Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:
      a. verified the vulnerability and confirmed its existence;
      b. notified the website operator about its existence.
Affected Website: |
rotterdamoffshore.com |
Open Bug Bounty Program: |
Create your bounty program now. It’s open and free. |
Vulnerable Application: |
Custom Code |
Vulnerability Type: |
XSS (Cross Site Scripting) / CWE-79 |
CVSSv3 Score: |
6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N] |
Disclosure Standard: |
Coordinated Disclosure based on ISO 29147 guidelines |
Discovered and Reported by: |
geeknik |
Remediation Guide: |
OWASP XSS Prevention Cheat Sheet |
Export Vulnerability Data: |
Bugzilla Vulnerability Data |
JIRA Vulnerability Data [ Configuration ] |
|
Mantis Vulnerability Data |
|
Splunk Vulnerability Data |
|
XML Vulnerability Data [ XSD ] |
|
Vulnerable URL:
![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAAA3CAIAAABVZQ1/AAAACXBIWXMAAA7EAAAOxAGVKw4bAAATfklEQVR4nO2df0yTxx/HH2vnKnuY2JSKyCayhSyGOGMcYQszBI1TRkzDkDBWkSBhhjDiiDGIC2NoqmN1WZhjLHGLM0u2PzZniDHMEbM0hhhE0jHCaoMEm642ppLiqitY93z/uO+e3J6753r9RYv7vP7inj7P5953n8/1+tzz8LklkiQJAAAAAJAANMkWAAAAADy2wBwDAAAAJAqYYwAAAIBEAXMMAAAAkChgjgEAAAASBcwxAAAAQKJIiTlm3bp1v/76q1oReDwAt/KQIr2UIjJIUlYYoEby55jffvvt77//fvHFF6lF4PEA3MpDivRSisggSVlhAIMwc8ytW7fS09OpH83Ozh4/flytyE9/f/+uXbvUijzgVUctA+fWrVsrV66M0Qibd999d/ny5V9//TW1SOpR88JiQXbr3bt39+zZk5mZuWbNmsOHDz98+JB6Pk+Td+7c+cUXX6hdjntwbm7uzTffZBjEz79x48bOnTtXrFixatWqffv2zc7OqlWKi5T/jiV48OCXI1nRFXiEJygwwo5B9ihLXLjKwqIe5nH5fgAiQ2IyPT0tiiLPR4wz2RQWFl66dEmtyANeddQyFAYzMjJiNMLA5/NpNBq73R4KhcgiVU/sjUouslvLyspqamrcbrfD4SgqKnrvvfeo54dtssPhMBqNDx48ULtc9mAwGCwpKamsrGQYxM/Py8traGjweDxut7umpqa6ulqtUmrgxRI8ePDjxoPBIC41vtHOlkGFXW/iwlUWFnUVj8FQWnRokzvD3b592+l0lpSUUIuPK4FAIC0tTb7lVxQfP2S33r9/f2BgYGZmZsWKFYIgWK3W+vr6o0ePRmGzp6ensbFx+fLlYc/0er3btm0zm80DAwNhT56bm2tpaamvr0e/xNva2srKytQq1Wq1+fn5ir/xgxHBCP4nn3wyCoPRkbJjMGWFAWFgT0Fo2v/kk09yc3P1er3ZbPb7/ZIk+f1+2cKZM2fw4smTJ0VR7O7uNhqNGRkZtbW1aj82JUnq6+urqqoii6hei8ViMBiysrJOnz4tSVIgEGhsbDQYDDk5OZ2dnehXP171559/jquSJCkYDNbX14ui+Oyzz3Z0dKBLqMbdbvf27dtFUczPz7dYLPJP0eHh4aKiIp1OZzAYKisr3W63bMFqtebm5qalpVVVVfl8voMHDxoMBr1eX1dXFwgE0OWkZp/Ph4tUFIeHh4uLi0VRzM7OrqiomJiYYHhBrU+oDaR2BU4oFGprazMajWlpaZWVlT6fT60K/uZT3YpHV0ZGxtTUVFpa2ujoqCRJPp8vIyPj8uXL6MwTJ05Qo8jv9+v1eq/Xi9ei5kE8kvnPlyRpfn7+0KFDtbW1jErZDAwM8J+AjwVyQJHHz5w5o2gU1cVhNTBkUKMR17Bnz57t27fL17a3t9fW1vKoirRzcGGKTqBWQQ0q8kLG6FYMHyBqws8xgiDU1dV5PJ7JycnS0tL9+/ejjxwOhyiKwWAQBY1cnJqaEgShsrLS5XJNTk4WFBR0dnaq2S8rK/vmm2/IIqq3trbW6/UODAw4HA5Jkurr68vLy10u1/j4+KZNm3p6ekglClXt7e3V1dVTU1MTExMlJSWnTp1SM24ymXDN8jdOX1/fV1995ff7vV7vgQMHTCaTbMFsNrvdbqfTWVxcbDAYUC+hn1otLS3ocqpmta4LhUJGo/H06dMzMzNTU1Mff/zx1NQU2wtU+9QGUrsCx2KxbN68eWxszO12t7S02Gw2tSr4m0+6lZxjJEk6duzYli1bJElqamqqqamRm6AWRVarVf7ql1HzoFyXYo5hn3/u3DmtVltSUiKvU1ErZZOVlVVaWjoyMkJ+NDw8XFpampWVJR9RjAV8QOHK8WhRNIrqYoaGsDKo0YhrcLlcOp3u3r176HhBQcH58+d5VEXaOQphPMOcDCryQsboVgwfIGq45hg5hoaGhvLy8uSPqM9j0CUulwsdP3fu3ObNm9HfLpcrNzdXviQQCIiiODMzQxaREfkjSZJCoZAoinKU9/f3FxUVkUoUqgwGg/yb2m63FxYWqhnX6XS4ZuqS+uTkJIp7ZEG+mbhy5YpGo5F/aA8NDT3//PMMzWpdNzMzo9Vq8cV3+QSqFxj2FQ1U6woco9GIfvfhUKvgbD5C4VbqHDM/P//CCy90dnYaDAZ0o8CIIkmS8vLy7HY7/uQjrAcVVYc9/8GDBzabraCgoK+vT63SsAQCAYvFotfrq6qqnE4nOuh0OquqqvR6vcViwe938bEg/XtAqT345Il2qgYeGWrRqKi3qKjo+++/lw8Gg0EeVRF1Dtk/PFWQQUVeiKMY3YrhA0RNZM/88QHGmGN0Op18fGJiwmg0or9DoZDH45E/OnfuXGlpKbVIhoLH41m2bJlcdDqd8s8ctVE3MzMjCILhH/R6PVJCNa7QLDdzdHR027Zt2dnZyAI6zugWvKimmfGtUV1dvXHjxtbWVqvV+ssvv6h1dUT2GV0h4/f7tVotuYBGrYKz+QiGW/EzBwcHBUGQ700ZUSQbxC9neJBaddjzERcvXty0aZNapZzMzMyYTCatVouKWq3WZDLJM7SiUaRgzjmG7WKFBk4Z1GhU1HvixIm6ujpJkk6dOkWuiIYNPJ7OIYVxVqEIKrIzeUY3ECML+sx/6dKlq1evlouxv7XMJhgMajSakZERrfb/zdRoIv5/IJPJ1NDQ0NfXp9Pp3G73jh074qiQ5Ntvv71+/fr4+LjH42ltbX3llVc+/fTT2M1ydsXSpUtjr0sBp1u9Xq9Go/F6vWHP7OnpaW1tjYc0Cg8fPrTb7S+99BIq5uXleTyeWCq9efNmR0eHzWbr6upCR7q6uqxWa1NTU1dX13PPPYcOxh78DBeTGjhl8ERjRUVFcXGxIAgXLlyoq6vjV0UVRlVFCuOsImxQLfDo/o/CnoKiu48RsFWO8+fP46scMqFQyGAwyIswiiL5UyK6tTJRFMn1H6pxfOXk/PnzqJl37tzBf/rZ7faI7mMiXStTYLfbc3JyGNVx2md0BY7RaLTb7YqDamtlnPcxCrcGAgGNRoMvsuXn50uS5Pf7s7KyvvvuO71eL7/moBZFgiDo9Xr0w1Oj0aBfr2oexFUx1srk84PBoFarlddJ+vv70cILtVJGZyL2798vimJra6v8AgXC5/MdOHBAFEX0XE3RSwrB/GtlVBeraeCUISNHI1lvQUHB4OBgRkYGWs7lUcXfOVRhPFWQQaW4