Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:
      a. verified the vulnerability and confirmed its existence;
      b. notified the website operator about its existence.
Affected Website: |
flycraftangling.com |
Open Bug Bounty Program: |
Create your bounty program now. It’s open and free. |
Vulnerable Application: |
Custom Code |
Vulnerability Type: |
XSS (Cross Site Scripting) / CWE-79 |
CVSSv3 Score: |
6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N] |
Disclosure Standard: |
Coordinated Disclosure based on ISO 29147 guidelines |
Discovered and Reported by: |
divyanshsingh21 |
Remediation Guide: |
OWASP XSS Prevention Cheat Sheet |
Export Vulnerability Data: |
Bugzilla Vulnerability Data |
JIRA Vulnerability Data [ Configuration ] |
|
Mantis Vulnerability Data |
|
Splunk Vulnerability Data |
|
XML Vulnerability Data [ XSD ] |
|
Vulnerable URL:
![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAAA3CAIAAABVZQ1/AAAACXBIWXMAAA7EAAAOxAGVKw4bAAAR1UlEQVR4nO2dfUxTVxvA71jFCgWhloJQJzQLGkPQEKa4McOYUeIYaVCRuE4ZGoeEoRI0G26MOYaEoWGMEbK4RU2zmYU5woxxBt3SGOZYV+9Yw2qDWLDWBgsrWlmFwnn/OHlP7u5XC7OC7Pn9xfm4z8c5hz695/Q+9ymEEAUAAAAAASBopg0AAAAA5iwQYwAAAIBAATEGAAAACBQQYwAAAIBAATEGAAAACBQQYwAAAIBAMStiTEJCwu+//y5UBGaKuTERc8MLAHhCmfkY88cff0xOTq5cuZK3CMwUc2Mi5oYXAPDk4iPG9Pf3h4WF8TaNjIwcPXpUqOg/7e3tOTk5vMUDBw4sWLDg+PHjQjY8QrCuU6dOUf/CFxGYIykyqrMHPBHTMLW/vz8yMjJAVk0V1upiQlx7PAZ/+umnCQkJoaGha9asuXTpUqDVAcBsAYlitVplMpk/TSI9xVm9evXFixe5RafTGRQURNN0X1/f9CT7D9Hl9XrRv/BFBJZMj8fzaOU/cshETNVUq9UaERERGKOmDGt1MSEz8hgMbmxsVKvVly9fdjqdra2tCoXiypUrAdUIALMEycxGuDt37lgsloyMDG7R7XaHhISsXLmyv78/0GYQXYFWRJg/f/5j0zUNmBMxy00VgbW6WEgkksTEROYfgaO2tlan07300ksURW3evNnpdNbW1n7//fcBVQoAswG/zmM++eSThISERYsWvf766yMjIxRFjYyMxMfHu93up5566tSpU8wi3tr6+OOPo6OjIyMjd+7c+ffffwtJbm9v37Bhw7x581jFoaEhIvDbb78l/T/77LONGzeS4uHDh3fu3ElR1MTExDvvvBMdHR0aGrp169ahoSHq/5shR48ejYqKWrx48RdffEFR1K+//rp27doFCxZERUVt3br19u3bTF0sX/DWGfcSLPnYsWMJCQmRkZGvvfYaHhbMnTt3XnnllbCwsISEhGPHjnH3YZi7NP9GDq/XFEU9ePDgzTffjIqKWrJkyQcffDAxMcFUFBoaum3btqGhoYMHD0ZFRS1atOiNN9548OAB77z4aert27c3btwYFha2bNmyr776itQ/fPhw165dYWFhS5cuff/99ycmJm7evBkaGnrt2jWKooaGhiIjI3/88UeWX9wBJ/UvvvhiWFhYXFzc5s2b//zzT2yV0GIjXvAqjYuL++233yiKiouL++WXX/AlP/zwA+UL0odrz7Zt2z766CPSc+3atXhF2e329PR0Ul9YWNjU1ORTEQDMBcRvc6xWK0VRBQUFdru9t7c3MzOzqKgIN5nNZplM5vF48P4SKfb19VEUtWXLloGBgd7e3qSkpKqqKiH5mzZt0ul0vEWmQLLLZLPZpFLpvXv3cDEpKamtrQ0hVFNTk5qa2t3dbbPZSktL9Xo9MX7Hjh0Oh+PChQtmsxkh1NLS8uWXX7pcLofDsX//fo1GI+ILLnIvIZLtdrvFYklPTy8uLiZe5ObmajQah8PR29ubnJyM92GYe2XMXZqpymHC6zVCqLCwMDs7e2BgwGQypaSkNDY2YkVardZms2FFCoUCTyv+pl9aWso7L36aqtFomDNOTK2oqMjPz+/r6+vp6cnIyGhqakIIVVdXr1u3DiFUXFy8fft27qrgnSOEkFKpPHHixPDwcF9f3/Hjx/v6+rBVQouNuZx8KsXExMRkZmYaDAbe1q6urszMzJiYGCF7WltbU1NTcavdbpdKpS6XCy9aIY0AMLfxK8aQz/TOzk61Wk2aeM9j8CUDAwO4/uzZs+S/bmBgID4+nlzidrtlMtnw8DBvkSmQqSgtLa21tZXU49MCpVJpNBp5jScCufT29uLPC//PlvAlrGG5cuUKGRav1yuVSvv6+oj7PmPMlOQw4fXa6/XKZDJyYXt7e1paGlbkcrmIoqCgoNHRUVzs7Ox89tlniQTmRPhvKnPGiakKhcLtduO/aZpevXo1QmhsbGz58uVVVVUKhcLhcPCOM2vAEULDw8MSiYR1OCSy2FjLyU+lbre7pqZGLpfn5eVZLBZSb7FY8vLy5HJ5TU0N9ojXntHR0fDwcGxPc3NzTk4O+ufUl5eXKxQKhUJBRg8A5jZTO/Nnno6KxBjmt7aenh6lUon/9nq9drudNJ09ezYzM1OoKBRjamtrCwoKEEJNTU15eXkIIZfLJZFI8D2HiPEYo9G4fv362NhYhUIhl8u5AYBb5F4iMix2uz04OJjpvniMmaocgpDXrAstFgsOikKKuEXmRPhpKmvGcdPw8DBFUYr/I5fLyUro6OigKKqxsRHxwTtHCKH8/PxVq1aVlZXV19f/9NNPSHSxsZaTT6VMhoeHNRqNRCIhNRKJRKPRkCAtZA+uxCrWr1+P76KY9zH4tubq1auz52cRABBQHuvzMU8//fTixYtJUeRXyyLk5uaeP3+eoqhz587l5uYyhftjg0ajWbdunV6vp2kaywnEJY8NP72eEn5OhE88Hk9QUJDBYKBpmqbp7u5umqZxk8PhCAoKcjgcvBcKDfjXX3994sSJ5OTksbGxsrKyt956a0peiCsl3Lhxo6SkRK/XHzlyhFQeOXJEr9cXFxffuHFD3J68vLy2tra//vqrq6sLG4DvtsfHxymKWrhwYVxcXHBwcEhIiLgZADBHEA9B07uPoRjbF21tbWT7gonX61UoFGRLh1VEwt+gEUJJSUkdHR0RERFk60apVNI0LW48QmhwcJD55ZSmaZ/3MbyXiAwL3jiyWq246HOvbKpymPB6LbRX5ud9DGsi/DeVOeOkSSaTcXfzXC5XTEzMmTNn5HJ5T08Pq1VojljQNK1SqYQWG3c5iSslFBUVyWSysrIyp9PJanI6nfv375fJZORIkmsPQsjj8cjl8oaGhtzcXNIaGxtLbnQQQvX19VlZWUI