Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:
      a. verified the vulnerability and confirmed its existence;
      b. notified the website operator about its existence.
Affected Website: |
alugepek.hu |
Open Bug Bounty Program: |
Create your bounty program now. It’s open and free. |
Vulnerable Application: |
Custom Code |
Vulnerability Type: |
XSS (Cross Site Scripting) / CWE-79 |
CVSSv3 Score: |
6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N] |
Disclosure Standard: |
Coordinated Disclosure based on ISO 29147 guidelines |
Discovered and Reported by: |
xav0 |
Remediation Guide: |
OWASP XSS Prevention Cheat Sheet |
Export Vulnerability Data: |
Bugzilla Vulnerability Data |
JIRA Vulnerability Data [ Configuration ] |
|
Mantis Vulnerability Data |
|
Splunk Vulnerability Data |
|
XML Vulnerability Data [ XSD ] |
|
Vulnerable URL:
![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAAA3CAIAAABVZQ1/AAAACXBIWXMAAA7EAAAOxAGVKw4bAAARDUlEQVR4nO2df0wT5//AH2vFCleBUmqlbIA6NMRg41jHNnQMjWOsMZWh2RybbBqHBB1rGBPmHEGHRsFtbmFmQSO4bPxhjDGEOMPUVMemIp5YESu6Wgt0E5C6BitU7vPHfb3c9361tNzo3Pv11z1P3/e+94977t177vp0EkEQCAAAAABEQDLRBgAAAABPLFBjAAAAALGAGgMAAACIBdQYAAAAQCygxgAAAABiATUGAAAAEIvgrTEJCQmXL1/mawLiEWCoIVPBA+QCmHCCtMZcuXJldHR0wYIFnE1APAIMNWQqeIBcAMGAlxpz+/ZtuVzO+ZHT6dyxYwdfM0COHTu2fPlyvuZEIRCNoLIhEDvJUPutgcrUWDXcvn07MjLSjyP6onmsvty7d++9996Ljo7WaDSffPLJyMgI2f/RRx9Nmzatrq6O0slWPl4DIfCTbVxGjS9meHWZHi6RsuzL0QUY38sX8P8gBLFarRiG+fKRgKQf6HS6EydO8DUnivH1UTwbArGTDLXfGuiZcrvdvu9otVojIiL8OKIvmsfqy/Lly1evXm232zs7O9PS0jZv3kwQRF9fn0QiwXHc4/EQj71jKx+vkyRwPeM1arzm0auplIB4WRYmcBcAvwnGubLe3l6LxZKens7ZBMQjwFAzdp86dep4GfZP8uDBg7a2tu+//16j0cydO3fPnj2HDx9GCLlcrtDQ0AULFkyePBmJ751UKk1MTPR793EcNYF7SvkSoFN+8y89FZ8MfKoxX3/9dUJCQlRU1DvvvON0OhFCTqczPj7e5XJNmjSprq6O3tyzZ49cLt+9e/eMGTMiIyPXrFnz4MEDUs+FCxcWLVokl8s1Gs0bb7xx7do1zsMdO3Zs2bJlU6ZMYTRXrFixe/dusvPy5ctTp04ljUEIffDBBx9//LGwwDPPPCO8O8OMCxcuvPDCC9OmTYuOjl65cmV3dzdDgHEPTp8H6O3tff311+VyeUJCQnV1NdX/8OHDtWvXyuXyuLi4zz///NGjR5QezohxylNcvXo1KirqzJkzPmZNwGDOyI9VA313xmxSdXV1QkJCZGTk22+/TYW9u7v71Vdflcvlc+fO/fHHHyk9nF7/8ccfYWFhly5dQgj19/dHRkaeOnWKnQ7OMAr4wpafNm3anTt3wsLCyB27urpiYmL6+/vpJzzf9AtjXAike8eOHdHR0TNnzty/fz9n+jQazcWLF6nmzz//zCnGJ0DPBee4e/ToUWlp6YwZM8LCwlauXNnf389pGyOP7HAxXOY0lfJFo9GcO3fOR4/oMhPuAuA33muMy+XCcbylpeX8+fM9PT2bN29GCIWHh3d2dmIY5na7c3Nz6c0VK1a4XK7z58+3tra2tra2tbXt2rWLVKXX6/Py8mw229mzZ9PS0mQyGecR+R7G6PX65uZmsrOxsXF0dPT48eNks7m5OSsrS1jAYDAI784wo62tbf369Q6Hw2w2x8bGFhYWeo0VRWFhYUhISFdXV3Nzc319