kHN0AzES/RwTCAS0Wq28kCoX5ae1brd7fHx848aN+NNaeXkXLXbLxxVFqpsbGhp27dpFPvPHlShU7d+/v6ioCP0Q6+7u7urqUjOOngDLmuVmGo3G3t5ev9/vdDpNJlNEc4yaZrVvjYmJiR07dly+fNnn87lcroaGhvLycnZ1PPYZXYF7xGKxFBYWomf+zc3N8jN/sgr+5ivcKknSjh07zGYzejuguLgY/X9MU1MTWmY5duxYSUmJhD3zJ6PI/Q9Xr159+umn0d8MDyo6OazHy8vLq6ur3W633W5fv359b28vo1I2ZrN5enpa7dPp6Wmz2UztJenfAwpXjkf4vXv3tFqtw+FAi5xUF7M1MGSoRaNEjLKOjo4NGzbIn/Ko4u8cav/wDHMyqMgLeUY3ECPRzzGSJHV2dqalpaG3AOUietWS+tYpbu3gwYPt7e2yKUWR6mbqe7qkEvzvYDB44MCBnJyctLS0srIy+TUt0jj+JqvVasW/JTdv3qzT6bKyslpbWyOdYxjvFpONnZ+f7+zszM/PX7ZsmdFoNJvN8gNwxkwf1j4ibFeEQqFDhw4ZDAadTmcymcK+u8zTfIVbJUm6c+dOTU2NXq/Pzs5ua2ubn58fGRkRRRHdUgSDwdzc3LNnz6Iq2G/AK+pV86Cik8Oef+fOnerq6oyMjJycnGPHjrErjQtkLyHwAUUeRxHe1tbGjvaoZahFI6nBbrcL/7wNjIijKlIYKYCsghpU5IU8oxuIkTBzTBRweig/P//q1atqReDxANzKQ4r0UtQyAoGATqdL3ItYKdI/QHQskSQpvg94bt26VVBQ8Oeff8bXLAAAqcmPP/7Y29v7888/J1sIkIokP++yAPm6kwRsqZCaJNcRkdY+OzuL3lpOnCRgUZP8OQbydScF2FIhNUmuI6KoXX5gljhVwKIm/nPM2rVrI1ooi8u/xfCkE09KWm/OPOcLry3R/5xEJY5Z3xdgv4OkBAzuCJ4tCeLbCVGEwdzc3A8//IBn7UzZmAeSQ7IfCEWTzJ8KNekFTrJeFwkrTEqGtti3VIiCODZzAXosKQEjO4JnSwKJL7qiqD1GUjPmgaSQ5LWyOObrXsj85xGRgsL+m1sqpD64I9CWBFarlX1JHKPrvzAYgYUn/BwzNze3b9++9PT0tWvXvv/++48ePRIE4dq1ay+//PLy5cszMzN37979xx9/oJN/+ukntjXFCf39/du3b3/iiSeQzVdffTU9PX3NmjVvvPHG77//LgjCo0ePDh8+vGrVqqeeemr37t13795Fd+LHjx/PzMxcvXr1l19+Kfx7F8L09PSPPvpo1apVK1eu3Lt3719//SUIwuzsbG5ubiAQWLJkCdpuMiKpUWsjt0rk0caul9oDpBhG0/BuJ4v3799/++23MzMzn3nmmQ8++ODRo0dqygWV8EDnnzx5ct26dStXrnzrrbfw3SQ//PBDhR3F6opiK8nbt2+//vrr6enp69atO3nyJP4RaYqhn2pfTarCKZ999tlrr70mWzhy5MjevXvxLiUrVfMUozm4I9auXXvkyBGGE/F+o8aJEGGQhx2MQiJjPqxUYJESfo7p6up68ODB2NjYwMCAzWbr6+sTBGF0dLSxsdHr9Y6Pj+fk5DQ3N6OT6+rqtm7dev36ddLOtWvXtm7dqshohK//lpeX19XVuVyuK1euFBcX63Q6QRC6u7sHBwcHBwedTmd2dvbExIQgCIFAwOFwjI+PnzlzBuVKwgkEAsPDwyMjIyMjI6Ojo93d3YIgrFixQk7rbTabI5W6wNrY9VJroYrJJCC7nSy2tLR4PJ7R0dGBgYH+/v7e3l415YJKeKDzx8bGhoaGhoeHXS5Xe3u7fHzkH3A7DJqbm5ctWzY5OTk4OHj27Fm8M6mmqPoZUKUqnGIymWw2m/ygsb+/v6KiAjeiVinpKbXmkI7gRy1OIgrysINRSNJ4BBY3YVfTwuaEl3NiSzHk61ZLJE4mnKdm3lbLlobnhCdzcnBKjUWbIrsUpzZ2vdQeoGbmdxNIzC0VJGYyf6pyxu4J8mYEV65cQZsRqNlhJA5AicVkPXISfjVTkSZYU5NKqiKT2Msf8W+yoNYc0hFUDQrQp4wk/NFtLsAwmLiYV9uDAFjshJlj1PJmU3Ni41dFka+bTCROTThPHXX4HKOWE17te5xHatTaFOMtIm3Ueqknq2Xmp8LYUkFST+ZPVc65e4L8na5mhzEHKPTISfjVTEW6GQH/R2QSe3ankRYYzZFo6f2pFqifqiXhR0SxuQDV4ALEPLkHAbDYCbNWJufNttvtdrt9bGwM5SYymUxbtmyx2Wx2u/3ixYv4JTdv3kQZFfF83Tabramp6ebNm/iZZCLx06dPb9iwYX5+vrW19Z133kHHE5FwPlKpC6+NXS8VUgx1rSyOby2rhcdjSUVFBQr1CxcuKBbK4kIsjmDECWeQcw5GYWHHI/A4EHYWIvNmq+XElmLL140jJxInE86HvY8RVHLCKy7klxqLNsa6AUMbu17qydTM/ORaGXtLBYlvrQxXTk2rzriPodq5d++eRqPBF6wUa2Vygl61tTLZFFU/wz7/fYxEJLFndxrVglpz1IYD530MDp6EP5bNBagGExfzjD0IgEVN+DmGmjebmhNbiiFft1oicTLhPM8cQ80Jr0jrzS81Fm3keOPRxq6X2gNqmfkVsLdUQFCT+asp59k9QTHHUO0UFhY2NDR4vV6U8x9ffa2srDSZTNPT0+Pj4xs2bAhrirrfgZp9dk5rhVMUSezxJxb8myxQm0N1BNUCXin6lJGEP7rNBRgGExfzYfcgABYp4ecYampuak7siOBMJE4mnA87x6jtLCARmxFwEos2xXiLSBtnqn+EWmZ+BewtFRBqyfypynl2T8DnGLWM/ZOTk6WlpaIorl+/vqenB48or9dbXl4uimJubu6JEyfCmqLud6BmnzHHkE7Bk9iTj6w5N1mgNkctvT8pjyyyk/DzwJ/VP9ExDzx+JO3//BOUr5tn0SlZpIK26LZUSAXlCIfDodgQfiGJexJ7uTnRDYd4+SVxyfNTJ3KAZKFdsAc/Cm7cuJGsqv/LKLp90XnBbrfn5eUlq/ZLly4VFxfj/zUZI3JzkuuIRRcGwCIiaXMMAHBy9OjR7OzsXbt2TU1Ntbe3d3R0JEUGSmJfXV0do514Nefhw4dDQ0M5OTkx6gGAhJL83P4AwKakpKS3tzcnJ8dsNre0tCiSuCwY8UpiH6/mNDY2Njc3WyyWGPUAQEKJ/z6YAAAAAICA+xgAAAAgUcAcAwAAACQKmGMAAACARAFzDAAAAJAoYI4BAAAAEgXMMQAAAECigDkGAAAASBQwxwAAAACJAuYYAAAAIFHAHAMAAAAkCphjAAAAgEQBcwwAAACQKGCOAQAAABIFzDEAAABAooA5BgAAAEgU/wPRRuRmcfuF0wAAAABJRU5ErkJggg==)
Screenshot: ![rotterdamoffshore.com vulnerability](/twimages/screen-1239281.jpg)
Mirror: Click here to view the mirror
Coordinated Disclosure Timeline
Vulnerability Reported: |
26 July, 2020 14:31 GMT |
Vulnerability Verified: |
26 July, 2020 14:37 GMT |
Website Operator Notified: |
26 July, 2020 14:37 GMT |
a. Using the ISO 29147 guidelines |
![](/images/done.png) |
— |
— |
b. Using publicly available security contacts |
![](/images/done.png) |
c. Using Open Bug Bounty notification framework |
![](/images/done.png) |
d. Using security contacts provided by the researcher |
![](/images/done.png) |
Public Report Published |
|
[without any technical details]: |
26 July, 2020 14:37 GMT |
Vulnerability Fixed: |
22 August, 2020 15:48 GMT |
— |
— |