2AMBcYvoxxu12SyQSsmdNiuQY1mazmUymVatWMY9hyf61Xq9PSkoi9awiU/W9e/ckEonZbCb7QpWVlcnJydnZ2aRzTU3N6tWr8ek3/hLKNR6jVCqbm5tdLpfFYtFoNLwxhuUa9xLxj+wtW7bg3wWYTCZyVs/0wp8PbiE5zDHk9RohtHv37pycHNaZv58xhjURfpqKz/zJjJOmoqKitLQ0k8lkt9vr6uqOHDmCECouLsabnNXV1RkZGSynhOaop6cnKysLP2IyMDCwe/fu7OxsocXGXU68SrlotVoS13mxWq1arVbIHtxn+/bt4eHh33zzDbmKPB8zODio0+nkcnlnZ6eIFgCYM0w/xiCEqqqqQkJCTp48ySweO3ZMJpPV1tYqlcqIiIgdO3aQs2XW4WdFRQURxSqyOr/99ttMRXjLhRQRQl6v99ChQwqFQiqVajQa/CWUN8bo9frU1FSpVBoTE1NWVsYbY1iucS8RHxaHw5GdnS2TyeLj42tra0kT8cLPD25eOcxLeL1GCLnd7j179igUCpVKVVVVxYxqvIqYRdZE+GmqzWbbsGGDTCZLTEysr69nhsP9+/erVKqQkJBNmzb19fUZDAaZTIbvPDweT3x8/OnTp1nCeedobGysqqoqMTExODhYqVRqtVqHw4Ev5C42lhe8StG/g9ce3NTW1iaTyciyxzQ2NsbHxwcHB6ekpFy+fPlfageAJwUfMWYa+PmQfGJi4tWrV4WK4rjdbqlUKvKDsdmD2Wwmp9CzQY5PpjQRM47QYnuyvACAOcyMPed//fp1kaI4Fy9eTE9Pnz1JsUSgaVqtVs8eOT6Z0kTMWuaGFwAwB5jhXDLTYGRkpKmpKT8/f6YNEeTDDz+cmJiwWq179+6tqKiorKxkdRgfH9+xY0dDQ0N0dLS4nNjY2JycnJUrVwYFBTEfIAcAAHgimPnc/lOF7LzPtCGCZGRk1NXV6XQ6rVZbWlqKs90wmTdvXnBwcHl5uU85zc3NsbGxd+/ePXjwIFcOAADAbOeR7775eR4zVZmz/Jk1l8tVU1OD/8ZZnMkPpYaHh7VarVwuj42NPXTo0NjYGELIaDSSlCTiVFdXl5SUYDkFBQUKhYIpZxp4PJ78/HzmHJnN5qysrPDwcKVSWVhYiJ80xD/ZYgI/twUAYKo8efcxsxMcY/DfOIszSVdcWFg4OTnZ3d3d0dGh1+txN7lc7na7/ZFMniUsKCgYGxujafry5cudnZ3cLTh/ePjwYVZWltfrZVZu2rRJpVKZzWaj0ejxeIqKinA9fniQ0N7ePg2NAAD8p3nkUeu/eR/D+4glQsjj8UgkEmaisBUrViC/R8lut0dERIyNjY2OjqpUKpL7q6uri5lhbEp2VldXsyxsaGggT7N2d3fjZwkDMY8AAPzX8H0fI54onpvm3X85uF4okbtQunguQgneeXP785rhZ+p7IUXc1wEQPB7P5ORkcHAwLkql0tHRUa4LQinlSXb6BQsW3Lp1KzQ0FNf39vbGxsaKZ7bnZenSpYcPH2bWzJ8/f9++fTiB//j4uE6ny8zMxE2Tk5P79u2Ljo6Ojo4+cOAAmTIAAAA/8R1jSktL7Xa70Wi8cOFCe3t7c3MzRVFut7u7u7uzs7Orq2tgYKCiomJ6ciiKMhqNe/bscTgcJpNJpVKVlJTg+pKSkvDw8J6envPnzzNjTBQHbE9XV5fBYDAYDEajsa6uDnd2u91ms9lkMp08eRK/wEPIDLfbTdP0lStXaJq22+3Lly93Op3d3d1Xr161Wq3EQV5FCxcuJK8D0Gq1TK8XLlyYkpJSUVExPj5+//79qqqq1NRU7uAUFBS8/PLL+HUmTHhTh12/fr28vLy+vl7Ecd5REue7774LCQnp6ur6/PPPcc3o6KhMJjOZTJ2dnR0dHQ0NDT6FAAAA/APx2xyRRPG8ad6RwB4LrxyuOpLIXSRdvI2DUIJ3bm5/ITP8TH0vkkleaK8MIdTT07Nq1SqSBhG/+pebvYabUp6VnZ64r1arz5w5I24Pd5SYQnjnaHR0FKdgaWlpQQh5PB7mY4xtbW04Mz8AAID/+Igx00sUz/384pWD/+ZN5C6ULp4XoQTvXEuEzPAz1YpIJnmRGINxuVzHjx/njUkEVkp5bnZ6hFBaWhrJTi9ijzgiZy3nz59PSUnh1pvNZj9/CAcAAECY+WcwNRrN7t27W1papFKpzWbLysoS78/d9jEYDAGz7pEREhLS0NAg8obdGzduVFZWMlPKczfK7ty5093d/fPPP/tUxx2lu3fv8vYcHx+nafq5557DRbVabbfbeXtOTk761AsAAMDER4xRKpXBwcE3b95MSEigKMpsNsfHx09DjZCcu3fv2u329957D3dzOp2kP0VRt27dWrJkCUVRFouFiCLvICF4vV6Px8Ps/MwzzwTIHT8VcTl58qRCoXj11Vd5W/fu3avT6fbs2WOxWBYtWkRR1MTExLlz51g/UFYqlSaTyR97uKMkxOTk5PPPPz84OIhz8xAhly5dKi8vv3btGu7W09MzvakHAOA/jc87nWkkimc9V+HxeLxeL1cO7s+byB0Jp4vnIpTgnXdHiNcM//fKeBWhf74OYGBggPX+dq/Xq1ar29vbSU1vby9TBTelPDc7PYaZA1/8NQoisPzNzs7Oz8+32Ww0Ta9YsaK5uRkh5HK5FApFZWWl0+k0Go1JSUn+vEESAACAie8YM41E8dxI1tLSwpWD+/MmckfC6eK5CCV4540xvGb4H2OEXluAGK8D8Hg8UqmU+Tb406dPsw45Wltbk5OTRYad+7IDXsNE7BGB5e/g4GB+fn5ERIRKpaqurib1BoMhPT1dJpOp1eq6ujp/JAMAADB5CiH0GO+aAkJ/f39SUtL9+/dnj6J9+/aZTKZLly7xtj58+HD58uXvvvvurl27hCQsW7bs9OnTa9aseST2AAAAzAgzf+Y/J6mvrxc5EZk/f75Op3vhhRdEJEB2egAA5gCQrywgzJs3j/xSixfxAAMAADA3gBgDAAAABIq5cB4DAAAAzE7gPgYAAAAIFBBjAAAAgEABMQYAAAAIFBBjAAAAgEABMQYAAAAIFBBjAAAAgEABMQYAAAAIFBBjAAAAgEABMQYAAAAIFBBjAAAAgEABMQYAAAAIFBBjAAAAgEABMQYAAAAIFBBjAAAAgEABMQYAAAAIFP8DXDwqTyyUsKMAAAAASUVORK5CYII=)
Mirror: Click here to view the mirror
Coordinated Disclosure Timeline
Vulnerability Reported: |
22 July, 2020 05:16 GMT |
Vulnerability Verified: |
22 July, 2020 08:13 GMT |
Website Operator Notified: |
22 July, 2020 08:13 GMT |
a. Using the ISO 29147 guidelines |
![](/images/done.png) |
— |
— |
b. Using publicly available security contacts |
![](/images/done.png) |
c. Using Open Bug Bounty notification framework |
![](/images/done.png) |
d. Using security contacts provided by the researcher |
![](/images/done.png) |
Public Report Published |
|
[without any technical details]: |
22 July, 2020 08:13 GMT |
Vulnerability Fixed: |
23 July, 2020 01:54 GMT |
— |
— |