PdVfUVExNDTU3t5+/Phxk8m0b98+KsicEeOTRwg5nc7s7OydO3cuWrSIbQBn1rxCj7wfGvgeALhcrvb2dlKVzWYrKyujojR9+vSOjo6mpiZ6jeH0OiEhoaysrKioCCG0devWrKysV155hX0gzjDy+cInT3H9+vXi4uKqqqqoqCj6Cc8XAca4EEh3Z2en2Ww+ePBgWloaQiiaBUNzXl7ekiVL6FWH4sKFC0uWLMnLy6N30nPBOe527drV3Nzc3NxssVhiYmI6Ojr4bBMOL8NlYVN99IjtVHC6APiE8FSa1WpFCN2/f59strS0zJo1i/qI83kMuYvNZiP7jxw5kpKSQhDEwMCAVCrlnBi12Wzx8fHktsvlwjBsYGCA3ezp6QkNDSU16HQ6o9G4evVq8ojTp08fHh4WFrDZbMK7C8Shq6tLrVYLP4Ki5po9Ho9MJrt16xYVAWoOWqlUulwuchvHcZ1OJxAxTnnqoFlZWQUFBZzW8mWNz2B2qP3QwEgc43ygVJ09e5ZURUaJ7rVwlAiCGB4enjdvXnl5uVKpdDgcnF6zwyjgC1/YSex2+6xZsxoaGhgeMbwTeB4jkG4qUNSxGDC8c7lclZWVCoVi1apVFouF7LRYLKtWrVIoFJWVldSBGLngG3cqlaqtrY0zhnTbvI5rdhA4TWXDJ8Z2KmhdAHxhbM/86dcUgRojk8mo/o6ODpVKRW6/+eabWq3WaDRWVVWdPn2akvF4PD09PeT2kSNHMjIyqI8YTa1We/LkSYfDERsbOzg4qFKpPB5PbW1tdna2LwJed6fT1ta2dOnSmJgYpVKpUCgiIiJ8rDE9PT0hISH0CJD9AwMDCCHlYxQKBRkZvohxypMHLSsrk0gkBw4cGFPWhGsMPdR+aGBkiu8qTI8Sw2vhKJGQd6J79+7l9JozjAK+8J2oJKmpqfQDjbXGCKTb78fLAwMDBoNBKpWSTalUajAYBgcHGWKMXLDH3eDgoFQqJV9e4DSe3SMQLk6PGKb66BGfU8HsAiCMVPQbJRo//fTTxYsXzWZzT0+P0Wh88cUXv/nmG4TQ5MmTZ86cScoIv7WclZXV3Nx869YtvV4fHh6u1WpNJhN9pktYwOvudAwGw7p16/bt2yeTyex2e2ZmZoDuu91uiUTS2toqlf5f2CUSoblKTvnh4eGhoaEjR440NDQUFhZmZ2eHh4cHaBhJgK+6jtf75cJRcjgcEonE4XAEfiBhent729vbf/vtN781jCnd7Mmxu3fvMnpu3ry5detWk8lUUVFB9lRUVFRVVRUUFFRUVMyePZuSZOSCPe62b9+OECJfXhADtqm+i3E6FbQuAN4RLkH+3ccg2g3p0aNHGVMQJDiOx8bGMjo9Ho9SqaRmmRhNgiBaWlp0Ot3y5cubmpoIgqipqdm0aZNaraZug4QFvO5O8ddff9G/v+A4zr6PuX//vkQioc8C0efKrFYr2U+fBcIwjO/unjNibHmr1SqVSjs6OgiC0Ov1hYWF7NjyZY3PYHaox6qBnSmv9zGMubKjR48KR4kgiMHBQbVa3dDQoFAoyAj4EkaB+xiBE9Xj8dDdIcZ+H8PnCOdXZq9zZfn5+RiGGY3Gvr4+en9fX19RURGGYfn5+ZTljFzQocadSqXCcdyrbb6Ma8ZefKb66BGnU8HpAuAL/tcYl8sllUqpyUqqSSYyJyfHbrebzWatVlteXk4QREdHR2Zm5smTJ/v6+mw227p16/R6PaWZnGw1mUzz58+nOhlNEpVKpVKpSHm73T59+nStVuu7gPCn9DlflUpVU1MzODhosVgMBkNERMT9+/elUmlnZyd1h67T6datW+dwOCwWS1paGhWcnJwcg8FgtVrNZnNycjLVn5+fn5qaSn4d27VrV0VFBfH41GdHjFOenpHOzk6ZTNbe3s4wXiBrfAYzQj1WDexMea0xBEEYDAa618JRIgiioKBg1apVBEFs3749PT2d7TVnGIVrDGfY2ScDwVNj2KcEfVzwpduPubLc3FzqWwsbq9Wam5tLbjNywTfuKisrdTpde3u73W4vLCw0mUyctjEu0JzhYlwKhE310SO6U0HrAuAL/tcYgiDKy8tDQ0MPHjxIb1ZXV2MYtnPnTpVKFRER8e677w4NDREEMTw8XF5enpiYGBISolKpcnNzqce21FGKi4vLysoo/YwmyerVq3NycqhmSkoKQ0ZYQOBThrMmkyklJUUmk6nVaqPRSDq+efNmustdXV0ZGRkYhiUlJe3du5cKjsPh0Ov1GIbFx8fv3LmT6ne73UVFRbGxsaGhoVlZWeSXTfK47IhxyjOM3LRp0+LFiwmeKyA7a3wGM0I9Vg3sTPlSY+x2+7JlyzAMS0xMrKqqEo5Sa2srhmHkl1C32x0fH19fX8/2mh1G4WdLnGEnWKe6QIQZpwRBGxcC6SZEg5ELvnHn8XhKSkqUSqVMJjMYDOQXduELtEC4GJeC8eUJcOG/jJca4weBDKHExMTff/+dr/kvpbOzk/EwmYHYFx1fCDDUwZCpsYYxGMIuBiLl4gkI1xPgwr+Rf/SZv1euX78u0PyXguP4rFmzJtoKLwQY6icjU08GkAsgqJjItWQuX768YcMGAYGRkZG33nrrzz//9FFh8Kxkvm3btv3799+9e/fcuXNlZWX5+fkTbREAAMAEMJE1Ji8vLz4+XkBgypQpISEhxcXFvmgLqpXM09PTa2pqYmNjc3NzN23atGbNmom2CAAAYAKYRBDEWPe5ffv2/Pnz//7777Hu6HQ6a2pqSktLEUL9/f0qlWpoaIharu7hw4d5eXmNjY10zZcuXcrKyurt7fWq/IsvvnA4HOQPbvzGF9foXgAAAAAC/KP3MYODg5WVleQ2uYotvcBkZmZ6PB7GLgqFwuVy+aJ8XH4DGBcX19fXJyxD9wIAAAAQIFjW9nc4HEuXLq2qqvJv96BayRwAAAAg8V5jvC5x7+MC5uwFtOnExcV9+umnvtsd+ErmnEuswzLgAAAA44j3GuN1iXsfFzBnL6DtH+O4krnAGuAIlgEHAAAInDH9moZziXvfFzAX+C06Xye9Z3xXMhe20ArLgAMAAASM999gXrp0qaSkpKOjY3h4eHR0dHR0lP7pvXv3+vr6qFeQR0dHqVVmMQxj/M1igCQlJen1+lu3bjFWGj5x4oROpyOPFRkZmZOTk5qampGRERMTk5KS8vLLLzudzoGBgeTkZIZCYQtlMtlTTz1Fbs+bN89ms3GKhYWFlZaW5ufnv//++0lJSSMjIwE5CQAA8AThfa7MYDAsXrzYZDLhON7U1MT4lFrAHMdxHMfb29txHBfHVFRRUWEymQoKCm7evEnvZ69kXltbm5ycPDw8bDQaN27cSPaLugw4uSQfLAMOAABAx0uNuXv3bk9Pz2effTZ79myNRsP+d+SZM2eGhoYODAxoHkP9E8y4U1paarFYVCqVVqulFgh49OhRY2Mj463lZ599ds2aNaWlpQcOHDh69Gh4eLhCoRjrEgBut/vOnTvktsViefrppznFNmzYoNVq1Wq1xWKBH80AAADQ8VJjoqOjFQrFd99953Q6b9y4UV5ejhBSKBRut/v69evkK2S5ubkFBQVXr17t7e3dvXv3tm3b+LQplUq3233jxg2EkEQiYf8aho3H46Em3xBCUVFRX375pdlspn4009LSolarExISyOa1a9dee+21U6dO9ff337lz59tvv9VqtQihoqKi9evXX7lypbu7e+PGjWfOnPF6aISQ0Wjs7u6+evVqeXm5Xq9ne4EQcrlcZrO5uro6KirKF50AAAD/HbzPlR0+fPjAgQNqtXrx4sXk2o5yuby4uHjhwoU//PADQuirr75KTU3NzMycM2fO6dOnBd4ZCwsL27Jli1arraurU6lUCCHqSs0HjuPsG4i4uLhDhw6R24yJsjlz5qSmpubn55MPY9xud21tLUKopKQkPT09IyNjzpw5drs9KSnJq+MYhqWkpCxcuDAtLS05ObmkpITtBULo0KFDcXFxXrUBAAD8B/FnLZnx4sMPPzSbzb/88gufwMOHD+fNm7dly5a1a9fyycydO7e+vv75558fX9v8Xi8HAAAAoJjIGjMyMoLj+HPPPScg8+uvv7700kv/mEkUUGMAAAACZyJrTDADNQYAACBwgmW9MgAAAODJA+5jAAAAALGA+xgAAABALKDGAAAAAGIBNQYAAAAQC6gxAAAAgFhAjQEAAADEAmoMAAAAIBZQYwAAAACxgBoDAAAAiAXUGAAAAEAsoMYAAAAAYgE1BgAAABALqDEAAACAWECNAQAAAMQCagwAAAAgFlBjAAAAALH4HzRRwCefqipzAAAAAElFTkSuQmCC)
Mirror: Click here to view the mirror
Coordinated Disclosure Timeline
Vulnerability Reported: |
17 July, 2020 13:39 GMT |
Vulnerability Verified: |
17 July, 2020 13:49 GMT |
Website Operator Notified: |
17 July, 2020 13:49 GMT |
a. Using the ISO 29147 guidelines |
|
— |
— |
b. Using publicly available security contacts |
|
c. Using Open Bug Bounty notification framework |
|
d. Using security contacts provided by the researcher |
|
Public Report Published |
|
[without any technical details]: |
17 July, 2020 13:49 GMT |
Vulnerability Fixed: |
27 August, 2020 20:09 GMT |
— |
— |