Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:
      a. verified the vulnerability and confirmed its existence;
      b. notified the website operator about its existence.
Affected Website: |
leruichem.com |
Open Bug Bounty Program: |
Create your bounty program now. It’s open and free. |
Vulnerable Application: |
Custom Code |
Vulnerability Type: |
XSS (Cross Site Scripting) / CWE-79 |
CVSSv3 Score: |
6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N] |
Disclosure Standard: |
Coordinated Disclosure based on ISO 29147 guidelines |
Discovered and Reported by: |
xav0 |
Remediation Guide: |
OWASP XSS Prevention Cheat Sheet |
Export Vulnerability Data: |
Bugzilla Vulnerability Data |
JIRA Vulnerability Data [ Configuration ] |
|
Mantis Vulnerability Data |
|
Splunk Vulnerability Data |
|
XML Vulnerability Data [ XSD ] |
|
Vulnerable URL:
![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAAAjCAIAAADNIk3yAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAHnUlEQVR4nO3cbUhTbRgH8PlSaW7Z5qbzLTcbNCJMbNgKK/FDLBAxyoowLAoLqRApySiyggSlMIryQ0lG1JeKGH2QEIoaI9TW8v0lzE03e5nL1bSj5Hw+HJ7D2M45npnH5vP8f5/ONe/7vs59cdjF7q1CZmZmBAAAADwI/ds3AAAA/1noMQAAwBf0GAAA4At6DAAA8AU9BgAA+IIeAwAAfAmKHqNUKj98+MAUAhcoGgAEob/fY9rb2z0ez/r162lD4AJFA4DgNEuPsVgsIpGI9k8ul6uqqoop5E6v1+fl5fmELHnnYNbV5jfdwvOp4QL4w4ot9oIDAEdz/xwzNjZ25coVppA72h4z57uilZKS4nA45nfNoLLwPQYAgIu/fFY2MjLS19eXnZ1NG86jZcuWzfuaQYK/ogEA/CFOPeb69etKpTImJubAgQMul0sgELhcLoVC4Xa7Q0JCGhoavMNr166JRKKampq4uDixWFxUVPTr1y+mlfV6/fbt25csWUIbUiYnJw8fPiwSiVJSUi5cuDA9PS3497ylqqpKJpPFx8ffvXvX5wTGYrGIxWKB38nM9PR0RUVFXFxcVFRUQUHB6Ogo0zbZU1+9elWpVEZFRe3du3d0dPT06dMymSwmJubQoUPj4+P+m6XNOz4+fvToUZlMlpycfPHixTms7120lpaWLVu2iESixMTEXbt2dXd3s+yipaVl06ZNkZGRMpmsoKDAZrPRVjXQinkjV2N6GPyns48HgEVn9h7jdrvNZrPRaGxubrbb7WfOnBEIBNHR0T09PUKhkCCIwsJC73Dnzp1ut7u5ubm1tbW1tdVkMlVXVzMtzvGg7NKlSxMTE21tbY2Nja9fv66rq6Puraenp6Oj4969e1lZWRz3XF1d3dTU1NTU1NfXl5CQ0NXVxbRN9tRms9lgMJjNZrvdrlarHQ5HW1vb27dvBwcHz549yzHvyZMn7Xa7yWRqbGzU6/W3bt0KdH3vouXm5h48eNBqtRoMhqysrIiICJZdmEym4uLiz58/d3R0JCUlHT9+nKmqAVXMB9PDwDSd+8MDAIvADKvBwUGBQPDjxw8yNBqNqamp1J+EQqH3SDIkp1itVvL1p0+fajQa8tpqtSoUCmqK2+0WCoVOp9M/9FlcKpW63W7y2mw2Z2ZmUomo6bS3tHLlSv/XY2NjTSYTx22ypB4bGyNfNxgMoaGhExMT1HSVSuVfTP+8v3//FgqFAwMDZKjX67VabUDrexfN6XSGh4cTBOGfmnYX3j5+/CiXy2foqhpoxfyH+T8MTNNZHh4AWIzCZ21CQqGQOmhKSEhwOp2zTomIiEhOTiav1Wq11WqlphuNRmrYixcvMjMzyeMs/5Dy/ft3h8OhUCjI0OPxhIeHU/fmP56dy+VyOp1paWk+r9Nukz11dHQ0eZ2UlLRixYrIyEhquv9PDGjzfv36dWpqSqlUkqFarSbfZLmv7100sVi8e/durVabk5OTkJCg0Wi2bdvGsov379+Xl5d3dXVNTU15PB6Px0Ol9q5qQBXzx/QwME1nGg8Ai9HsPWYehYWFxcfHUyHHgzKCIEJDQ1tbW6n399DQP/2pQlhYGJdh856aY17ufIr26NGjd+/edXR02O32srKyzZs337hxg2kX+fn5R44cqauri4iIGB4e1ul0C3nnAPB/wMvvygiCGBoaIq/7+vpWrVrlP2Z6evr58+fU+6NP6C0+Pn758uVOpzPxX96NyptEIpmYmPj58ycZDg8P+4+Jjo6WSCQc/0k899Szos0bGxu7dOnST58+kWFPTw/1aYML2qJt2LChqKiooqKivr7+2bNnTLv49u2b3W4/f/786tWrExMTqW9uON45d1wehj8ZDwDBbO49RiqVEgTR399PG5aVldlsts7OzsrKytzcXGrW5OQkeWE0GuVyOXVM5BNKJBKCIHp7e8lfQBUWFpaUlHR2do6MjNTU1Fy+fJn2lkQikUajKSsr+/LlS39/P9O30KWlpcXFxe3t7Tab7cSJE2/evGHZJsfUTKj90uYNCwvbt29faWnp0NAQWav9+/dzX9ynaN3d3Tt27Hj58uXo6OjQ0NDNmzfT09OZdiGTySQSye3bt10uV39/f2VlJUuigCrms2sB88PAJNDxABC05t5joqKizp07l56e3tDQ4B0+efJEKBRqNJqMjIysrKy0tLTy8nJyisVikUql5DX7QZlIJDp16lRGRsaDBw8EAkFtba1Wq9XpdCqV6tWrV4WFhUx39fDhw4GBAZVKlZ+fv2fPHtox5eXl2dnZOTk5KpVqeHh47dq1LNvkntqf936Z8tbW1srl8oyMDJ1Ol5eXV1JSwn19n6KpVCqtVnvs2DHyyxiCIO7cucOyi8ePH9fX18vl8q1bt6amprIkCqhiPrtmehiYBDoeAIJZyMzMzPyuaLFY1q1bRx1YMVmzZs39+/c3btxIGwIXwV80jg/DnMcDQJBb0O/8vfX29rKEwAWKBgBB7u//v8sAAPBfhR4DAAB8mf/vYwAAAEj4HAMAAHxBjwEAAL6gxwAAAF/QYwAAgC/oMQAAwBf0GAAA4At6DAAA8AU9BgAA+IIeAwAAfEGPAQAAvvwDSa9j4Mv7a4QAAAAASUVORK5CYII=)
HTTP POST data:
![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAAAjCAIAAADNIk3yAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAIaElEQVR4nO3ab0gT4R8A8NNOXXYrHds0XWhvFkSYhImRRaiYhMiglIRRg8QsTMaQ6M+L1l7MsL3yhfTCwCDqTYjshRhIxPBFpY1zjWWHho25Vswx5bLNZvd7cb/f/a7d7nZt3XTy/by72/M89/0+z7zv3TNzKIpCAAAAAAnkbnUAAAAAdiyoMQAAAKQCNQYAAIBUoMYAAACQCtQYAAAAUoEaAwAAQCpQY/7v4MGDc3NzWx0FEGVubu7atWt8n/769auzs/Pbt28iR4OlB0AiUGP+68OHD79//z569OhWBwJEMRgMlZWVfJ/m5eXl5+f39/eLGQqWHgDpZLTGfPnypbi4OLW+q6urAwMDwoPL5fLUBkcQxG63t7W1pdz9r2IQn0s6M5YyMVkkTSGdwZNecWVlxeVyGY1G5tNoNNrZ2cke2Wg0Tk1NiRl5Wy09ADtM1rzHhMNhq9Uq3fj/5EZTUVERDAaTNpM6lzSJySLzKbCvSJJkYWFhQUEBfRiNRltaWmKxGLu9QqEgSVLMyLD0AEgna2pMUiiKarXa1Pp+/fqVIIgzZ86kHwZz40sHk0s6SaXjn2SRMYFAoKmpyWazpdB3uy09ADtMkhpD7wA8fPiwpKSkuLj48uXLP3/+ZM4PDAyoVKr9+/c/fvwYQZAfP35cvXpVpVIdOHDg/v37m5ubCIIsLy+fPXtWLpcfOnTo2bNn7GHZV2HvCG1ubt6+fbukpGTPnj3t7e0rKyurq6uVlZUkSebk5Dx58iRhqOXl5e/fv2cOX758KZwau4Hdbm9ubs7Ly0MQZGZm5tSpU3K5vLy8/Pz58x8/fuSLijsJ7Lz4po6bCzdUJpfy8vK3b9+mkFHCLMSkgPy5U5dyCnQMJ06c2L17t0qlam9vX15e5raJRqNXrlyRy+UVFRX37t2jvzPcqIS/ABUVFXfv3hWeHL6J2m5LD8AOk/w9hiTJd+/ezc7Ozs7OOp3OwcFB5vz8/Lzb7R4dHa2vr0cQpK+vz+/3O53OyclJu90+PDyMIEhvb+/evXs9Hs/ExARTY4QNDg5OTU1NTU0RBFFWVubxePbt2zc/P49hWCQS0ev1CIKoOOIGMRgMjY2N7KrDmJmZaWxsNBgMzBn2bklra6vBYPB6vdPT0/X19TKZjC+qhJOQdOq4uQiEmnJGCbPIcApOp7O7