Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:
      a. verified the vulnerability and confirmed its existence;
      b. notified the website operator about its existence.
Affected Website: |
agromera-apk.ru |
Open Bug Bounty Program: |
Create your bounty program now. It’s open and free. |
Vulnerable Application: |
Custom Code |
Vulnerability Type: |
XSS (Cross Site Scripting) / CWE-79 |
CVSSv3 Score: |
6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N] |
Disclosure Standard: |
Coordinated Disclosure based on ISO 29147 guidelines |
Discovered and Reported by: |
xav0 |
Remediation Guide: |
OWASP XSS Prevention Cheat Sheet |
Export Vulnerability Data: |
Bugzilla Vulnerability Data |
JIRA Vulnerability Data [ Configuration ] |
|
Mantis Vulnerability Data |
|
Splunk Vulnerability Data |
|
XML Vulnerability Data [ XSD ] |
|
Vulnerable URL:
![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAAA3CAIAAABVZQ1/AAAACXBIWXMAAA7EAAAOxAGVKw4bAAAQ80lEQVR4nO2df0xT1xfAn1ixwkN+lYqA40cIEEJY4xjrMnQGjTLWkMqQbY6NOo2iQUaIOkDjGGbIUNzmHFkWNP5INv8whBBCmOmYqYyoMPaoBbFDg7WUbitI3RMrFN/3j5e9vO/71SdtGbjz+evdy+m555x73ju9t+1lEUEQCAAAAAB4AZ9/2wAAAADguQVqDAAAAOAtoMYAAAAA3gJqDAAAAOAtoMYAAAAA3gJqDAAAAOAt5m+NiY2N7evr42sCHmdBR3hBG+8lICbAfGCe1pibN28+ffr0xRdf5GwCHmdBR3hBG+8lICbAPMFFjbl3715AQADnn+x2+9GjR/mabtLS0pKTk8PX/M8iMB1uQkbYI/q9ZyQfVHo8ePBg27ZtYWFhkZGRH3/88fT09NwbI5J79+4FBwcLC7hjuUduGTE2iLnxKT0uvfY4IsM468fXvE2w+cPs1zETExM1NTV8TTeBGjPHeDDC0dHRNpvNI6pEQhmv0WimpqYwDOvo6Ojq6jp8+PBcmjGv8MiEiplKz974HkdkNs5zLxY083GvbHR01Gg0rlu3jrMJeByPR3jp0qWeUuUSyvjHjx/39vZ+9913kZGRiYmJJ06cuHTp0pyZ4XEkEklCQsLsXuvBCfXIVFK+uOPUrJnLbATYiKoxX331VWxsbGho6Pvvv2+32xEEsdvtMTExOI4vWrTo3Llz9OaJEycCAgKOHTu2YsWK4ODgwsLCx48fk3q6u7vXrFkTEBAQGRn51ltv3bp1i3O4lpaWjRs3LlmyhN3s7u5+9dVXly1bFhYWtmXLlpGREVJmdHT0zTffDAgIiI2Nra+vJ9fj5DL26NGjYWFhK1euPH36NIIgjx492rVrV1hY2KpVqz799NOZmRlKsr6+PjY21t/f/+233x4bG9u/f39YWFhoaOi2bdsePXpEDvTkyZPt27cHBARER0d/8sknMzMznKMImMqGLUnq5IwhRX9/f2ho6NWrVxn9bHsYy3n2fgUj4J9//jljXAEN7DmlC9MDGxwc/N5775H5wxlJPoV8nQzjly1bdv/+fX9/f7J/aGgoIiJCIGJsA7755ptNmzZR8gcPHiwsLNy8efOxY8fInr6+vqVLl1Iu7Nq1a//+/QhXUnFmxcjIyKZNmwICAhITE7///ntmHvw/kZGRv/76K3n9448/CgszZBi3DGfoZmZmKioqVqxY4e/vv2XLlrGxMYHM4UtIxnOAz1TKl8jIyOvXr4t0ihLwiAvueyH+jgbouK4xOI5jGNbV1XXjxg2LxVJeXo4gSGBg4ODgIIqiDoejoKCA3ty8eTOO4zdu3Ojp6enp6ent7a2rqyNVqVQqjUZjMpk6OzszMjKkUinniAIbZb29vTt37rRarQaDISoqqri4mOwvLi729fUdGhrSarXnz5+nGz84OGgwGM6ePZuRkYEgSElJicVi6e3tbW9vb2lpaWhooLvZ2dmJYZjFYklKSrLZbHq9/tq1a8PDw5WVlaRYdXX15OSkXq9vb2/X6XTffvst5ygCprLhlOSLIYndbs/Nza2trV2zZg3nlLHtEYAeYRzHe/6BPS4bl3OK47heryfzx2QyCUeST6HAKJybQrdv3963b9/x48cFIsY2QK1W63S6v//+m9Kcm5urUqm0Wi3Z09ra+vTp0/b2drKp1Wqzs7MRnqRiz0JxcfHy5csHBgba2troNSaMBcMdjUazfv16quQw6O7uXr9+vUaj4YwJX+jq6uq0Wq1WqzUajREREQMDA5w20+eRnZCM54BLU0U6xfDIUy646YX4Oxr4PwhBhoeHEQR5+PAh2ezq6oqLi6P+hKIoXZJski8xmUxkf1NTU1paGkEQ4+PjEonE4XCwRzGZTDExMeQ1juMoio6Pj3M26QwNDYWHhxME4XQ6pVLp3bt3qRGDgoIoS+ivdTqdKIpSki0tLUqlkpKcmJgg+zs7O318fCYnJymv4+PjyWuZTIbjOHmNYVh6ejp7FAFTXUJK8sWQCnJ2dvaePXs4NbDtYc8UGR8SeoRdjsvQwDmndGFG/nR2dlL5w44kn0KBzOFMD7PZHBcXd/HiReGIcRqgVCovXbpEvdDhcFgsFj8/P3L09PT0srKyrVu3kgLLly+fmpriTCrO3JNKpfTYUrNgZsF2s6amJiQkJD8/32g0Uv1GozE/Pz8kJKSmpobyhR4TgdDJ5fLe3l56j0Dm8CUGwcoNPlPZcEqyPfKUC571grqjGS8E2LiuMXyPJ4EaI5VKqf6BgQG5XE5ev/POOwqFoqys7Pjx41euXKFknE6nxWIhr5uamjIzM6k/MZq9vb0bNmyIiIiQyWQhISGkMRaLxdfXlz4iVWMY08+QNBqNnInCeArTH6kIgsj+ISQkRC6X8yUZp6kyGgKSfDEkx6qsrPTx8Tlz5gx7UE6vhb2jR1h4XE4N7Dll3NV8xYkdST6FfJ0EKz1IlErlyZMn6QawI8ZnQG1trUajIQji1KlT+fn5pLBCoejo6LBarVFRURMTE3K53Ol0NjY25ubmEjxJxZl7jNjSZ0EM4+PjarVaIpFQPRKJRK1WU++NOGPCGbqJiQmJROJ0OukvFMgcgZuaM//Zpop0itMjj7jgvhecdzTUGJfM6Wf+P/zwQ2NjY2pq6tTUVFlZ2d69e8n+xYsXr1y5krwW/kaZWq1eu3atTqfDMKytrW0ujUcQxOFw+Pj49PT0YBiGYZher8cwjE+Y01SMhrAkH5OTk01NTRcvXiwvL6c+GHAHN7+AxDenwghEklMh3yhs40dHR/V6Pd0MzojxGZCbm0tOQWtra25uLimcnZ2t1WpbW1tVKlVgYKBCodDpdNRGmfu43CtDEOTOnTvFxcU6na66uprqrK6u1ul0e/bsuXPnDtXJiInABC1evNgj9osxVaQkp0dz7wKnbf/uw2cBI1yCZreOQWgL0ubmZmpBSgfDsKioKEan0+mUyWTUtgOj+eeff9LfGWEYRhpD7kIMDw+T/fS9MsZbDIG9MjHrGIIgUBRlL8/Zb2T4TGXDKckXw+HhYYlEMjAwQBCESqUqLi5mK2Tb8/DhQx8fH/qGFWUMI8J84wpooEPOqZh1DMEVST6FfJ0M4ymP6D0CEeMzICUlRavVBgUF0beI09PTc3Jy2traCIJoaGgoKSkJDw8nF998e2Xs3KPvlTU3N4vfKysqKkJRtKyszGazMf5ks9lKS0tRFC0qKuKLCTt0BEHI5XIMw+h/FV7H8N3UjFcJmCrSKYZHnnLBTS/47mhYx7hk9jUGx3GJREJtVlJNciLz8vLMZrPBYFAoFFVVVQRBDAwMZGVldXR02Gw2k8m0Y8cOlUpFaSb3W3U6XUpKCtXJaBIEIZfLGxoaJiYmjEajWq2mjMnLy1Or1cPDwwaDITU1VWD6d+zYkZOTYzKZDAbD6tWryU0V8TWmqKhIqVQaDAaLxVJXV1ddXc2XZHymipHkiyF9rMHBQalUqtfr6QHk8zo9PX3Hjh1Wq9VoNGZkZFDGMCLMNy6fBs45FVlj2JHkU8iXOez0YIRCOGKcBhAEcfjw4dTUVHpyknMkl8tJzWazefny5QqFgvorO6k4Z0GtVtNjK36vrKCggHoLxcnw8HBBQQHBionATVdTU5Oenq7X681mM/mG3WWN4UwMxnPApakinaI88pQL7nvBeUc/fPhQIpEMDg4ydu0AitnXGIIgqqqq/Pz8zp49S2/W19ejKFpbWyuXy4OCgj744APyw/OpqamqqqqEhARfX1+5XF5QUGC1Whmj7Nu3r7KyktLPaBIEodPp0tLSpFJpeHh4WVkZZYzValWpVCiKxsTE1NbWCtQYHMd37twpk8mioqKqqqrIzBBfYxwOR2lpaVRUlJ+fX3Z29t27d/lqDJ+pYiRJnewYMsYqKSlZu3YtwbqR2PYMDQ1lZmaiKJqcnHzy5EnKGEaEydfW1dUxxuXTwDmnImsMO5J8Cvkyh50enHPHGTE+AwiCIDfNqKwm2bp1a15eHtVMS0ujD81OKs5ZMJvNGzduRFE0ISHh+PHjz/p5jBgYMRG46ZxO54EDB2QymVQqVavVNptNuMZwJiQJ4zngWTzlgvte8N3R5eXl3nP/OcBFjZkF7iweExISrl27xtcUyeDgIPVR3gJlzhbgs4vwPMFLxuM4LpVKhb8oOG/xUkyejx2h58OLBYdkTj/8ccXt27cFmiLBMCwuLs5DFj3nzC7C8wQvGX/58uWMjIw5PlbLUyzoCQWeS7z1vbK+vr7du3cLCExPT7/77rt//PGHSIXCB5UfOXLk9OnTf/311/Xr1ysrK4uKip7NXABAEARB7HY7+a3lf9sQAHhO8FaN0Wg0MTExAgJLlizx9fXdt2+fGG0uDypft25dQ0NDVFRUQUFBSUlJYWHhsxoMAAiCUDv1/7YhAPCcsIggCI8ostvtDQ0NFRUVCIKMjY3J5fLJyUnqNLonT55oNJrW1lbqoA4EQX777bfs7OzR0VGXyj/77DOr1fr111+7Y+G9e/dSUlLoBgh7AQAAALiJx9Yx9MOxcRz38/OjF5isrCyn08l4SUhICI7jYpTDQeUAAAALkbn4nb/Vat2wYQP9gMJnYr4dVA4AAACIxHWNEXOaPftwbDrR0dEHDx4UbxPjYG2XB5Wzj/hGBI+4d/OIbwAAAEAkrmuMmNPs2Ydjzw72KeWIiIPKOY/4ZhtJ1+nxg8oBAAAADlz+gkbkafYuf2ou/BNczlPKCXEHlbOP+Cbm/KByAAAAgI2L32A+ePDAZrNR30J++vSpRCJBEARFUc/+SC05OVmlUt29ezcwMJDef/ny5fT0dHKs4ODgvLw8pVKZmZkZERGRlpb2+uuv2+328fHx1NRUtk4BI6VS6apVq8jrpKQkk8nEKebv719RUVFUVPThhx8mJydPT0+75SQAAMB/DBd7Zc90mr07cJ7pjYg+qHwuj/gGAAAAROKixqxcudLPz298fDzyH6h/9OJZKioqjEajXC5XKBTUAQEzMzOtra2Mby2/9NJLhYWFFRUVZ86caW5uDgwMDAkJETgCgBOHw3H//n3y2mg0vvDCC5xiu3fvVigU4eHhRqMRfjQDAADwrLj+zL+goGDPnj39/f2jo6PHjh07cuQIp5hMJnM4HL///juCID4+Puxfw7BxOp3kzhtJaGjoF198YTAYqB/NdHV1hYeHx8bGks1bt2698cYbP//889jY2P3790+dOqVQKBAEKS0t3blz582bN0dGRvbu3Xv16lWXQyMIUlZWNjIy0t/fX1VVpVKp2F4gCILjuMFgqK+vDw0NFaMTAAAAoOO6xnz55ZdKpTIrKys+Pv7KlSt8Xxvz9/c/dOiQQqE4d+6cXC5HEIR6UvOBYRh7AREdHX3hwgXymrFRFh8fr1Qqi4qKyA9jHA5HY2MjgiAHDhxYt25dZmZmfHy82WxOTk526RSKomlpaatXr87IyEhNTT1w4ADbCwRBLly4EB0d7VIbAAAAwInHzpJh8NFHHxkMhp9++olP4MmTJ0lJSYcOHdq+fTufTGJi4vnz51955RXP2ibmUBkAAADAfbxVY6anpzEMe/nllwVkfvnll9dee80bowsDNQYAAGBu8FaNmc9AjQEAAJgb5uK8MgAAAOC/yX9xHQMAAADMDbCOAQAAALwF1BgAAADAW0CNAQAAALwF1BgAAADAW0CNAQAAALwF1BgAAADAW0CNAQAAALwF1BgAAADAW0CNAQAAALwF1BgAAADAW0CNAQAAALwF1BgAAADAW0CNAQAAALwF1BgAAADAW0CNAQAAALzF/wBpRNpSggVikgAAAABJRU5ErkJggg==)
Mirror: Click here to view the mirror
Coordinated Disclosure Timeline
Vulnerability Reported: |
24 July, 2020 16:14 GMT |
Vulnerability Verified: |
24 July, 2020 16:29 GMT |
Website Operator Notified: |
24 July, 2020 16:29 GMT |
a. Using the ISO 29147 guidelines |
|
— |
— |
b. Using publicly available security contacts |
|
c. Using Open Bug Bounty notification framework |
|
d. Using security contacts provided by the researcher |
|
Public Report Published |
|
[without any technical details]: |
24 July, 2020 16:29 GMT |
Vulnerability Fixed: |
17 August, 2020 17:37 GMT |
— |
— |