logo
DATABASE RESOURCES PRICING ABOUT US

shopintins.com Cross Site Scripting vulnerability OBB-1232529

Description

Following coordinated and responsible vulnerability disclosure guidelines of the **[ISO 29147](<https://www.iso.org/standard/45170.html>)** standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence. Affected Website:| **[shopintins.com](<https://www.shopintins.com>) ** ---|--- Open Bug Bounty Program:| **Create your bounty program now**. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| **[XSS (Cross Site Scripting)](<https://www.owasp.org/index.php/Cross-site_Scripting_\(XSS\)>)** / CWE-79 CVSSv3 Score:| 6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N] Disclosure Standard:| Coordinated Disclosure based on **[ISO 29147](<https://www.iso.org/standard/45170.html>)** guidelines Discovered and Reported by:| **Dipu1A ** Remediation Guide:| **[OWASP XSS Prevention Cheat Sheet](<https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.md>)** Export Vulnerability Data:| Bugzilla Vulnerability Data JIRA Vulnerability Data [ Configuration ] Mantis Vulnerability Data Splunk Vulnerability Data XML Vulnerability Data [ XSD ] Vulnerable URL: ![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAABLCAIAAAAphcDFAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAVWElEQVR4nO2dcUwT5xvHb1i1YkHEUhDYBLbhshDGDCFoXEKQMMMIqUyROabomCIjyIhuyhbG0KFDNJtzxCy44GKcWRghxBiXEGMYYYpIKmsYskqww9IpIpiqHVbe3x/vb5fz7n3fHm0Pan0+f/WO9973uef9Hk/vbe/b5xBCHAAAAAAogN9MBwAAAAD4LFBjAAAAAKWAGgMAAAAoBdQYAAAAQCmgxgAAAABKATUGAAAAUArvrTHR0dFXr16lbQJeCMwR4FlAUT6Al9aYP/74Y3Jy8rXXXiNuAl4IzBHgWUBRvoGTGnPjxo2AgADin8bHx/fv30/bdJOWlpasrCza5kzByIYS/QhT6qmhlUOhObpx48bChQtdONCzglQIF6b17t27mzdvDgkJiYiI+OSTTx49ejTVztkp5Y9yOfOewjVFefBKcS0D3n+pTjOu38eMjY1VV1fTNt3EO2uMp1iyZMnIyIjTZsKUyjxkBvG2OfKsIL2H/Pz8iYkJg8Fw/vz5jo6OiooKWkvv1wwbb1MU4BreuFY2PDzc39+fkpJC3PQN5s6dOw2HTBs+OUdeyMOHD7u7u7///vuIiIilS5cePny4sbGR0d4FzahUqtjYWOGLGQEU5TPIqjHffPNNdHT0okWL3nvvvfHxcY7jxsfHo6KibDbbc889d+LECeHm4cOHAwICDh48GBoaunDhwk2bNj18+BD3c/ny5TfeeCMgICAiIuLtt9/+888/icO1tLSkp6fPnj1btLlmzZqDBw/inVevXp07dy4OhuO4bdu27dq1i93g5ZdfZh8uCoMWrTQbHMfdv39/27ZtISEhzz///BdffPH48WPuv7tmaSqEd9P49aFDh6KjoxcuXPjuu+8SMyxcwSC2l5nhx48f79mzJzQ0dP78+evWrbtz5w47eDzQ/Pnz169ff+fOnV27doWEhCxatGjz5s3379+XThn7lPfv3x8SErJ48eLjx4/TxuU47ubNm2+++WZAQMDSpUtPnTolTBQ/onAdQ3pSouzRMkOLFrdfvnz5vHnzQkJC1q1bd/PmTY7jhoeH33rrrYCAgOjo6EOHDvEB/Pvvv++//35AQMCSJUs+//xz/kSE0dIGIiqK1n7evHl///33/Pnz8YEmkyk8PJw2rcKMEVNKJCIi4sqVK/jFpUuX+P2//vor4yhhA2Kq169f/+WXX/KNly9ffuLECVo+uSf/CTjVp/RCEEI8nDi/U0oUoxMhTrXh8zivMTabzWAwdHR0dHZ2WiyW3bt3cxy3YMGCvr4+jUZjt9vz8vKEm2vWrLHZbJ2dnV1dXV1dXd3d3TU1NbirzMzM/Px8s9nc3t6+cuVKtVpNHJG2UJaZmdna2op3njlzZnJy8ty5c3iztbU1IyOD3UCv17MPF4VBjJaYDY7jSkpKLBZLd3f3uXPnWlpa6urq+OwRUyHKcE9PD+7TbDaXl5dLM+y0vcwM19TUtLa2tra29vf3h4eH9/b2soM3GAzt7e0Gg8FisbzyyisjIyM9PT0XL14cHBwUjiucMtop22y2vr4+o9HY0NCwcuVKxrjFxcWBgYG9vb1nz551ep0TT0qaPVpmaNF2d3dv3brVarUajcbIyMji4mIc2Jw5c0wmU2tr648//sgHUFVV9eDBg56ennPnzrW1tR07dow4y7S0EBXlVDnXrl3buXNnbW0tbVqF0FIaIoGW5Pz8/FWrVuHyI+Ly5curVq3Kz8/Hm8RU5+TkNDc34wbDw8MGg0Gv19PyyT2pKIY+aReCEOLhxPmdaqJonQiRow0fBzEZHBzkOO7evXt4s6OjIyYmhv+TRqMRtsSb+BCz2Yz3NzU1JSYmIoRGR0dVKpXdbpeOYjabo6Ki8GubzabRaEZHR6WbFovF398f95CUlFRWVrZhwwY8YmBg4MTEBLuB2WxmHy4MiRgtLRsOh0Oj0QwMDOD9LS0tycnJjFQIUyfqs729nZhhUXqJ7RkZ5tHpdN3d3cI97ODHxsb4gfz8/B48eMCf+0svvSSdI8YpcxzHTytjXIfDoVarhT0EBQUhkt7wfuJJidrTMkOLVoTJZAoLC8OB8QHzgSGEtFqtzWbDrw0GQ1JSksyBaIpyGtjQ0FBMTMzp06flZICWUtyPCOnpY2w2W3V1dXBwcE5OTn9/P97Z39+fk5MTHBxcXV2NM0BL9YMHD/A1iBCqq6vLyspi5FOoKLY+pReCSCe0w4Xg+XUzUXwnogCcasPncV5jaBc2o8ao1Wp+f29vr06nw69zc3MTEhLKyspqa2svXLjAt3E4HBaLBb9uampKTU3l/yTaTEhIOH/+vNVqjYyMHBsb0+l0Doejvr4+OztbTgOnhwuRRkvLhsVimTNnDr+/v7+fVxsxFcTiwc6wML209owMY8bGxlQqlcPhEO5kBM8YSLgpnCM5p8we12KxiHpg1xjiSUnbEzPD0Gp3d3daWlp4eLhWqw0ODg4KChIFzAc2OjrKcZz2P4KDg/lOhMHISQt/UozAMMnJyUeOHMGvnWaAllIXGB0d1ev1KpUKb6pUKr1ez78RwdBEmJubi2NOS0s7efIkLZ/oSUVNVZ+i/bTDpfPrQqKInYje3DjVhs+jmo57pf/46aefrly5YjQaLRZLWVnZihUrvv32W47jZs2atXjxYtyG/Y2yjIyM1tbWgYGBzMzMBQsWJCQktLW1CVe62A2cHs6OdufOncolxyPQMixk1qxZnh3UG77/4/Sk5GRGiF6vLygoOHbsmFqtHhoaWr16Na2l3W738/Pr6upSqf5/Nfn5KftVmuHh4Z6ent9//12407VplS6O3b59m9b4+vXrFRUVbW1tVVVVeE9VVVVtbW1RUVFVVdWLL76Id9JSnZOTc/To0by8vM7OzqamJpvNRhtoGhQlf34xxEQ57WT6teGNsEuQa/cxnOA2v7m5mbj+YDAYIiMjRTsdDodWq+VvbEWbCKGOjo6kpKSsrKyzZ88ihOrq6kpKSsLCwvjbIHYDp4fTwNHSsiFzrYxPhXL3MU4zrNPpDAaDcA8jeDn3MaI5knPK7HFF6xXNzc14oHv37vn5+QnXRoRrZaKTIo4ozQwt2lu3bvFv1XH7oKAgHNjg4CDeKVxI0Wg00qUqUTBy0iJ8M864iBwOh/CicJoBWkrRVNbKCgsLNRpNWVnZyMiIcP/IyEhpaalGoyksLJQeJRSh3W4PDg7++uuv8bIBLZ/SfwJT0qectTLi/E41UbRORAE41YbP43qNsdlsKpWKX5nlN/HlsXbt2qGhIaPRmJCQUFlZiRDq7e1dvXr1+fPnR0ZGzGZzQUFBZmYm3zNewG1ra4uLi+N3ijYxOp1Op9Ph9kNDQ4GBgQkJCfIbsP/KryMTo2Vko6CgICsry2w2G43GZcuW4TUBWipk1hhhhuXUGFqGhYvj1dXVSUlJPT09Q0NDxcXFbW1tjODl1BjRHMk5ZR7iuAghvV4v7IEfNykpqaCgwGq19vf3r1y5kt9PPClh9miZoUWLdVJXVzc2Ntbf36/X6/FYa9eu1ev1g4ODRqMxPj6eD6CwsDA5ORm/c6+pqamqqhLJSWZaRDWGGJioZ0YGhJ3TUiqfvLw8vh5IGRwczMvLY6Qas2HDhsDAwJ9//hlvEvMpveqnpM979+6pVKq+vj5+8ZB4OHF+p5ooYieiAGjaeHZwvcYghCorK/39/RsaGoSbhw4d0mg0Bw4c0Ol0QUFBGzduxB8UT0xMVFZWxsbGzpkzR6fT5eXlWa1W0Sg7d+4sLy/n+xdtYjZs2LB27Vp+MzExUdSG3YDxV+HJEqNl14OtW7dqtdrIyMjKykosL9xemgqZNUaYYTk1Rk7MDofj448/1mq1arVar9fj96SM4GmB8ZuiOZJzyjzEcRFCQ0ND6enpGo0mNja2traWH9dkMqWmpmo0mldfffXIkSP8fuJJCbNH0x4tWoRQW1tbYmKiWq0OCwsrKyvDY1mt1szMTI1GExUVdeDAAT4Au91eWloaGRnp7++fkZGB3zVLZ9lpWkRvxomBSeeClgFh57SUehzGZY4Qam5u1mg0/LkQ8ym96qeqz927dwv/LxEPJ87vVBNF60QYAFEbzxROaowLMNYonBIbG3vx4kXa5lOHO6l4WhDN0dN1yu5E29fXJ//z26kO9HSl0SPw+Xzar3pAxLR+5u+Ua9euMTYBL+SZnSODwRATEzPTUfgOfD6fWUX5Ku5+yeHq1avbt29nNHj06NE777zzzz//uDnQs8kz623unbrau3fv8ePHb9++fenSpfLy8sLCwukcfZqZBu15Zz69U3tPL+7WmPz8/KioKEaD2bNnz5kzx/u/9euFPMve5t6pq5SUlLq6usjIyLy8vJKSkk2bNk3n6NPJ9GjPO/Ppndp7inFhfQ072iKERkZG/Pz8RF+eEbJ69WqEUHd3N37uic2FCxcSEhL8/f2Tk5N7enqctldozVr46bpyH43KYd++fcXFxVM9ylNpce30XR6dFxV6Ulc0USHFdOVy2O5nHrTH9+Mb2gMQQq7cx/Cu6Tabzd/fX+jtih2ieFpaWjiOCw4OZjxvxZObm1tZWYkfZdqyZYvT9k+7dblTvOHZxmlDaMUv0hVRVJxiunI5bF8CtIc33dQewCnh7T9XAO+dLAeHw5GYmLhw4cLExMSJiQmZY7kaJhXwNvdCXBYV55KuZgrQnhfijvYATubvYAot2YWu6b/88ouo/eTk5I4dO0JDQ0NDQz/66COikTXNJLyoqCgjI+PDDz8sLy8Xue0SjcGF1uVEA22nvwVADIPobS7f2JwjeZsT4+foXvGcM29zN43NOYot+ZSMzWmdiJBODVtUODNC3BEVx9QVRzGiZ5jJOw37q6++Ehnyf/fdd2+++SY/4qeffkr74MFN7ck31edmTnseMdVn9MND/J+ghPYAJ7CX0vCK5MaNG61W67lz5/r6+hBCvGv6wMCA6DEojuPKy8tv3bplMpni4uJqa2uRZJ00LCwsNTW1q6tLNFZNTY1Go/H395c6uzQ2NvJeGti3bmxsTNhteXl5bm7uwMBAb29vSkrK0aNHEUL19fXp6em4wb59+1QqFe9TGxMTc/78ea0EWh5oMSOEOjs7U1NThYuzOp2uvr5+dHR0YGDg8OHDAwMDxPgRQtnZ2Xq93mq1mkwm4XPjCKGMjIyTJ0/i11u2bMnMzBQ+qMzPi8ViwQ+9FxUV8bMgzLb0WLz/2LFjP/zww9jYmNVqLS0t1ev16L+HnM1mM54+oa8wMVHSTqRr4tKpYYvK4XCInl4kikp0powJYuiKOFm0pMkJm+M4YQLxw/lDQ0NqtZp3wYmLi2tublZCe8Rz8TbtEYWHFNAe8X+CEtoD2MiqMUJLdkT3NbHb7cKHp5qbm7GRtagZ0SS8vr4+Pj7earWmpKTgD9ZMJhP/jJvUGFzULdFA2+lvAXjc2BxRvM2J8bvjbT4o7xcB5Biboye96112gMedSK896dSwRSV6TROVqBlxgpAzXREni+0+xw6boxjyJycnNzY28u3tdvsMmuojr9GeR0z1EUV7xP8JSmgPYDM1LxnRTnai+/r6iC7cGJFJOP8DGBaLRavVVldXX7x4UegkJjIGF3bLMNCekpm/U+QYmyOKt7k0fne8zRlGGsI/0YzNEcW7fqoO8NJORIERp4YtKsTUFS8qYjPRBCF5uhJNlkwzeWLYNEP+AwcO5OfnI4SOHj2ak5NDPDU2HjTVl57jdGrPI6b6xH6Eo9P+JyinPYCGss/5T05OEveLTMJv3749Ojr6+uuvcxy3ePHihoYGvV7f1dWFfy0RIzIGF/bGMNBmm/krYWzOUbzNGfFL8TZvc1qiXPM2d/ODd5mi4uTpSjpZtJ9TdIfs7Gw86JkzZ/DvRc6gqT47VKW15xFTfaf9KGSqT9MewIJdgqZ0H9Pa2ip8h9jU1ERcK5OahOM7ZeESx9atWzmOMxqN/B6RMbioW5qBNtvMX2ljcyTwNpfG7463ucz3krT1CoZ3vXwHeGInUsFIp2ZK7yVpohI1I06QHF0JwZMl00yeGDZHN+SPi4trbW0NCgrCq0xKa49hqo9mTnseMdVH8rRH/J+ghPYANq7UGN413Ww2C+9wx8bGtFptRUXFyMhId3d3XFwcvkM3mUzCO1+iSXhRUdGKFSuMRuPIyEhDQ4NWqw0LC/vss8+EbUTG4KJ/MTQDbae/BSAHmcbmiOltLoofueFtzrjORdbiNP98oi35VB3gpZ1IndWlU8MWFUJIqCuaqNCTuqJNEFtXtMmSYyYvDXuQachfUVERHx8vNLqXiRKm+mjmtOcRU31iP3JM9ZXQHsDGlRqD/nNNr6+vF71PxAsRGo0mJiampqYG72xsbIyPj2cPZLfbd+/eHRUVpVarly1bdvLkyYGBAX9/f/xLGBiRMbjo0zmagbbT3wLwLAxvc1H8yA1vc8Z1jp60Fqf55xNtyYem6ABP7ETkrC6dGraoGhoa7Ha7UFdEUSFP6Io2WXLM5KVh4wY1NTVEQ36DwcBxHJ8WjzMlU300c9rziKk+rR+npvrTqT0A4663f0lJCf8JIRG73R4VFVVfX+/mQD4PeJsL8T1d2Ww2tVot+kaTlwDaE+J72ptZ3K0xExMTnZ2d7Dbt7e1ujvIscPr0aeIXi59NfE9XTU1NaWlpMx0FGdCeEN/T3szyHEJoBr9x8Iyzd+/e8PDwrKysgYGBDRs2VFRUeIn1LOBZxsfHs7Ozc3NzP/jgg5mO5f+A9oDpAWrMTPLbb7+VlpYajcYXXnihuLh4x44dMx0RoAhz587NzMw8deqUEg57rgHaA6YHqDEAAACAUnjedxkAAAAAMFBjAAAAAKVwXmOcWosDAAAAABHnNSY/P3/VqlX4Zy0AAAAAQD7Oa4zJZEpLS0tPT1+/fv1ff/01DTEBAAAAvoHc75XdvXt3y5YtZ86cefTokdIxAQAAAL6BrM/8r1+/XlxcLLQWBwAAAACnOK8x27dvT0hICAsL6+/v37NnzzTEBAAAAPgGzn+jzGazGY3GJUuWTEM0AAAAgC8Bz/kDAAAASgHPYAIAAABKATUGAAAAUAqoMQAAAIBSQI0BAAAAlAJqDAAAAKAUUGMAAAAApYAaAwAAACgF1BgAAABAKaDGAAAAAEoBNQYAAABQCqgxAAAAgFJAjQEAAACUAmoMAAAAoBRQYwAAAAClgBoDAAAAKAXUGAAAAEApoMYAAAAASgE1BgAAAFAKqDEAAACAUkCNAQAAAJQCagwAAACgFFBjAAAAAKWAGgMAAAAoBdQYAAAAQCmgxgAAAABK8T9N3B5CrcV6CwAAAABJRU5ErkJggg==) --- **Screenshot:** ![shopintins.com vulnerability](/twimages/screen-1232529.jpg) **Mirror:** [Click here to view the mirror](<http://1232529.openbounty.org/mirror/>) ### Coordinated Disclosure Timeline Vulnerability Reported:| 20 July, 2020 08:01 GMT ---|--- Vulnerability Verified:| 20 July, 2020 08:12 GMT Website Operator Notified:| 20 July, 2020 08:12 GMT a. Using the ISO 29147 guidelines| ![](/images/done.png) ---|--- b. Using publicly available security contacts| ![](/images/done.png) c. Using Open Bug Bounty notification framework| ![](/images/done.png) d. Using security contacts provided by the researcher| ![](/images/done.png) Public Report Published [without any technical details]:| 20 July, 2020 08:12 GMT Vulnerability Fixed:| 26 August, 2020 14:47 GMT ---|---