uzsQCLjdbo1G09vby43cYrGsr6+7XK7JyUmHw/Ho0SPmuuyouFdMTZYuPQBZjBK0tLSEIIjX66UPx8bGampqmPOhUIhpGYvFMAz7/PkzfWi32+vq6mKxmEwmY3cvKiqiu2MYxr4KfZ6mVqudTic3EnYXH0dce5IkrVarQqHo6OggCII+SRBER0eHQqGwWq0kSTItMQyjcwmFQiiKRiIR7lRwo+JOAjtIvqnj5pIwVC7xGfFlISYFdnj/MIWFhYXS0lJuR6VSyYSN43htbW3SqLiDJDwZd5jVSw9A9kpeY2QyGXPo8XjUajWV6I/c7/fn5+czhwRBlJaW+v3+uO5Ja0w4HEZRNBaLcSPh3laSCoVCOp0ORVH6EEVRnU4XDofZbcbGxhoaGpjDixcvVldXm0wmm832+vVrgai4IcXdaBJOHV8ucaGmk1HCLESmQP1ZY9JJwel0NjU1lZWVKZVKhULBXfpQKIQgiPJ/FAoF37eLSrvG7IClByAbbdPf/Hft2iXcIOleGYIgi4uLvb29DofDYrHQZywWi8PhuH79+uLiItMs7t+Knj9/PjIyUlVVtbGxYTKZbty4IT6qlHFDFdksYUYIfxaZTEGn050+fdrhcOA4PjExwe0SiURyc3NnZ2dxHMdx3OVy4TguUXjZvvQAZCvhEhT31j8+Ps7slcU9jonZKxsfH6cfZtfW1nJzc9fW1ujz09PTcXtlOI5zI/mrvbKenh4Mw0wmUzAYZJ8PBoNGoxHDsJ6eHjpspVLJhB0Hx3GNRsMXVdKH2YRTx+3IF2pqGQlkISYF6s/3mJRT+P79O/vBHMfxhK+wGIYl3RflnkzhPYbK5qUHIHuJqjEXLlzw+Xxut7u6utpsNlM8f+RdXV1tbW1er9ftdh87dmxoaIiiKJ1Ox+7O1JLa2tqurq5AIEAQRH19PbvGWK3W2tpal8vl8/noRzyKokiSRFFU/J61Xq9fWloSyEuv11MU5XA4jhw5wpz3eDwtLS2vXr0KBoNer7erq6u1tZUvKjE3Gu7UcXMRDvVvMxLIQkwKFKfGpJyCWq0eHh4Oh8MEQeh0OubxAkXR+fl5evepp6enrq7O7Xb7/f7BwUGLxULxfLvYV/R6vezNqLiwaQsLC+wvFXeismjpAcheyWsMhmEPHjxQq9VFRUWXLl1aX1+n+O8C3d3dSqVSo9GYzWb6JuLz+ZqbmzEM02q1NpuN+bNfWFhoaGjAMOzw4cNDQ0Ps20EsFrt586ZSqZTJZDqdjnnEM5vNhYWFo6Oj/yp5iqL6+/vv3LnDHG5sbJjNZq1Wm5+fr1ar9Xp9IBDgiyrpjSbh1EmXS9IsxKRA/Vlj0knB4XDU1NTIZLLS0lKTycQs8a1bt5iOkUjEaDRqNJrCwsJz587RbxV8v70xV4xEIjKZLO6BI67XixcvqqqqBGZpRy49ANuNqBqTmVC2hFarffPmjRQj74Cp284p9PX1sX+ujxOJRCorK0dGRgRGgKUHIAPQzP8CtK18+vRpq0MAqbDZbAL/IFBQUPD06dOTJ08KjABLD0AGbNP/KwNAWF5e3vHjxwUaCBcYAEBmQI0BAAAglRyKorY6BgAAADsTvMcAAACQCtQYAAAAUoEaAwAAQCpQYwAAAEgFagwAAACpQI0BAAAgFagxAAAApAI1BgAAgFSgxgAAAJAK1BgAAABS+Q9oWifNt6/xsQAAAABJRU5ErkJggg==)
Screenshot: ![leruichem.com vulnerability](/twimages/screen-1248042.jpg)
Mirror: Click here to view the mirror
Coordinated Disclosure Timeline
Vulnerability Reported: |
2 August, 2020 10:55 GMT |
Vulnerability Verified: |
2 August, 2020 11:08 GMT |
Website Operator Notified: |
2 August, 2020 11:08 GMT |
a. Using the ISO 29147 guidelines |
![](/images/done.png) |
— |
— |
b. Using publicly available security contacts |
![](/images/done.png) |
c. Using Open Bug Bounty notification framework |
![](/images/done.png) |
d. Using security contacts provided by the researcher |
![](/images/done.png) |
Public Report Published |
|
[without any technical details]: |
2 August, 2020 11:08 GMT |
Vulnerability Fixed: |
26 August, 2020 20:13 GMT |
— |
— |