Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:
      a. verified the vulnerability and confirmed its existence;
      b. notified the website operator about its existence.
Affected Website: |
windowvineyard.com |
Open Bug Bounty Program: |
Create your bounty program now. It’s open and free. |
Vulnerable Application: |
Custom Code |
Vulnerability Type: |
XSS (Cross Site Scripting) / CWE-79 |
CVSSv3 Score: |
6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N] |
Disclosure Standard: |
Coordinated Disclosure based on ISO 29147 guidelines |
Discovered and Reported by: |
xav0 |
Remediation Guide: |
OWASP XSS Prevention Cheat Sheet |
Export Vulnerability Data: |
Bugzilla Vulnerability Data |
JIRA Vulnerability Data [ Configuration ] |
|
Mantis Vulnerability Data |
|
Splunk Vulnerability Data |
|
XML Vulnerability Data [ XSD ] |
|
Vulnerable URL:
![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAAA3CAIAAABVZQ1/AAAACXBIWXMAAA7EAAAOxAGVKw4bAAASB0lEQVR4nO2df0xT1xfAn9hpgYIgbeVHVSAbmsw5NIyhQUOMU9IRUpkiYUxxI7iwhhiiG0PjmHPKEM3mlJiFJWjMZhZDCDGGmMY4ZhhhrHnWjtXGEay1MFJ+acWKlff942537/veu+89CuWHnM9fvffdd+45p+e903tfezqPYRgKAAAAAAJA0HQrAAAAALywQI4BAAAAAgXkGAAAACBQQI4BAAAAAgXkGAAAACBQQI4BAAAAAsWMyDEJCQm3bt0iNYE5DsQDAMxepj/H3L59e2xs7PXXXxdsAnMciAcAmNVI5Jh79+6FhYUJHhoeHj5+/DipKZ+mpqbs7GxSc9oR8YDIKZGRkdOuRiAIhGnioHiYiPmT4jr/hAwODu7Zs0ej0cTFxX3yySfPnj0brwT2ZTVDYmDK+Pnnn9esWRMaGrpu3brbt29PzaQkJ4tHvn93iTnybvq/jhkaGjp27BipKZ8ZnmOWL1/udrunW4uZosbUM/F4mEbXFRYWjo6O0jR9/fr11tbWw4cPj1cC+7KaazGQl5dXWVnpdDozMzPff//9qZl0ypw8d97Nad4r6+npsdvtGRkZgs0ZwsKFC6dbBYqaMWpMJZMVD9PiuidPnpjN5u+++y4uLm7FihWnTp26fPnyBGXOqRjw+XwpKSmRkZEpKSmjo6NTNu+UOXmOvJuycsw333yTkJAQFRX13nvvDQ8PUxQ1PDwcHx/v8XjmzZt3/vx5dvPUqVNhYWEnTpxYsmRJZGTk7t27nzx5QpLc1NS0ZcuWl156idPctm3biRMnUOetW7cWLlyI5qUoau/eva+88orI0QMHDoiffuDAAayA5Ei8pEUvTp48mZCQEBkZ+e677+KRFEU9ePBg69atYWFhK1as+OGHH3D/48eP9+7dq9Foli5d+vnnnz9//lxyxp07d3755ZdYwrp1686fPy9TjadPn37wwQdhYWHLly//7LPPnj9/fvbs2a1bt+IBBw8e3L17N0VRv/3227p164KDgzUazY4dOx48eICFHz9+XKPRxMTEfP/99yKmsXn+/Pmnn366ZMmS0NDQHTt29Pf3C9rO0T80NHTnzp39/f0HDhzQaDRRUVF79ux5/PgxKTxEvIr6e3p63n777bCwsISEhJMnT6LNDZmuQ6AxpOjlXwgipwQHB9+/fz80NBQNu3v3bmxsLMnzgg7kXGXs3RVJ35IMlLRUMAZIMwqqLRiHyPANGzaEhYXFxcW98847f/75JxpM6i8pKdHr9R999FFFRQU/8EgxIChNUE/BkWwny4l8Nl999ZWgMwXDCfbK/sPj8dA03dra2t7e7nK5ysvLKYpatGiRzWZTqVRer7egoIDd3LZtm8fjaW9v7+jo6OjoMJvN1dXVJOGkjbKsrCyTyYQ6r1y5MjY21tzcjJomk8lgMIgc1ev14qfr9Xo8o/yRyBUWiwW5wuFwVFRU4ENGozE8PLyzs/Pq1avscCwtLXW5XGazubm5uampqba2VnLG3NzcxsZG1NPT00PTtMFgkKnGkSNHRkZGLBZLc3NzS0vLuXPnDAZDS0vLo0ePsIdzcnIoijKbzcXFxb29vVarVafTGY1GLNxms1mt1vr6+vT0dBHT2FRXV5tMJpPJZLfbY2NjOzs7BW3HU9A0ffPmTZqmXS7XypUr3W63xWJpa2vr7u5mm0PaKCNJNhqNCxYsuHv3rslkunDhAv9EEdexxwhGr+CFIH4K5s6dO/v376+pqSF5XtCBnKtMjgdIBmp4iFvKiQHSjIJqU0JxSFFUVlZWYWGhw+G4efNmenq6UqlEg0n9KpWqq6urvr6+ubn51VdflRkDgtIE9STNiyFFPsmZHf/CcabMm+ELCyNKd3c3RVEPHz5EzdbW1sTERHxIpVKxR6ImOsXhcKD+hoaGlJQU9NrhcMTHx+NTPB6PSqUaGBjgN10uV0hIiNfrZRgmNTW1rKwsPz8fCQ8PD3c4HCJHR0dHxU8fHR3FOkiO5NiFXXHz5k3sCp/Pp1Qq2SZHRESgfnSdoP6mpqa0tDTJGUdGRpCNDMPU1tZmZ2fz3SuoBsMwarXa4/Gg1zRNp6amMgyTlpZ2+fJlLARNzebu3bvR0dFYOH5HREzjoNVqzWYzu0fQdjzF0NAQ1j8oKGhkZAQ1W1tbX375ZX48sIONJBmpivuxqjJdhyBFr/iFQAp4hNPpTExMvHTpEt9v2PN8B2Lh2HD8Wty3ggY6eYhbyo4BkRlJavPjcGBgQKFQ8GOP1F9XV7d69ere3t6MjIzMzEzkK61WK64PSRpfT9JItpNJkT9eZwrGBuf++QIjnWM4iQQ7WiTHKJVK3N/Z2cmODJfLhQ81NDRs2rSJ1ExOTr5+/Xpvb69OpxsaGtJqtT6fr66uLicnR/KonAEyJ2LbRXKFy+XimIwOuVyuBQsW4H673Y5uKJK65eXlnT59mmGYzZs3X7x4UaYaAwMDFEWp/2Xx4sXI81VVVYWFhQzDnDlzJjc3Fw02m82bN2+OjY1FIzm3YwzJNDZDQ0MKhcLn83FOFLRdRH9Okx0P7LNIkjn9WFU5rmN3Ckav+IVACnhEWloaejcRfM8LOpBvOH7tn2/9sxQhOCNJbVIc5uXlJScnl5WV1dTU3LhxA48X7MdZweVyqdXqY8eOtbW1JScni+hDkkbSU3BetpMlI1+OM0mxMXdyjCLwK6X/mD9/fkxMDG6Kf6NMr9ebTKaurq6srKxFixYlJye3tLTg/Svxo3IGyJwoEEjOmJube+bMmYKCgvb29oaGBplivV5vUFBQR0eHQvHP2xoUFERRVE5ODtrxuHLlSmFhITpkMBiKiorOnTunVCrRV3cmaNT8+fMnKIHDTPuGoX/09PRYLJZff/0V95A8P+kOZIP2c9h0dHRMimS+2qQ4/PHHH3///Xer1epyucrKytavX//tt98K9h8+fHhgYGDNmjUURcXExNTX1xsMho6ODrxxJwJf2tGjRwX1JOkjSeCc+WIinoL8W8dQrOVhY2MjZ+sA4fP51Go1Xu1ymgzDtLa2pqamZmdnX716lWGY2tra0tLS6OhotBISPypngMyJ5HwK5iyrGxsbRfbK5Ojm9XoXL1789ddf45WNzA/jKpVKcO9i1apVJpMpIiICbaT09fUpFAp8lKZp0jqGZBoHrVZL0zTnRNJ+jpx1DCce5O+VdXd3o37BvTI56xjB6BW/EEQC3ufzsaOa5Hm+A/mGy9krIykpub1DslTc5yS1SXHINlyn05H60Vtpt9txf3FxMUVRVqtVXB/SLCQ9+SNJe2XsyB+XM0mxMXfWMf7nGI/Ho1AocBzgJnLr9u3bnU6n1WpNTk6urKzEEvAGaEtLy6pVq3A/p4nQarVarRad4nQ6w8PD8WJZ8qjkAPZWrMhImXcog8HANhkfKioqys7OdjgcVqt17dq1eM9EUvn8/Pzw8PCffvppXGp8+OGHaWlp6KNZdXX1kSNHUP/hw4dXr16dlZXFNrm2tnZoaMhutxsMBlKOETGN7cBjx46lpqZaLBan02k0GltaWki2y8wxnHh4+PChQqGw2Wxox4Pk1e3btxsMhu7ubqvVunr16nHlGGQOKXolcwwp4DmOInle0IHM/19lbB388C0HmZZiBGckqc2Pw87OzszMzOvXr7vdbofDUVRUhKKR1F9SUrJ+/Xqr1ep2u+vr69VqdXR09KFDh8T1IUnj60kayTafFPnjciYpNiDH/IN41FZWVoaEhNTX17ObJ0+eVKlUVVVVWq02IiJi165d+IkuW9r+/fsrKiqwKE4TkZ+fv337dtxMSUlhjxE/Kj6AY5eckeKucDqdW7ZsUalUSUlJNTU17ExcXFysVqt1Ol1lZSXeFJZUvrGxUaVS8V0neaPct2+fTqcLCQnR6/X4gx5N0xRF4XeKYZiWlpaUlBSlUhkdHV1WViaSYwRN44z0+Xwff/yxWq1WKpUGg8HtdpNsl5lj+PFQXl6Og43k1d7e3qysLJVKFR8fX1VVJT/HcMbwo1fyXMGA5xtI8rygAxH4KmPr4IdvOci0FCM4I0ltfhyOjo5WVlYmJSUtWLBAq9UWFBT09vYyDEPq93q95eXl8fHxSqVy7dq1Fy9e7OrqCgkJYWdfvj4kaXw9SSPZ5pMuapIzq6urBZ0peTN8sZHIMX4g03dJSUltbW2kJjC5eDwepVLJ+bLQTGbi8WCz2TjP3uXgx5U/S28Ws1Tt2YWIk+eO/6f0mT+bO3fuiDSByeXatWvp6elTXGpsIkw8HmiaTkxMnBRlAADwm2nLMcCUMTw8fObMmby8vOlWJOB88cUXsbGx2dnZXV1dFRUVftQHA4Ap4NmzZ62trTqdbroVmQqmv7Y/EGjwXvB0KxJwMjIyamtrdTpdQUFBaWkpqpoDADON4uJio9HoXxHh2YfkblpXV1d2dnZERIRWqy0qKsK/0BbE7XYXFBSo1erY2Njy8nL2L+r5kHYkOf379u1TKpXoYe+45Ps33WQxLrET0UHQJ3yBXq83Ly9vjmwBAwAwQ5Bex2RlZa1cudJms