Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:
      a. verified the vulnerability and confirmed its existence;
      b. notified the website operator about its existence.
Affected Website: |
smamit.com |
Open Bug Bounty Program: |
Create your bounty program now. It’s open and free. |
Vulnerable Application: |
Custom Code |
Vulnerability Type: |
XSS (Cross Site Scripting) / CWE-79 |
CVSSv3 Score: |
6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N] |
Disclosure Standard: |
Coordinated Disclosure based on ISO 29147 guidelines |
Discovered and Reported by: |
xav0 |
Remediation Guide: |
OWASP XSS Prevention Cheat Sheet |
Export Vulnerability Data: |
Bugzilla Vulnerability Data |
JIRA Vulnerability Data [ Configuration ] |
|
Mantis Vulnerability Data |
|
Splunk Vulnerability Data |
|
XML Vulnerability Data [ XSD ] |
|
Vulnerable URL:
![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAAA3CAIAAABVZQ1/AAAACXBIWXMAAA7EAAAOxAGVKw4bAAARdklEQVR4nO2de0wU1/fAR1xkgQV5LSJgEdugIYaShm6xRdugVUs2dIuIllKLlSglaAlFq9BQSi0aBdtaS/3DJvSRahpDCCGEmq1NV7K1PnBZF0REguvyqF3RtSuu68J8/7j53cxvZu7ssLA81vP5a+7d+zjn3Mdh7swc5tA0TQEAAACAG/CabgEAAAAAjwV8DAAAAOAuwMcAAAAA7gJ8DAAAAOAuwMcAAAAA7gJ8DAAAAOAuZoSPiY2NbW9vJyWfQsACAOBWYIlNGdPvY65evTo2Nvb888/zJp9CwAIA4FZgiU0lTnzMrVu3AgICeH+yWCwHDhwgJcXT2NiYnp5OSk49LJVd1stlxmWBW7duBQcHu1UekcwcSSjBeTvFTHA6uaDIvXv3tm7dKpfLo6KiPv744ydPnswca3BxbdpMUKNJ2WTEyDD1u8cMxPX7mPv371dVVZGS4plpPiYmJsZsNuOky3q5zLRbAHAfUzCdcnNz7Xa7Tqc7e/asVqstLy93a3ezkUlZYqyNgpep3z1mIJLp7X5wcLC7u/u1117jTU4XPj4+09X1DLEAMEt59OhRW1tbV1eXv78/RVFHjhzJzs7Oz8+fbrkmGYlEEhcX51rdSVxi07hRzCJE3cd8/fXXsbGxoaGh7777rsVioSjKYrEsXrzYarXOmTPnhx9+YCaPHDkSEBBw+PDhBQsWBAcHv/fee48ePSK13NjYuHbtWm9vb27y4sWLK1euDAgIiIqK2rBhw7Vr19DNaU1NTWxsrL+//6ZNm+7evbt79265XB4aGrp169aHDx+idi5evLhixQpfX1+5XL5x48b+/n7q/+5tnVZn3gKz1GRKPjo6um/fvgULFvj7+2/cuPHu3bso/+HDhzt27JDL5YsWLfrss89GR0fFi801CK8i/f3969atCwgIWLp06S+//IJKbtq06YsvvsDtrFixAgns1BTBwcHvvPMOGlaSXo8fP962bVtAQEBMTMynn346OjqKCvNKIgB3TAUaF5D8wIEDcrl84cKF33//vcBYcOctCd5mSbLxasE6OeE9AhKYTqg6adVwFSGV9/X1vX37NnIwFEX19PRERkYyO+ro6AgNDT137pyAgt9+++26detwlbKysmeeeebw4cMo2d7e7uPjg+25Y8eO3bt3U3wzn2RY0rThNSwvUVFRly9fRte//fYbqRhvAeFNhiJMJ64ieMRJY8EdbqeieiTOfYzVatXpdFqt9sKFCwMDA3v37qUoav78+V1dXTKZzGaz5eTkMJNvvfWW1Wq9cOHCpUuXLl261NbWdujQIVLjAgdlSqUyNzfXaDS2trampKRIpVIsTGtrq06nGxgYWLZsmdls1uv158+f7+vrKy0tRXXb2tq2b98+NDRkMBiio6MLCwuZujitjmGpyfzp0KFDarVarVZ3d3dHRkZ2dnai/F27dg0MDLS1tbW0tDQ2NtbW1o6rX5ZBeBUpLCwMDAzs7Oxsbm7GSzQrK6uhoQFdDw4O6nQ6lUolbAq9Xo+G1Wg0Yhl49aqsrBwZGdHr9S0tLRqN5vjx46gwryQC8I4pqXEBybu6ugwGQ11dXUpKCklm3nkrALdZkmy8WohBYDohAXhXDUkRp6vs+vXrJSUl1dXVOMdisWRkZBw8eHDlypUCCqpUKo1G899//6EyjY2Nb775plqtRsmmpqaxsbGWlhaUVKvVaWlpFGHm8xqWNG14DSvnwFIzNzd39erV2OUwuXjx4urVq3Nzc5mZTjcZ0tLmnSECY8EdbgFRPRlakL6+PoqiHjx4gJJarXbJkiX4J5lMxiyJkqiK0WhE+fX19UlJSejaaDQuXrwYV7FarTKZbHh4mJscHh6WSCQ2m40rzP3791GytbXVy8trZGQEy/bcc89xVejp6YmIiBBfnaQXi/Dw8La2Nlamw+GQyWS9vb0o2djYmJycLF5slkF4FXE4HFKplGneoKAgmqZHRkYCAwNRfm1tbXp6ulNT4GFtbW3Fw8qrV1hYmNVqRdc6nU6hUCBleSUhwTumpMaFJWeZiCuzwLzlhbdZXtlIWnCnDbKGyOlEWjUkRQRWGcJkMi1ZsuTUqVPMTtPS0goKCoQVRNfJycmnT5/Gdfv6+vz8/JDWCoWiuLg4Ozsb/RoYGGi323lnPq9hSdOGZFgTB1YBq9VaVVUVEhKSlZXV3d2NMru7u7OyskJCQqqqqrCCtIhNhiYsAa4iYnY81nDziurxOH8eI5PJ8CFAZGTk8PCw0ypSqXTRokXoetmyZUajEVfXarW42JkzZxQKBT5SYCaDg4MzMzOTk5NTU1MjIyOTkpJeffVVJMz8+fNR+ejo6MDAQF9fX9w4fgR35cqVPXv2dHZ22u32sbGxsbExrIuY6k6xWCzDw8MJCQms/Dt37tjt9tjYWKw7mn8i+2UZhFeRO3fuUBTFNC+68PX1TUtLa2ho2LlzZ319Pf7bTcAUeFijo6PRsPLqde/ePbPZvHjxYpQcGxuTSCRIWV5JSPCOKalxYcmZJiKNxXjnLatZkuKkmTlxSKuGpAipPCIzM7OoqGjTpk04p6ysrKWl5cSJE8IKomuVStXU1LRhw4ampqa0tLSYmJi4uDitVhsfHz8wMFBeXh4XFzc6OqpWq9esWePt7T04OMg78ymOYUnThmTYqKgoYbv5+/vv27cvPz///fffj4+Pf/LkCUVR8fHxSqWyt7cXrzuE002GNJ24ijARHgthUT2eKX3mP3fu3IULF+Kk8BtlJ0+evHz5ssFgGBgYKC4ufvnll0tKSkR2pFKp8vLyjh8/LpVKTSbT+vXrJ0sFJnPnzp3cBrmvu4xLkaysrGPHjuXk5Fy4cKG+vt6FFhAsvWw2m5eX16VLl/AG5OXl4uuI3DEtLS0lNT4uySd9LCiy4lwtvvnmm0nvfSIMDg7q9fq//voL54yMjNTX1586daqwsDAjIwPtvAIjm5GRgY6Dmpqa0N8raWlparW6t7dXqVTOnz8/MTFRo9Hgg7JJgdew3MOxf//9l5Vz8+bN8vJyjUZTWVmJciorK6urqwsKCiorK5999llc0ukms3//fso904kkqucjfJtDOgHg/Yn3zrGhoYF1F49wOBxhYWH45pqVZKHT6aKjowWEYSbv3LkjkUiYdUmnFrzVxZ+V6XQ6rlK8Z2Vi+uVagFcR1lFDQ0MDbs1ms4WEhHz11VcZGRkCLQibglcvmUzGezBIkkQMaExJjYuUnCSzsM25kEaZVzZeLR48eODl5cU8fpzIWRleNQJHcAKrzOFwMCdSX1+fRCLp7OykaVqpVBYWFopRcPny5Wq1OigoCCml1WoVCkV6enpzczNN07W1tbt27YqIiBgYGKAJM59XX5HTBhvW6VlZfn6+TCYrLi42m83MfLPZXFRUJJPJ8vPzcddONxmasAS4iojZ8Vi1SKJ6Nq77GKvVKpFI8KkiTiKLZ2Zmmkwmg8GQmJhYUVGBW8CnnxqNZvny5Tiflezs7Fy/fv3Zs2fNZrPRaMzLy1MqlSI3a5qmw8PDa2tr79+/393drVKpJuJjmGoyj26rqqoUCoVerzeZTIWFhRqNBuXn5eWlp6cbjUaDwfDCCy8cPXpUZL8sCwgoolKpmOZltpadnR0YGPjrr78KtyAgEq9e+fn5ycnJ6M+9Q4cOVVZWosICknDhHVOBxsVITpJ5snwMVzaSFjRNKxSKvLy8oaGh7u7ulJQU1OODBw8kEklXV5fD4aA5qwbPKNKqEfYxpFVG//+5ymykq6tLKpXq9XqSgrhWeXl5QkIC1g6NSHh4OGrZZDIFBgYmJibiX7kzn2RY3mkjYFhhcnJy+vr6SL/29fXl5OSgazGbDE1YAk59DO9YsIZbWFRPxXUfQ9N0RUWFn59fXV0dM1lTUyOTyQ4ePBgeHh4UFLRlyxb8fJvZWklJSWlpKW6KlbTb7RUVFXFxcfPmzQsPD8/JyRkaGhLvYzQaTVJSklQqjYiIKC4unoiPYemFMx0Ox549e8LCwqRSqUqlwn+YWK3W7du3h4WFRUdHV1RUOBwOkf2yLCCgiMlkWrt2rUwmi4uLq66uZrbW0NAgk8mwwV0wBa9eNputqKgoOjraz88vLS0N/yUoIAkX3jEVaFyM5CSZJ8vHcGUjaUHTdE9PT2pqqkwmi4+PP3r0KO5x79693GVSV1fH7BRdc1eN8KsEvKuMqy+rkV27dq1atYqkIC6m0+koisJi0zSdnZ2dmZmJk0lJScwZy535JMPyThsBw04WYjYZmrAEhH2MwFiwNsmnECc+xgVIy5VFXFzc+fPnScmnELDA04zIVeNyeRewWq1SqZT0luNsxE1LbArGYlYzbd/5X79+XSD5FAIWAGYUZ86cSUlJmTkx6CYOLLFpYfrjLs9q2tvbP/jgA4ECT548efvtt//55x+RDXpAyHHuR3MI/E0fyDbzsVgsx44dy8rKmm5BgFnPNMcrm+3k5uZu3rxZoIC3t/e8efNKSkp++uknp615RshxdI7PZSaE/p3Jss0owsPDlUrlli1bplsQYPYjfJTGfK41rjdTJ47IU04U2dRNjQt3Zzabvby8mC/w2Gy2zZs3s1pua2tD36g7Zf/+/cz3Sl1DjGquGQ0AAGC8zNyzMjGhs6kpj57N7M5qtfr5+eHYq48fP16/fr3D4WBVCQkJsVqtYhqHkOMAAHgYTnwMjqE9kWDaLjO7QmcPDQ2tWbOGGYJwXEDIcQAAPA8nPgbH0I6Kivr7779Rpvhg2qRg3dzo2QKhsynR0bNJgvFGiWfBDXLOFUkgNjtFUTExMWVlZcKWIRmKgpDjAAB4Iq6clYkPpk2Kgk4Kxk4KnU2Ji55NEowUJZ4Jb5BzlkjCsdnHBTfqOIQcBwDAA3HhGY7IYNqk0Nk0ORg7b+hs/KvT6NliQmejKPHcB+PcIOdckbhScZ+uC3wPTDIUDSHHAQDwUFy5j0ERqnt6eux2e3x8PMqMj4+32+29vb379u1D/4YPh87+6KOPampq/vzzT1RSIBi7wAdfYqJn8wpGUdSVK1def/31qKgouVyuUChsNhurIg5yjr6WSE1NxTH5J/0bNK6hKELIcabdpiDkONduAAAAE8TF98pu3ryJosUxg2lrNJqCgoKbN2/iYidPnjxx4kRCQoLdbi8uLt65cyf+yU3Rs7mCURSlUqlWrVql0Wh0Ol1zczO3Fg5yrtPpdDqdXq8nfUgxcXgNxQ05zms3t4Yc59oNAABgorhw7yM+mDYTHDqbFhGMnRY8KyNFz+YVjDdKPLc7bpBzp0dhrp2V0RxDQchxAAA8FVfuY6xWq8FgqKmpCQ0NZeaHhoZ++eWXBoMBfQ5y7dq1N954448//rh79+7t27ePHTuWmJiIShYVFW3fvv3q1av9/f07d+48d+6cmH6Li4v7+/s7OjoqKiqUSiXKDAsLs9lsN27cIAkml8tDQkK+++47i8Vy48aNiooKiqJCQkJsNtv169dHR0dRsZycnIKCgo6OjsHBwcOHD3/++ee8MjC78/Ly4n4Nw8XhcOD/AcVrKK1WGxERgf+HIMlubjIayW4AAACTgPvcl0CwbqfB2Gm+OwaXo2fzRolnRVznBjknfTCPu7PZbFKplPWQnFvr9OnTCQkJAoaCkOMAAHgqc2ianm4355xbt24tX758BgYu/PDDDw0Gw++//04q8Pjx42XLln3yySfbtm0jlVm6dOmPP/740ksvTa5sM9ZoAAA8PUBMzAlRXV0t/HaAj4/Pzz///MorrwiUgZDjAAB4KjM3XtmswNvb+8UXXxQuI+xgAAAAPBjwMQAAAIC7mB3PYwAAAIDZCNzHAAAAAO4CfAwAAADgLsDHAAAAAO4CfAwAAADgLsDHAAAAAO4CfAwAAADgLsDHAAAAAO4CfAwAAADgLsDHAAAAAO4CfAwAAADgLsDHAAAAAO4CfAwAAADgLsDHAAAAAO4CfAwAAADgLsDHAAAAAO7if/uwdmDIy2AQAAAAAElFTkSuQmCC)
Mirror: Click here to view the mirror
Coordinated Disclosure Timeline
Vulnerability Reported: |
28 July, 2020 16:12 GMT |
Vulnerability Verified: |
28 July, 2020 16:28 GMT |
Website Operator Notified: |
28 July, 2020 16:28 GMT |
a. Using the ISO 29147 guidelines |
![](/images/done.png) |
— |
— |
b. Using publicly available security contacts |
![](/images/done.png) |
c. Using Open Bug Bounty notification framework |
![](/images/done.png) |
d. Using security contacts provided by the researcher |
![](/images/done.png) |
Public Report Published |
|
[without any technical details]: |
28 July, 2020 16:28 GMT |
Vulnerability Fixed: |
27 August, 2020 17:41 GMT |
— |
— |