Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:
      a. verified the vulnerability and confirmed its existence;
      b. notified the website operator about its existence.
Affected Website: |
jcsearch.com |
Open Bug Bounty Program: |
Create your bounty program now. It’s open and free. |
Vulnerable Application: |
Custom Code |
Vulnerability Type: |
XSS (Cross Site Scripting) / CWE-79 |
CVSSv3 Score: |
6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N] |
Disclosure Standard: |
Coordinated Disclosure based on ISO 29147 guidelines |
Discovered and Reported by: |
TharunAvula |
Remediation Guide: |
OWASP XSS Prevention Cheat Sheet |
Export Vulnerability Data: |
Bugzilla Vulnerability Data |
JIRA Vulnerability Data [ Configuration ] |
|
Mantis Vulnerability Data |
|
Splunk Vulnerability Data |
|
XML Vulnerability Data [ XSD ] |
|
Vulnerable URL:
![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAAA3CAIAAABVZQ1/AAAACXBIWXMAAA7EAAAOxAGVKw4bAAARLUlEQVR4nO2dfVBU1RvHr7DiZXcRWXaRl1UBDRlrEPMlLDImGiNkGpp8oaJc0SEkMoYhQzIjbNBR0NLGGMwZdJzyD8dxmGqIqBigzRfYFlwQVjJYYCHelxZdYGV/f5x+Z+7vvu1dYIH4PZ+/9pw9557nPOfCc/fce7/PApvNRgAAAACAE3CZbQMAAACAeQvEGAAAAMBZQIwBAAAAnAXEGAAAAMBZQIwBAAAAnAXEGAAAAMBZzIkYExQUVFdXx1UECPAJAAD/TmY/xty5c2diYmLt2rWsRYAAnwAA8K/FToxpa2vz8PBg/cpkMh07doyrKJySkpKXX36ZWeQZeoaZdUuwTwYHB/fs2aNQKAICAj744IPx8XFHD4Xn0tbW5uXlNenuAAAAQpj875ihoaG8vDyuonC4YsyKFSv6+vombd58AvtEpVKNjY1ptdqff/5ZrVYfOXJkhi2BRQEAwCFmea+sq6tLr9dHRUWxFhctWjRbhs0dsE8ePnyo0WiKiooCAgJWr1596tSpq1evOno0kUgUEhJC/eAosCgAAAhHUIz5/PPPg4KCvL2933zzTZPJRBCEyWQKDAw0m80LFiy4ePEitXjq1CkPD4+TJ08uXbrUy8tr9+7dDx8+5DpySUnJ1q1bFy5cyCzibZlHjx4dOnRo6dKlEolkx44d/f39qPHt27efffZZDw+PgICAV1999e7duwRBjI6O7t2718PDY8WKFR9//PGjR49w482bN7u7uysUih07dnR2dqLjHzt2TKFQ+Pn5XbhwAbXkGo7pBBqsHUdGRt5++22FQrFs2bJPPvkE2YOGLigoCAoKkkgku3bt6u/vf//99xUKhbe39549e0ZGRpgucnd3b29vl0gkqL6lpcXf358giM7OzhdffFEikaxcufL06dP8O2ABAQG1tbXow82bN1HlDz/8wNOF2oC61SZwCl1dXdu2bfPw8AgKCiooKGA1j7mUrKvDtTSsMFecf44AADgD+zHGbDZrtVq1Wn3r1i2j0ZiVlUUQhKenZ1NTk1QqtVgsiYmJ1OIrr7xiNptv3bpVU1NTU1Oj0WhOnDjBdXCujTIqJ06cKC8vLy8v1+v1/v7+jY2NqD4uLk6lUhkMhurq6sjISJIkCYLIzc198OBBfX19aWlpZWVlYWEhaqzRaJKTk7u7u3U6nVKpTEtLQ1NramrS6XTFxcWRkZE8w7E6QYidBw4cMBqNGo2mtLS0pKTk3LlzVK9WV1drtVqj0RgaGtrX11dfX3/jxo3W1tbs7Gx+nzQ3N2dmZubn5xMEkZaWtnjx4qamprKysuLiYtxGwYBrFVQqVXR0NIo9NG7fvh0dHa1SqZhfCZxCWlqam5tbS0tLeXn5pUuXWA1gXUrm6rB6mGuarCsOAMBMY+OltbWVIIjh4WFUVKvVwcHB+CupVEptiYqoi8FgQPXXrl3bsGED+mwwGAIDA3EXs9kslUoHBgZYi/iAPj4+Go2GZtjAwIBIJLJYLLR6uVxuNpvRZ61Wu2nTJuakWlpafH19kZ14OAxzOB4n8He0Wq1SqfT+/fuoWFJSEhERgQ84NDSE6qurq11cXB48eICPv2rVKlafIDo6OoKDg69cuYKGIEmS6u0lS5bgZjSYNuNR8vLyZDLZzp079Xo9qtTr9Tt37pTJZHl5ediltFW2OwVkHvYA1TwM61Kyrg7rmSBkmmjFuaYPAIDzENkNQlKpFD9K5O/vPzAwYLcLSZLLli1Dn0NDQw0GA+6uVqtxs7Kysk2bNuHNE1oRYTKZBgYGwsLCaEN4eXlt3749IiLi+eef9/f337Bhw3PPPTc4ONjX1xcYGIjaTExMiET/TPD3338/ePBgY2Pj2NjYxMTExMQEmprA4ew6gbVjT0/P2NhYUFAQdgX614kO6OnpiT4rlcrFixe7u7vj4+P76qw+2b59e3p6+q5du9AQBEFQvY2bBQQEEMKQSCSHDh1KSUlJSkpas2YNelxtzZo1cXFx9+/fx3YyfWJ3Cj09PRMTE1QPMI/DupQEY3W4loZrmqwrDgDADGM/xkwjrq6ufn5+uChkowx3ZFZ+8803tbW1Op3OaDRmZGQ8/fTT2dnZLi4uNTU1OLS4uPyzGRgfH79v377CwkKSJDs6OmJiYvjtdHRqU+zIBdMnXV1d9fX1v/32m92+zM2x3t5ersZ//PHHkSNHKisrc3NzUU1ubm5+fn5qampubu7KlSsdt90BmEuZmZnJ2pLpYa5pOrTiAAA4C/6fOcwNMbzXIXCv7Pr163ivjIrVapXL5XgXhVa0/e9emVar5bdTq9UqlUqbzSaVSpnbKT09PSKRiNp4yZIlNPsxzOF4nMDfkWevjOeAuMj0Caqk1tD2yq5fvz6JvbKUlBSpVJqRkdHX10et7+vrS09Pl0qlKSkpNFcInwJJkq2traieda+MBlpK1tVhPRNYp8m64vzjAgDgDCb/7LJcLrdYLPfu3WMtZmRkdHZ2NjQ05OTkxMXF4V6jo6Pog1qt9vX1xbsotCKV9PT05OTkO3fudHZ2vvvuu1VVVQRB3L1796WXXvrll1/6+/vb29u/+OKL8PBwgiASExNTU1MbGhq6urpOnjx59OhRgiAUCoVMJvvyyy9NJtO9e/dycnJ45sU6HBd4OqwdXV1dExIS0tPT29vbkStef/11fq9SYfWJq6srepwMF2NiYqjexl8FMOAayGw263S6goICb29var23t/fp06d1Op3ZbBZuNs3auLi49PT0trY2mnkYrqVkwro0rNN0aMUBAHAi/CGI/3I1JydHLBYXFxdTiwUFBVKp9Pjx4z4+PkuWLHnrrbfwrWDq0TIzM7Ozs/GhaEVqY6vVevDgQblcTpJkfHw8utYeGxvLyckJCQlxc3Pz8fFJTEzs7u622WwWiyU9PV2pVIrF4tjYWHzJX1lZuWHDBpIkfX19MzIyeH7HMIfjcgKtntVOs9mcnJwsl8uVSmVOTo7VarXrVVxk+oTZ2GazdXR0bN26VSwWBwcH5+fnO/WC3dHfMTabrbu7Oy4uTiqVBgYGHj9+nGke61Kyrg6rh7lgrvhUJg4AwORYYLPZpjdotbW1PfHEE3///Td/s9WrV1+6dOmpp55iLQo/zjyG6RO7tLW1hYeHDw4OOs+qqdDc3Lxly5a//vprtg0BAGCGmNF7/lSam5t5igAxH32i1WqDg4Nn2woAAGaO2dddZmV8fFytViuVytk2ZPLU1dXt37+fp8H4+Phrr7027y/qjx49euHChd7e3ps3b2ZnZ6ekpMy2RQAAzBxzNMYkJyenpaVNTmRzjqBSqfCbOqwsXLjQzc2N6yHdeUNUVNS5c+eUSmViYuKBAwd279492xYBADCDzPYNofkDUp5Gn/v6+lxcXKjvrlssloSEBNp9bI1G4+j75xUVFeHh4WKxOCIior6+fupm2xg38KeXqR+8uLg4NDSUJMnQ0NAzZ85Ml2FUhoeHDxw4sHz5cpIkQ0JCjh8/jp7OcBJOdTgAzCnm6O+YfyPU7AZms1ksFmOJ4tHR0ZiYGKvVSusik8kcfSw4ISEhJycHvVSYlJQ0dbOdzRTTAZw/f/7w4cP5+fkdHR2FhYVnzpxBz6NPL0lJSQaDoayszGAwnDt3rrS0VKPRTPsoAPD/yGwHufkD9eKU+Wjvp59+yrx6ncT1rFwuR68Zfvvtt2FhYVO2epJmzBhKpbKsrAwXNRqNWCzG+mnTwoMHD0QiEdZemwHmssMBYHqx/zuGqU5P1XX38vJ64403qFr3THV9pk47q3I7jww+U4GfBmrGTCjA1Z1/Ujxi9VwD0ZId0MxbsWLFhx9+6FDs59LbT01NjY2Nfeedd7Kzs7/++mvat6z5DhyCSxKfS35foMfQQXjOHNakDCaTqaOjA+cTIghi3bp1FRUV6LPAE4ZryTBIygzrD9GYYrYInnwEdrNFAMA8wH6MYVWnN5vN9fX1SOveYDBQtehZ1fWZOu3MGh4ZfFpLVjl3roQCrAL+XJMSIlbPOhAt2cHUF4ZLbx+J0xQXF5eWlj7++OO0b1lF8oWL/BPckvhc8vsCMxRguM4crtOGJEmcXgixceNGlERH+AnDn2xCIpHExsYmJCT8+uuv1Mw9PIZxOUpgPgJCWLYIAJgP8P/MYVXcomndV1dXU7Xumer6TJ12Zg2/DD5T3J4GV0IB1u48k7IrVs+TuYBnr4yrklrDTHzA1Nv/6quvwsLCuru7o6KiYmJibDZbS0uLj48P+pYr34Fd4TKurRssic8jvy/EY1S3cJ05rEkZePaUhJ8wPEuGGR4ezsrKCgkJEYlEq1atwooMXIaxOkp4PgKB2SIAYB5gJ8YYjUY3Nzdc1Ov16G+JS0cEid7L/4tMJvPx8RFyH4J1INaWrLS2tpIkiYuNjY3oPy9rd0cnRS1yDWSbcoyxWq1Go5HWZWBgID4+Hss74n9YRqNRLpfn5eXduHEjPDwct09ISAgPD8/IyMjPz6+oqGBzFQtUMzQazQsvvODv74+WDzuBeWThHuO5TYXasJ42Nputo6OD6m0qwk8YniVjYrFY1Gp1RETE4cOHeQxjdRRz6KGhIZFIxHxETaDKKgDMA6b5PX+LxcJU1x8bG5veUZi7PTU1NdM7xMxDS3xAMPT2e3t7BwYG1q1bRxCEn59fcXFxfHx8TU0N3gAk2ETyz549a1fkf2xsDK8XlyS+cPn9ScB62hAEgfYex8fHqdtltbW1rHlopoVFixZt3rz5zJkziYmJR48e5TKMcCR3wLRnfACAfxF2YoyPj4+bm9uff/6J1H+bmpr43yv08/MTi8X4XyGira3Nrh0ODaTVamk1VqvVYrG0t7ejbF16vX758uXTNSkawgeaCvv37798+XJycrJer0dyyDKZTCQS3bt377HHHiMIYtu2bUlJSUVFRTqdjtpx/fr169evJwgiNjY2Li7u7NmzTHfRaGxsRBIvvb29RqPxo48+QvW0Z45pR57GGMN62hAE4enpqVQqKysro6OjUU1DQ8OWLVt6enocWkS7SzYyMoLu8eD26EFzLsP4HUW1XyaT1dXVrV27VpAjAGDeYeee/yTU6VnV9e3i0EBcqvVcCQWmPikarANRsxu4uLgw34ZhYrVa8QXyyMgI9YE0pt6+q6trUlKSSqVqaGjo7++/ePHitWvXfH19r1y5ghpwieSzuuvHH3+8cOFCf3//7du3s7KykpOTCW5JfOHy+5OG67Q5cuSISqX67rvv+vv7q6qqdu7cmZ2dLZFIHF1EnnOjubk5ODj4/PnzXV1dJpOpqqoqNTV13759PIYJzx3gUKoIAJiH2N1NY6rT8+8mM9X1Bb4XIkQGnwvUjJlQgKu7o5Oi3V1gzVxgoyQ7sFgsJEnie/Vcs7569Sp+x0XITC0WS1ZWVmBgIEmSTz755OXLl+/fvy8WiysrK23c+Q5YuXHjRmRkpFQqXbVq1alTp3A9qyS+EPn9qdyPsXEnZbBR3vMPCQmhvucv8IThXzLE999/HxUVtXjxYrFYHBYWVlRURPX5VLJFsOYjgPsxwP8P06/tPyvMWCIA4QO99957Op3up59+4mowOjoaGhp6+PDhvXv3OnRkwCHAsQAwi8yatv+8Jz8/n/9GyKJFiy5fvvzMM8/gGpVK5XSzAAAAZhDQK3MWCxcu3LhxI38baoDx9fX97LPPnGwUAADAjAK/Y+YKWEATAABg3jBP7scAAAAAcxDYKwMAAACcBcQYAAAAwFlAjAEAAACcBcQYAAAAwFlAjAEAAACcBcQYAAAAwFlAjAEAAACcBcQYAAAAwFlAjAEAAACcBcQYAAAAwFlAjAEAAACcBcQYAAAAwFlAjAEAAACcBcQYAAAAwFlAjAEAAACcxX8AaKi/kQr/n5kAAAAASUVORK5CYII=)
HTTP POST data:
![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAAAjCAIAAADNIk3yAAAACXBIWXMAAA7EAAAOxAGVKw4bAAABXUlEQVR4nO3coYoCURSA4bOLTREsNpMgRt/CJmieZPZdNPgevo5MUsRiUYyCuMGyaccNx2WH72sDE077uffA/Xg8HgEACT7/egAAaktjAMiiMQBk0RgAsmgMAFk0BoAsGgNAFo0BIIvGAJBFYwDIojEAZKluzPF4HI/HzWaz3+8vl8tOp/OGsQCogUblH4vFot1ub7fb2+02m83eMBMA9fDx87vL9/u91WqVZdnr9SJis9nM5/Pz+fyu8QD4xyruyk6nU0Q8AxMRw+EwfSIA6sLOH4AsFY3pdrsRcTgcnp9lWaZPBEBdVOxjImI6nTYajdVqdblciqLY7Xb2MQC8ovqubL1eX6/XwWAwmUyKonjDTADUQ/U55rv9fj8ajZxjAHiFnT8AWTQGgCwaA0CW3+1jAOB1zjEAZNEYALJoDABZNAaALBoDQBaNASCLxgCQRWMAyKIxAGTRGACyfAEnQksFrwqRdwAAAABJRU5ErkJggg==)
Research’s Comment:
![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAAAjCAIAAADNIk3yAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAGXElEQVR4nO3cX0hTfRgH8KNIbnY2t7Fjhkuti4qI6GKI0ooQyhoiY5UJjQwCL8JCTl0MDRuLJi2UkPUXC7vqRmzECIsoGtKFyTpMRWNSc2Fa6NZszZMgvy4O72FMp3vfOvmm38/V+T2/h3OeefPwe85mBiGEAgAAkEDmShcAAACrFnoMAABIBT0GAACkgh4DAABSQY8BAACpoMcAAIBU0GMAAEAq6DEAACCVZXrM06dPc3Nzp6enxciePXuampokroqiKGpsbEyhUKzUU8R4YkJScjQabWlpkbpCAIC/1zI9pqKiwmAw2O12Yfno0aNgMNjY2Ch9YSusqKhoampq6eDXr18dDsefrQsA4G+y/Kysra2to6Pjw4cP8/PzVqvV4XCsX7/+D1S24rKzs9MMAgDAopbvMdu2baurq7NarXfv3lUqlbW1tUL8zZs3e/fuVSgUBQUFR44cGR4eThUUHT9+/MqVK+KyrKysra0tcfo0NjamVqsX1iAMqVpbWzdv3qxWq0+cOBGNRoWtHz9+nD59WqFQFBUVXbp0aX5+XsxvaWlhGGbjxo337t0TaisrK5PL5QzDHDt2bHx8XLz/1atXN2zYoFara2trZ2dnqRQztMRgNBotLi6OxWIZGRkPHjy4ceNGRUWFmNnU1CT+oQAA1qy03vk3Nze/ePGisbGxvb1dDFZWVp46dSoUCvX29hoMBplMliooqq6udrvdwvXExATHcQcPHkyz0Fgs5vf7X79+3dfXFwqFxHmd3W6Px+N