7W1tbnd7pKSEpHBu3btGhsbQ8XMb9y4ceTIET/SHrvqdX9//+nTp9va2lC9pkmRPzWMq3b3RAp9y/HJ06dPMzMzfT6ff1MAAAD4iXgK4v9kTPCXUwiPxxMUFMQuRZWUlCQiXM6Hd873NcclX+Z0s/oLHiSf8L/GevTo0VltKQAAsxGJdYxGo0lKSjp79ixFUU+ePDl37lx6ejqpYLXb7Q4JCVm0aBE6V6fT9fX1odeCRdfZ/PHHH1FRUb/88gvFqnrd39/Prm1Oks8vhv/mm2/yy+Oj14Ll2UXUkKxCL1iKn+KVlGcXSyf1UKLFwAXrpYv4nM3y5csPHjwo/l4DAABMOtJ7ZVeuXKmoqAgODg4PD79x40ZdXR01/oLV4kXXh4eHc3JyqqqqNmzYwO6Piooi1TZnwy+GbzQaBcvji5RnF1RDThV6yVL8lFCxdMHy6XiwoG8F66UDAADMaCRXOqWlpWvXrm1vb7927ZpOp6urq+smF7IW/JmxZNF1vV5fUlLCPpFfo0lEPr8YPqk8PiVUnl1EDUpGFXrBudhiu3nF0gV7BKu9sYuBC9btJ/lEcFsM9soAAJhiJNYxz549q6urq6+vf+ONN956663q6mr08VmpVC5duhSNWblypcPhEBHS19c3NjaWkJCAx7OPHjx4sLm5OSUlZXy5kUVwcLBer0eLiYaGhtzcXH4PGqlSqfB/z8XGxqIi5CJqqFQq9jZUeHh4cHAwPh09pSfNxZHD2R7k92AEfTs4OOh2u+Pj49F/Im3atAllIwAAgJmMRI4ZGBgYHR197bXXUDM5OdnpdE7i9CMjIw0NDZcuXSovLxf5X1hJ0IbV4OBge3s7KgjP7wmcGuOayz9wvXSapmmatlgsqAQZAADATEYixyxZskShUPz111+oabPZ4uPjKYryer33799HnXa7fdmyZRRFqdXqkZERfI92Op1arZaiKK1WGxQUdO/ePSzkv+mDghoaGnbs2JGamnro0CFxZUjyKYrS6/U0TV+4cGHz5s1opcLvEfPCeNTgM665JBH0bUxMTEhIyMDAQNy/oH/iEfEJAADA9CO5m2Y0Gjdt2tTV1WU2m5OSklD9V4pQsDozM7OgoMDlctnt9vT0dFyLW7zoOsMwNptNqVRaLBZG9BkMST7DK4bP75Hz6IKkBnu8YJM/O6ncr3iPiG9JdfsFfcIphk+aFwAAIKBI5xiv12s0GrVa7bJly2pqahjRgtV9fX35+fmLFy/m/A5fvOg6orS0dOPGjYxojiHJZ3jF8Pk9Mh+PC6rBSOUY/ux+5xiSb0l1+0k+YRfDJ80LAAAQUOYxDDPepc+9e/dWrVr16NEj/1ZOd+7c2bhx499//+3f6bMF/7w0Qd8CAADMKKahJiYUXQcAAJgjTFFt/7lWdH1O1e4GAAAgMUU5JiMjY9++fSUlJcuWLZsLRdeLi4ubmppQTQQAAIA5iz/PYwAAAABADvAfZQAAAECggBwDAAAABArIMQAAAECggBwDAAAABArIMQAAAECggBwDAAAABArIMQAAAECggBwDAAAABArIMQAAAECggBwDAAAABArIMQAAAECggBwDAAAABArIMQAAAECggBwDAAAABArIMQAAAECg+B8nGBSY8qOhYgAAAABJRU5ErkJggg==)
HTTP POST data:
![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAAAjCAIAAADNIk3yAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAIxUlEQVR4nO3dX0hTXxwA8Ktddeld6ZrTVFAh1AcxH8yKLCLFJCQGpSWMWhhhYTSGRVmQ7GGGrdfoocAi6iVEfJACixgSlTauaywbKtcxzWKOWTfbbHZ/D/f3u9zf7t9t3vzD9/Pkzs4953zPOd7v7nFUEkVRCAAAAKCA5NUeAAAAgA0LcgwAAAClQI4BAACgFMgxAAAAlAI5BgAAgFIgxwAAAFAK5Ji1qLi4eGxsbLVHAWQZGxs7f/68SIXfv3+3tLR8/fpVTmuw9GCDgRyz5nz8+PHPnz87d+5c7YEAWYxGY1FRkUiFlJSU1NTUjo4OyaZg6cHGswo5Znp6Wq1Wc39OsM2srCz55YpKMKiBgYGjR4/+nTEsLCx0d3fLaWfNzqRkCIk0Ltnj/Py80+k0mUzMu+FwuKWlJaplk8k0NDQk2fKaWnoAVsQq5JjCwkK/3//3+10vVuRGI3OSg8Gg1WpNsC/lyIni74fA7pEkyfT09LS0NPplOBxuaGiIRCJRl2g0GpIkJVuGpQcbz+qclTG/kxsSiqIlJSXxXfvlyxePx3Pw4MHEh7Eik8zEkkhQiVhfW2Vubq6urs5ms8Vx7VpbegBWhHSOCYfDra2tarW6sLDw5s2by8vL9MP4nTt3iouLMzIyTpw4MT8/f/ny5ezs7G3btp05c+bnz5/0tSMjI3v37t28eXN2dnZTU9PMzAwS1xkFbzszMzOHDx9Wq9WlpaVPnjxhKvOW0512d3dnZ2dv3779wYMHvKEx3e3fv1+tVufn5x87duzTp09Chbzy8/M/fPjAvHzx4oV4dOwKAwMD9fX1KSkpIiNZXl6+du1aTk5ORkZGU1PT/Pw8NzrugeTt27dzcnKysrJOnz7969cvBEEWFhaKiopIkkxKSnr48CHvUJlY8vPz3717F0dEMkNA+NaIfVIXdwiIwP6JwrsZuEPi9shWWFh4/fp18ckRmqi1tvQArAjpHGOxWBYXF51O5/Pnz+12+7179xAEIUkSx/Hh4WEcx2dnZ8vKyvx+v9PpfPv2LUEQnZ2d9LUOh+PcuXNzc3Mul6ugoKC9vT2+UfK2097evmXLFrfbPTg4yM4xQuUkSY6Pj7tcrt7e3pqaGqHQEARpbGw0Go1er3d4eLimpkalUgkVIgiSzRE1eKPRWFtby846jJGRkdraWqPRyJREnZbwdtrT0zM0NDQ0NOTxePLy8txuN290bCRJvn//fnR0dHR01OFw9PT0IAiydevW8fFxDMNCoZDBYBAfatwRyQ9BPIpEQpCzD4U2Q9SQuD3GZ50uPQAxo6RotVqSJOmfcRyvrq4mCAJBkGAwSBcODw8nJycvLi7SL9+8ebNjxw5uOxMTE7m5uRRFEQSBYRhdyP5ZJrqdSCSiUqm8Xi9d2NfXl5mZSVGUUDk95kAgIB4aRVGBQABF0VAoxK7JW0jzcURVIEnSarVqNJrm5maPx0MXejye5uZmjUZjtVqZMZAkiWEYM0ihTnU6ncPhYJdwo4uaZARB2HNSVVXFrSY0VC75EckPQTyKFQyBdx9SApuBd9tIbmBuIbtkXS89ALGSyDGBQABBEO1/NBqNTqeL2p0EQdD3ce5Lh8NRV1eXl5dHX8vc7mPNMdx2ZmdnVSoVU8HtdtONC5VzO+INjX7r5MmTlZWVZrPZZrO9fv1apFC+QCCg1+tRFKVfoiiq1+uZPE3r6+s7dOgQu4TbaTAYRFE0Eomwq4nf1AiCiJoTJlLe+Y8aaiIRyQ9BPIoEQ5Dch0KbQTKFxJFjNsDSAyCfxFlZKBRKTk4eHR3FcRzHcafTieO4/IckvV5/4MABu92O4/jg4KD8CxVqh00ktKdPn96/f7+iomJpaclsNl+8