logo
DATABASE RESOURCES PRICING ABOUT US

bpresence.com Cross Site Scripting vulnerability OBB-1251705

Description

Following coordinated and responsible vulnerability disclosure guidelines of the **[ISO 29147](<https://www.iso.org/standard/45170.html>)** standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence. Affected Website:| **[bpresence.com](<http://bpresence.com>) ** ---|--- Open Bug Bounty Program:| **Create your bounty program now**. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| **[XSS (Cross Site Scripting)](<https://www.owasp.org/index.php/Cross-site_Scripting_\(XSS\)>)** / CWE-79 CVSSv3 Score:| 6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N] Disclosure Standard:| Coordinated Disclosure based on **[ISO 29147](<https://www.iso.org/standard/45170.html>)** guidelines Discovered and Reported by:| **xav0 ** Remediation Guide:| **[OWASP XSS Prevention Cheat Sheet](<https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.md>)** Export Vulnerability Data:| Bugzilla Vulnerability Data JIRA Vulnerability Data [ Configuration ] Mantis Vulnerability Data Splunk Vulnerability Data XML Vulnerability Data [ XSD ] Vulnerable URL: ![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAAA3CAIAAABVZQ1/AAAACXBIWXMAAA7EAAAOxAGVKw4bAAAO7klEQVR4nO2dfUxb1RvH77BApZexltJ1wORFAosh2ExEomgIGpykITgRt4kb02VjhBFSNwxoZiWTKQMSddkfS13mXJQ/FkKIMWoIU7agIkNgjGFFhFK6GqEWvdtKV7z+cfwd7+++9dIXWLfn81fPueee83yf85w+96Uc1tA0TQAAAABAEAhbbQMAAACAOxbIMQAAAECwgBwDAAAABAvIMQAAAECwgBwDAAAABAvIMQAAAECwuC1yTEpKyvDwsFARkA64bgUAJ9/ZDA8P79+/X+jorVu3tm/f/ttvv62kSSHN6ueYy5cv//333w8++CBvEZAOuG4FACff8VRUVCQnJwsdDQ8Pj4iIOHjw4ApaFNp4yTHT09PR0dG8hxYWFo4ePSpUlE5XV1dxcTGrKDIuIITPrpuenlYqlcEwyQdj/vjjj927d8fFxSUkJLz22mu3bt0KbDD42RsrXINng5QFhfsJ3gx6HVocn78WVhKmkfPz8yMjI7W1tfjo4uLi9u3bmWJra2u7u7tX2sqQxff7GKfT2dTUJFSUDm+O8dmquxnkuqSkpLm5udW2xXcqKircbvfQ0FBPT09fX9/hw4dX26L/IyDxKWWOfF5QK4PEMLvNVSCYRlIUFRUVFRkZiYqLi4tbtmzxeDzM9iqViqKolbYyZFnlZ2XXrl0zm835+fm8RUA6TNfhFRJy3Lx5c3Bw8OTJkwkJCRkZGW1tbefOnQvsEDKZLD093bdzAxifAZkjrMUfUT4TumEmHbvd/tRTT7W0tKy2ISGMpBzz3nvvpaSkxMbGvvTSSwsLCwRBLCwsJCcnUxS1Zs2ajz76iFlsa2uLjo4+duzY+vXrlUrlrl27bt68KdRzV1dXYWFheHg4b/Hdd99ldYLu0Lmdo/qjR4/GxcVt2LDhww8/JAhicXHxlVdeiY6OTkpKevPNN5eWllC3P/zww+OPPx4dHZ2QkPDcc89dvXpVqDHqtrW1NSUlRalUvvjii0g+QRBLS0v19fXr169XKBTPP//8/Py8yIhMeE+8fv36vn374uLiNm7c+NZbb3FHVygUL7zwwvz8/KFDh+Li4mJjY3fv3n39+nWuJ5kPMUTsn52dffrpp6OjozMyMj755