+v7+np8fr9d6+fVvMHxkZGRwc7OzsNBgMFEX5fL66urrJycnBwUGdTldfXy9m9v/D5/M5nc506snNzR0ZGaFpmud5i8ViMpm8Xu+3b9+E3cePH5vN5jQ/GgDAqkXSU1NTU1hYKC7D4XBWVhbP84k5iwYTxeNxpVIZCoUIITdv3qyqqgoGgzRNiwnBYFClUonX4lYwGKQoamZmRlj29vZu2bJFuNZqtbFYTLjmOK6kpETMD4fDqSoZHR3Nz88XM4WSCCHd3d16vT7x6UllJFWbuCwtLe3q6hLjS/wdAADWiLTOMQMDAz09PUql8s6dO0JErVYfPXq0tLT0/Pnzra2tr169ShVMJJfLjUajcJTp7u6urq5OvxfSNC3OqXQ6XTgcpigqEolMTU0VFxczDMMwTHl5udAzhPyksdvbt28PHDhQUFDAMExJSQnP80JcJpNt2rRJuN6+fXsoFEq/qkQmk8nj8VAU5fF4jEYj3twAAKTVY86dO8eyrMvlunjxYiQSEYIPHz7s6OjYtWvX3Nwcy7Jnz55NFUwkjMsikUhfX19VVdUvVs/zfGZmZn9/P8dxHMf5/X6O41Ilm0ymffv2eb1ejuOePHnyi49eyGw2C7f1eDwYlAEAUFQas7Kurq7CwsJ4PE4IMZlM9fX1C3M4jtPpdOkEeZ7XaDTXr183m82EkJmZmczMzMQhWKpZWaqRGk3TPp8v6SlJ+YSQL1++ZGVlJdYm3CFpVuZ2u//zrIwQsnPnzufPn6tUKvETAQCsZcucY2ZnZy9cuOBwOORyOUVRTqfz/v37AwMDw8PDhw8ffvny5fT09MePH10u1+7duxcNJt0wOzv70KFDzc3NNTU1FEUpFAq9Xs+y7OfPnwOBgNVqFTM1Gg3P8+/evRO+KpaKxWI5c+bM0NDQxMTEtWvXLl++vGgawzAajebWrVvRaDQQCNhstsRdlmXHx8eHhoZsNltlZWXi1hJlaLVanucDgYAYMZvNLMsaDIY/8OtRAIC/wNItyG63C2/RRQ0NDfv375+bm7PZbFu3bl23bl1eXp7FYpmcnFw0uPCebrebpmnhYEQIGR0dLS8vp2l6x44d7e3t4gGFEGK1WnNycjo7O5c4x/A839DQoNPpcnJyjEbj+/fvyWInDEKI1+vV6/UymSw/P59lWfEcQ9O00+nMy8tTqVQnT54UCku8Q6oyCCE2m03YEpbCpE5cAgCscRmEkJVuc6vH9+/ftVrtp0+fFv2VDwDAWoP/ifk7PXv2zGAwoMEAAAjQY36baDTqcrn+1ReyAQBWN/SY30Z8o7PShQAA/F/gfQwAAEgF5xgAAJAKegwAAEgFPQYAAKSCHgMAAFJBjwEAAKmgxwAAgFTQYwAAQCroMQAAIBX0GAAAkAp6DAAASOUnJsUGOXJ6K1AAAAAASUVORK5CYII=)
Mirror: Click here to view the mirror
Coordinated Disclosure Timeline
Vulnerability Reported: |
26 July, 2020 05:13 GMT |
Vulnerability Verified: |
27 July, 2020 08:29 GMT |
Website Operator Notified: |
27 July, 2020 08:29 GMT |
a. Using the ISO 29147 guidelines |
![](/images/done.png) |
— |
— |
b. Using publicly available security contacts |
![](/images/done.png) |
c. Using Open Bug Bounty notification framework |
![](/images/done.png) |
d. Using security contacts provided by the researcher |
![](/images/done.png) |
Public Report Published |
|
[without any technical details]: |
27 July, 2020 08:29 GMT |
Vulnerability Fixed: |
27 July, 2020 08:36 GMT |
— |
— |