eFGoEJFxVoYgyOTkZHt7u91ut1gsdInFYrHb7RcuXJicnGSqcb9WJNTppk2bVmQS5AxVZjXeiNZICJL7J8F9HpP1vvQAxEYyC2EYxn08l/Mc8+3bN/YHIhzH43uO4W0n6kysv7+f96yMKeftiBsaF47jBQUFIoWSZ2VtbW0YhpnNZr/fzy73+/0mkwnDsLa2NnrkWq12ampKciQ6nQ7HcfZbkh9mEdaBSX9/v9CBidBQ44sophDEo0gkBDn7kBLYDEo8x1DreekBiJV0jmlra9uzZ4/L5Zqdne3p6bFYLPLPynQ63d27d4PBoMfj0ev13N/t79+/oyg6Pj7OPTlh421Hr9cfP37c5/O5XK7KykqmU95y3nsBNzSKotxud0NDw6tXr/x+v9frPXv2bGNjI2+h5NTRDAYDQRBC7xIEYTAYKIqy2+3l5eXst4Q6tVqt1dXVTqfT5/PRHzzl3GjYc9LV1UW/RZIkiqLM+bv4UGONKKYQKBk5Ju4QePdP1N7j3Qy824bdo9frZR9GRQ2bMTExwf4diZqodbT0AMRKOseEQiGTyVRQUJCenn7kyJGpqSn5OcZut1dVValUqtzcXLPZzHu7v3r1anp6em9vr8gYeNvx+Xz19fUYhpWUlNhsNqZT3nLemwU3NIqilpaWurq6SkpKUlNTdTqdwWCYm5vjLZScuph0dHR0dnayS4Q6jUQiV65c0Wq1KpVKr9f7/X7JGw2GYbdu3dLpdJmZmadOnWK+oEFRVFdXl+T8x01+CJRUjkkkBN79Q/1/7/FuBqHnbKbHUCikUqmi/kjOverZs2cVFRVCw9uQSw8ALYmiqNU5pAP/V1pa+ujRo927d694y9PT0+Xl5T9+/Fjxlv+atRzCpUuXXC7Xy5cvhSqEw+GysrIbN260trbyVoClBxsYutoDAP/6/Pnzag8BxMNms4l/QSAtLe3x48f79u0TqgBLDzawNZRjeL+RhSDI1NTUivy7mQAoISUlZdeuXeJ1RBIMABvbGsoxQh8GIcEAAMA6BX+PAQAAoBT4P8oAAAAoBXIMAAAApUCOAQAAoBTIMQAAAJQCOQYAAIBSIMcAAABQCuQYAAAASoEcAwAAQCmQYwAAACgFcgwAAACl/AN5YtgEL7oWDQAAAABJRU5ErkJggg==)
Mirror: Click here to view the mirror
Coordinated Disclosure Timeline
Vulnerability Reported: |
21 July, 2020 06:23 GMT |
Vulnerability Verified: |
21 July, 2020 08:58 GMT |
Website Operator Notified: |
21 July, 2020 08:58 GMT |
a. Using the ISO 29147 guidelines |
![](/images/done.png) |
— |
— |
b. Using publicly available security contacts |
![](/images/done.png) |
c. Using Open Bug Bounty notification framework |
![](/images/done.png) |
d. Using security contacts provided by the researcher |
![](/images/done.png) |
Public Report Published |
|
[without any technical details]: |
21 July, 2020 08:58 GMT |
Vulnerability Fixed: |
23 August, 2020 15:42 GMT |
— |
— |