsAj6HnMl19+GR8fHxYW9tZbb01PTxMEMT09HRcX53A4HnvssQsXLjCbp0+fDgwMrKur27p1a2ho6MGDBx89ekTJaW9vf+GFFwIDA6Ojo1977bU7d+4gp2tubt6zZ4+3tzeruXfv3rq6Oqqzs7PT19eXWgxBEIcPH/7www/xAx5//HH84dyVfPHFF1wt/v3338OHD4eHh8fGxn722WcLCwsEQSwsLBw7dmzr1q0BAQH79u2bmJigBg8NDb388ssBAQHbt28/c+ZMaGgogdrWoPoJgpidnT106FBgYOC2bds+/fRTSjjL2kijjYyMvPrqq4GBgfHx8Q0NDXiBSF+wZmEuEqkyNaChoSE+Pj40NPTNN9+k7UkzMTHBlXny5Mnw8PDIyMjz58+zXIwcwKcCn8254conBDndksRilscMYz8/v/v371MJhiCIvr6+qKgolq2WFFft7e3PPvusn59feHj4vn37hoaGWNKY7kOed0gJYsQAk+jo6Js3b1Kvf/rpJ8xI7himPfmuJFxzcV3MVIp6zb1YCTnjAIG4zzEOh8NkMrW1td24cWN4eLiiooIgiODgYIvFIpPJnE6nVqtlNvfu3etwOG7cuNHR0dHR0WE0GmtraylRarU6Pz/farVeu3YtPT1dKpUiZ+R7GKNWq/V6PdX5448/Li4utrS0UE29Xp+dnY0foNFo8IdzFe/4D6YWpaWlw8PDRqOxpaWlubm5sbGRIIja2lq9Xq/X63t7e6Oiorq7u6nBJSUlQUFBFoultbW1qanJrbWrq6sfPnzY1dXV0tJiMBjOnTvHtTbywJKSEh8fn76+Pr1ef/HiRbxAAuULzCxIlSkTdXV1UbFhtVorKytZqwoLC2PJdDgcFovFbDY3NTWlp6dTw5ge5w7gUwFpc2S4YoRwp1uSWIxkvocHPT095eXl9fX1rP4lxZXRaCwsLBwdHTWbzTExMSUlJcio4PM1nwQPxkA4B9aq8vPzd+/eTaccFu3t7bt3787Pz6d7mPbku5Lw+Y4bcjTIi5WQMw4QCn4rbXBwkCCImZkZqtnW1paQkEC/hXweQx1itVqp/suXL6emppIkOTk5KZFIkDuhVqs1Li6Oeu1wOGQy2eTkJLc5PDzs7+9PSVCpVDqdLi8vj5oxKChobm4OP8BqteIP5yrO1cLlcslksoGBAaq/ubk5LS2NJEmlUmk0Gll6uVwuqVTKFBISEoI0HdVPkqRCoXA4HNRrk8mkUqmQ1kZORK+KnohPIJ8vmLPQr/lUZsXGtWvX6NjAyCQIgnYuBdPFyAF8NuHaHBOuSCHI6ZYklk8yK4xpbDZbQkLC999/z7LMkuKKRV9fX0REBN/5iDnvWBJYB5IriwEbB9akDoejpqZGLpfv37+/t7eX7u/t7d2/f79cLq+pqaENy7QnRiM+3zEdwQ1I7mlOwvMYz+H+eYxMJqNvLaOioiYnJ90eIpVKY2Njqdc7duywWq0EQYSGhubm5qalpWVkZERFRaWmpr700ku02La2Nup1a2urSqWit3qYzcjIyMTExLa2tqSkpOHh4ePHjycmJi4sLOj1+szMTG9vb/yA2NhY/OFCtBgbG5ubm4uPj6f7BwcHp6enJycnk5OTWRLGxsYIgmAKwdvtwYMHdrs9Li6Oai4uLkokaAcxPxWOj4+PjY0tLi4yV4UXiPEFF6TK1GtmbMTExAiJDZlMRjuXguVx1gA+FfhsjgxXjGFZ0y1JLEYySyma3NzcsrKy119/ndW/pLgiCOKvv/46evRod3f33Nzc4uLi4uIidwwFn6+FS+BbHtcyzBiIjo7GCCQIIiAg4NixY0VFRe+++25SUtL8/DzVn5SUpFarBwYGgoOD6cFMe/JphPEd1xE0yNMc8CCr+