BPcD6+EX3/9VaFQ/PjjjwRBzM/PK5XK8+fPM0UJzYtQ/Ai1v/fee2dmZhQKBTpxYmIiPj6eOdCVK1diY2MvXLhAEMSzzz577NgxVD88PBwZGYnV7du379ChQ7whl5CQcOnSJfT5yy+/5G3DhNmGGZ+8UUTwzS83OJnPuHj9wFpfQqZiLQkJCd9//71EUbhBQCT4qWJZK9qfZSLdSCZJSUmvv/66uD95fQv8By3K1NQUQRAVFRU2m21iYqKgoKCyshIdGh8fJ0nS5XJ5PB5mcXJykiCI0tJSi8UyMTGRmZlpNBqF+i8qKjp79iy3iMbldiJev3PnTrvd/sUXX4yPj9M03dDQsG3btsnJybGxsfz8/OPHj6NRNBqNyWRyOByTk5NtbW2Tk5NCjXG3NpvNbDbn5eVVVVWhTpqamrKzs0dGRqxWa01NTW9vr8iITHhPfPnll/V6vcViGR0d3bx58/vvv49HLy8vt1qtaHS1Wo3mAl1N19TU8LqOJEnm9PHaX1JSwnTjunXrUL2QhCNHjjzxxBM0TVdVVe3YsYM3ToTmhRs/Qu2ZjI+Px8fH9/f3Y0VOpzM9Pf3kyZOogclkKiwsxObJZLL29nZUTE1N7enpUXNgDaHVagsKCgYGBrjTRNN0f39/QUGBVqvlOpkWiCLe+eUGJ1Yk4gfW+hI3VaIolqKASPBTxbJWtD/LRKKRTF1MI5mVvG240QIgJOWYP//8ExX7+vpSU1PxIV6/o1MsFguq7+joyM7ORp8tFktycjI+haIokiQdDge3KNSJeD3uCqFWqymKQp+HhoZycnJomnY4HDKZzOVysZTyNmbJv3jxIpav0WgGBweldMKCe6LH4yFJEq/wrq6u3NxcPLrT6cSjh4WF3bhxAxX7+vrS0tJ4Xcda/Fz7PR6PXC5nuhHnGCEJbrd706ZNRqNRrVbb7XaWKPF54caPSJAgrFZramoqyhlYUVFREc6RNE3bbLaoqCg0lTk5OQaDASW/qamptWvXut1uKweW2RRFNTU1qVSqsrIys9mM681mc1lZmUqlampqwt5gOlkoimi++eUGp5TFwlpfQqZy4W3JVRQoCX6qkL6i/VwmEo30IcfwRguA8Z5jWM7FX0YiOUYul+P6sbExjUaDPns8HpvNhg91dHQUFBTwFoU6EalnRYbD4SAIAl/AqlQqbMa2bdt0Op3BYGhpafn6669FGgvJdzqdMpkMXZpJGRHDe6LNZouIiMBFs9mMroZEnM8qslwntGDwKTabjeVGVC8uAf2WBl08spA4L9gAkSBB5Obm4oFQJw0NDWFhYadOnWI20+l0PT09drs9MTHR6XRqNBqPx2MymbZu3co1UgiHw1FSUiKTyXCNTCYrKSnBX1sIVrhyo4gWmF9ucEpZLLxfdlxTJYriVRQQCX6qkL6i/VwmEo30Icfw+hbAyJb/dM137rnnng0bNuBiUH9R5nK5wsLCBgYGZLJ/NYaF/fvy6dNPP7106dLo6KjNZjMYDI8++ij6/uJtLC5H4ojiJ/pPoFwnLsFut4eFhdntdv8HEufatWsjIyPffvstrrlx40ZHR0d7e3t1dfXWrVtjYmJQfVFRUXd39+TkpF6vj4mJ0el0vb293d3dRUVFBEHExcWxev79999ZNb/88svhw4d7e3sbGxtxZWNjY0tLS1VVVWNj4/33348qWU7mRtEHH3yADgV8fkVMldiSV9HKS1iWilCB17fAf4inIN/uYwjGPWlnZyfrMQjC4/Go1Wp858sqCnUiUs+9+iBJkvs4i8XQ0FBiYqJQYxH5Go1maGjIhxG5J4o8BJBygcZ1ndf7GNazss7OTtyzkASn06nVatvb21Uq1djYGOuoxHlhXlSKBInH48FyUGOZTIYG1ev11dXV+FBfX19OTk5xcfHnn39O0/SJEydqamq0Wi26Xfb6rKyyspIkSYPBMDc3xzo0NzdXW1tLkiR6gcRyMgscRTTf/Irfxwj5gXWWiKkSRbEUBUqCnyqkr2g/l4lEI317HyPu27sc33MMRVEymQw/8MVF/G7NarWOjo7qdDrm61z8/Le3tzczMxPXs4pCnYjUcyOjsrIyNzcXXaY1Nzc3NjbSND02NrZly5aenp65uTmLxbJnzx69Xi/UWER+U1NTTk4Oei9aXV2NXt3zdsJULXTinj17iouLuS8zpSweruu85hj6f+/8sRtxvZCEqqqqsrIymqaPHDmSn5/P0iVxXlgLXihIWB5jdjI+Pi6Xy0dGRvBRjUaj0WhQe6vVunbtWp1OR0ujvLx8ampKpMHU1FR5eTnNcbJQFNF88+s1x/D6gbW+vJoqURRWFCgJfqpY1or2Z5lINNJisTAfqXHF0jQ9MTHBHILrW4CJ7zmGpmmj0RgVFXX69GlmsbW1lSTJd955R6PRrFu3bufOnfj9G7O3gwcPNjQ04K5YRdSyubmZ1Qmq53bOG5Eul6u2tjYxMTEqKqqoqAhdAbndbqPRmJ6eHhERodFoysvL0Rts3sYi8j0eT11dnVqtlsvlJSUl6LpMSie8J1IUtXfvXrVanZiYaDQa0dNwiYuH13Vep89qtRYWFpIkmZ6e3tLSgut5JQwMDJAkia4BXS5XcnLymTNnuAN5nRfmghcKEl6lzE5qamrQL9wQO3bsKC0txcXs7GymNwIFy8lCUUTzza94jhHxA2t9BZZASfBTxbJWtD/LRKKRLpdLLpezflXBGuLcuXNZWVneHAz8i5cc4wO8wcElPT39u+++Eyr62fldhUTXBZXlzkvIzWOQnBxyfuDFHxUr5gHpA9XU1DB/3MECXWOZTKbAmXaHs6Lv/Jn89NNPIkVAOuC6FQCcfPfQ0tIyNDQkdDQyMvLs2bOPPfbYSpoU0ixjLxnY0hwAgDue8PDwhx9+WKQBJJhlITXHwJbmAAAAwHJZQ9O0lHZvv/223W7HP5/3genp6czMzL/++ku82cLCwokTJ+rr630eCAAAALhNkHof4/9f+d1Jm4EDAAAAUpCUYwK1pfndsBk4AAAAgJGUY7xuab6Sm4EDAAAAoYLUHIMflOn1+oqKCovFcvHixby8PLlcThBEc3Nzd3d3d3e32WyOj48fGxsjCIKiqPHx8dHR0dOnT+fl5bH6pCiqv79/YGBgYGBgcHCwubmZIIiYmBi8z3Z5eTlBEBUVFU8++ST+hx8AAABAKOH1L2ikbGm+kpuBAwAAAKGC9/uYr776KicnR6lUEgShVCpLS0tzc3NfffXV1tbWb775hiCIhYUFh8ORlZXFOpEkSXQWL3K5fOPGjejzpk2bLBYLbzOFQlFfXz8xMeF2ux944AEJSRMAAAC4XfCeY7hbmptMpqysLLfbbTAYDhw4gOqDuhk42pjvjtkMHAAA4C7BS45ZWlr67LPPWL9afuihh3bt2lVfX3/q1KnOzs6YmBiVSrXcLQBcLtfMzAz6bDab77vvPt5m+/fv1+l0Wq3WbDbDH80AAACEFl5yTF9fn1arTUlJQcWrV68+88wz58+fn5+fn5mZOX78uE6nIwiitrZ27969ly9fnp2dPXDgwIULF6SMbTAYZmdnr1y5YjQa9Xo9qlSr1S6X6+eff0ZFiqJGR0dbW1tjY2N9lAgAAACsEl5yDOtBWVpaWm5ubmVlZXx8fHZ2tsvlMplMBEHU1dXl5+cXFBSkpaVZrVYpL05IkszOzt68eXNeXl5WVlZdXR2qVygUb7zxhk6nQ79d/vjjj5OSknzXBwAAAKweXvaSycjIOHPmzCOPPBLYUSXuKwMAAACENF729octzQEAAACfWcbe/gAAAACwLCDHAAAAAMFC6t7+AAAAALBc4D4GAAAACBaQYwAAAIBgATkGAAAACBaQYwAAAIBgATkGAAAACBaQYwAAAIBgATkGAAAACBaQYwAAAIBgATkGAAAACBaQYwAAAIBgATkGAAAACBaQYwAAAIBgATkGAAAACBaQYwAAAIBgATkGAAAACBb/AO9loIMu59KhAAAAAElFTkSuQmCC) --- **Screenshot:** ![bpresence.com vulnerability](/twimages/screen-1251705.jpg) **Mirror:** [Click here to view the mirror](<http://1251705.openbounty.org/mirror/>) ### Coordinated Disclosure Timeline Vulnerability Reported:| 6 August, 2020 08:10 GMT ---|--- Vulnerability Verified:| 6 August, 2020 08:17 GMT Website Operator Notified:| 6 August, 2020 08:17 GMT a. Using the ISO 29147 guidelines| ![](/images/done.png) ---|--- b. Using publicly available security contacts| ![](/images/done.png) c. Using Open Bug Bounty notification framework| ![](/images/done.png) d. Using security contacts provided by the researcher| ![](/images/done.png) Public Report Published [without any technical details]:| 6 August, 2020 08:17 GMT Vulnerability Fixed:| 11 September, 2020 15:39 GMT ---|---