sz/0qVLN2/eNJvNw8PDOp3uueee++qrrwiC2LJlS2RkJDUG/63l7OxsvV4/MDCgVquDg4NTUlIMBgNzpws/wO3hK2HLli0rlOB0Or28vDo6OugroJcXejPTZDKtUCCfL1Yf/BdS8TYRaHPhhl2SWIxkpFIjIyNdXV1//PGHQOGYxWg0moKCgnPnzkmlUpvNlpWVhZGA9PWSJCwD7ubY+Pg4q6e/v//48eMGg6G6uprurK6urq+vLy4urq6u3r59O9XJsicmeld+GgIeBn+bg9nVEbhXduXKFfr2k4nJZIqJiWF1ulwuhUJB35KzmiRJtrW1qVSqnJycq1evkiTZ2NhYWloaERExPDwsZIDbw5nqILXA7GmYTCauOsy9sitXrlDWm5mZ8fLyYu4w0FaVyWTIvREhe2WDg4NUk7lXxieQCe2Lpe6T8MUG38q5WrBcjFSTTwWuzTFLQgpBTrcksUjJ3Lil+5mdAvfKuHE1NjYmkUjopslkCgkJEfhbAsrXSAncA1cSA273yoqKimQymU6ns9vtrLfsdntZWZlMJisqKiL57cnUiHrt1ndcBfkuVrBX5imWn2McDodEIqE3Uukm5bbc3FybzWY2m1NSUqqqqkiS7O7uzsrK+uWXX+x2u9VqLSgoUKvVtGRqd9VgMOzcuZPuZDUplEqlUqmkxttstqCgoJSUFOED8O/Sm7x8WpAkWVBQkJOTY7VazWbzU089dfbsWZIka2pqVCpVV1eXzWYrKSkxGAzUYI1GwxRCW0+lUhUUFIyOjvb29qanp9P9RUVFaWlp1Ae02tra6upqpLW55ObmajSawcFBs9mcnJyMF8jnC+YsTNcjVcbEBnOvHJ9jWC5Gnth8NuHaHLMkpBDkdEsSi5SMjFuuZWZmZiQSicVioX45tKS4UiqVjY2NU1NTvb29Go0mJCSEJY1eM5+vuRIoyZ6KAbdotVr6UxGSwcFBrVZLcoIEcyVx6zsSlWOQp7nbMw4QyPJzDEmSVVVV/v7+TU1NzGZDQ4NMJjt16pRSqQwJCXn77bcfPnxIkuTc3FxVVVViYqKPj49SqdRqtaOjo6xZysvLKysrafmsJkVeXl5ubi7dTE1NZY3BD8C8y70a1tbWsrQgSdLhcBQWFioUipiYmKqqKuqUdrlcR48eVSgUUqlUo9HQH81sNtuePXv8/f0TEhLq6+tp6/X19WVkZMhksqSkpLNnzzKvzmVlZTExMf7+/tnZ2czPbixrsxgdHVWr1TKZLC4u7tSpU3iBGF/QszCtgVSZLzYwH6i5JzzLxciLPp9NuDbHpz2uEOR0SxKLlIyMW+6BJElWVFTQPl1SXBkMhtTUVKlUGhERodPpKLFMafSa+XyNlECx8hjwLCx7YqLXre9IVEByL1YsO3hco/8r3OSYZbCSe8zExMQ///yTr7nREekM5GKxWJRK5SpMtHI2mYspNqVSa4h49oQNsVVgff3Ov6enB9MEBGIymRISEtZ6FYLYlC7elEqtIWDPDc06rbu80ens7Hzvvff43p2fn3/jjTf+/vtvgdKE1DM/ceLE+fPnx8fHr1+/XllZKXadEgAAACFAjhGF/Px8+jcTXLy9vX18fMrLy4WIEljPfNeuXY2NjTExMVqttrS09ODBg0taMAAAgCgsY3+N+TXl1XnAwJ0az9TUVE1NjXjy8TNSlYaZ3yByOp0HDhxgSjYajfQvq/F8/vnnJSUly1gSE7HtBgAAgGSD3cds27bNbre7HUZdK1dhPcgZqUrDdG3X2dnZrKwsl8vFHC+Xyx0OhxDJHvnPjHVrNwAANjfLyTF0ge6VVOpeNhuuLvfo6GhmZia3BqIQoJ45AAAbGvc5hluCmy7QHR0dff36db5hGDnI0tzi1eVGrs1tdXRCcEF4fCXwbdu2ffzxx3jj8BlqDeuZCym9DgAAgMd9jsGX4BYyjFumG1maW7y63Mi1CamOLrAgvKcqga+reuYC/Q4AAIDD7RMbvhLcQoYhy3TzleYWry63WxXo2uasA4UXhMf/mp3byWquw3rmAv0OAACAQej3yiYnJzUaDbOOnpBhEolEo9FMTU2xhh04cCAlJUWn09XX1//2228kSU5NTUkkEtZfvrutAyGVSum3uru76R+3I6/yrLUZjcbMzMyoqCiFQiGXy7l1UKgq5Yr/kMvllHy3KWQZOQZpqMuXL2dkZGCMtgp2E+h3AAAAJIKe+ff391MF5pgluIUMo+oDFhcX9/f3M0deunTp22+/TU5Onpub0+l0R44cofrFq8vNXZtGo3nxxRcNBoPJZLp69Sr3ELpsu8lkMplMXV1dAivqLwOkobj1zJFGI0Szm0C/AwAA8OI2C2FKcAsZxirTzYUuzS1eXW7u2vhqm7MOFF4QfoX3MeT6q2cu0O8AAAAY3N/HOBwOs9nc0NAQFha2jGFhYWFnzpwxm830z0Hu3Lnzyiuv/PrrrxMTE/fv3//6669TUlIIgigrKyssLLx169bQ0NCRI0d+//13ITlSp9MNDQ3dvn27qqpKrVZTnQqFwul03r17l29t4eHhcrn8m2++mZ6evnv3blVVFdUvl8udTmdPTw/1FTKtVltcXHz79u2RkZG6uroTJ07wLYM5o5eXF+vXMFxcLhfrPy5Zhmpra4uIiKD/eZDPaOLZTaDfAQAAcKx+WuMrzb3Kdbn5apszC6QLLwjPnNHpdEqlUtZzctZRP/zwQ3JyMsZKUM8cAIBNwGMkSa51mlsm9+7d27lz5z///LPWC0Hw/vvvm83mn3/+Gfnu7Ozsjh07Pvnkk0OHDvFJeOKJJy5evPjMM894fG3r2W4AAGwy1ldt/01DfX095gsCvr6+33333fPPP4+RAPXMAQDYBGywemUbBW9v76effhozAJ9gAAAANgeQYwAAAACx2MDPYwAAAIB1DtzHAAAAAGIBOQYAAAAQC8gxAAAAgFhAjgEAAADEAnIMAAAAIBaQYwAAAACxgBwDAAAAiAXkGAAAAEAsIMcAAAAAYgE5BgAAABALyDEAAACAWECOAQAAAMQCcgwAAAAgFpBjAAAAALGAHAMAAACIxf8AYtTcKCtw0ToAAAAASUVORK5CYII=)
Mirror: Click here to view the mirror
Coordinated Disclosure Timeline
Vulnerability Reported: |
16 July, 2020 05:55 GMT |
Vulnerability Verified: |
16 July, 2020 06:08 GMT |
Website Operator Notified: |
16 July, 2020 06:08 GMT |
a. Using the ISO 29147 guidelines |
![](/images/done.png) |
— |
— |
b. Using publicly available security contacts |
![](/images/done.png) |
c. Using Open Bug Bounty notification framework |
![](/images/done.png) |
d. Using security contacts provided by the researcher |
![](/images/done.png) |
Public Report Published |
|
[without any technical details]: |
16 July, 2020 06:08 GMT |
Vulnerability Fixed: |
11 August, 2020 16:53 GMT |
— |
— |