logo
DATABASE RESOURCES PRICING ABOUT US

vietstore.jp Cross Site Scripting vulnerability OBB-1254412

Description

Following coordinated and responsible vulnerability disclosure guidelines of the **[ISO 29147](<https://www.iso.org/standard/45170.html>)** standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence. Affected Website:| **[vietstore.jp](<http://vietstore.jp>) ** ---|--- Open Bug Bounty Program:| **Create your bounty program now**. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| **[XSS (Cross Site Scripting)](<https://www.owasp.org/index.php/Cross-site_Scripting_\(XSS\)>)** / CWE-79 CVSSv3 Score:| 6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N] Disclosure Standard:| Coordinated Disclosure based on **[ISO 29147](<https://www.iso.org/standard/45170.html>)** guidelines Discovered and Reported by:| **geeknik ** Remediation Guide:| **[OWASP XSS Prevention Cheat Sheet](<https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.md>)** Export Vulnerability Data:| Bugzilla Vulnerability Data JIRA Vulnerability Data [ Configuration ] Mantis Vulnerability Data Splunk Vulnerability Data XML Vulnerability Data [ XSD ] Vulnerable URL: ![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAAA3CAIAAABVZQ1/AAAACXBIWXMAAA7EAAAOxAGVKw4bAAAOwElEQVR4nO3db0wb5R8A8FthWOBgUNoCpRM6FQlZUAlBZlDnZpQgIZUxprNjqARxwYWQuQBTRLaxDcUoErI3SzZiolkMIYQXc8FpGkIY/1axQVaRlVq7CgVhK1i60v5eXH6Xy91zT29dOyp8P6/6HM89z/d5buHZPVe+t8Xj8RAAAABAAIjWOwAAAAAbFqwxAAAAAgXWGAAAAIECawwAAIBAgTUGAABAoMAaAwAAIFCCYo1RqVS//PILX3Gj2iTDBABsZuu/xvz6669ut/upp55CFjeqTTJMAMAm52WNmZmZiYqKQv5oaWnpzJkzfEXhenp6CgsL+YoCg7mvMHwO1SshEVLoYc7Pzx86dEgmkyUlJdXV1d27d4/vFEzN1dXVN998k9k1HcnMzExsbGzgBgIAABi+38csLi42NzfzFYUTvsYkJyfbbLb7isrnOr4REiGFHmZpaanb7dbpdNeuXfv555+bmpr4TuGrubq6mpeX53K5/DIEivCBAAAAjgfLaDSSJCnkR5iaGBaLJSYmxul0Ios+EBKGb6H6ET1Mu90uEokWFxep4/39/ampqchTMDWNRuOpU6dYgzKbzZmZmdSH7OzsAA4GAAD4CbqP+eqrr1QqVVxc3KFDh5aWlgiCWFpaSklJsdvtW7ZsuXTpErP4xRdfREVFffbZZ/Hx8bGxsYcPH/7333/5Wu7p6XnllVe2bt3KKh44cOD06dN0tV27dl26dIm5gbO6uvruu+9GRUUlJyd/8skna2tr3KgIghgeHn7++eejoqKSkpL27dv322+/cessLy+/9957Mpls+/btn3766draGtXRmTNnZDJZYmLihQsX+HpkYe5QYSaBHqbNZouIiNi2bRt1XKlUzs7O3rp1KzIy8saNGwRBzM/Px8bG/vTTT8ia1Ofk5OQTJ06wIklKShodHaU+XL9+nTr4ww8/4C80XYE1kNbWVpVKFRkZeeDAgfn5+Q8//FAmk8XFxb399tvLy8vUKbdv337ttdeioqJUKlVraytyg457OZBTvba2VldXFx8fHxkZuX///vn5eb6AkXOFHyMA4GHyvsbY7XadTjcwMDA0NGSxWGprawmC2LZt2+TkJEmSDodDo9Ewi6+//rrdbh8aGhoZGRkZGRkbG2tpaeFrnG+jrKSkpLu7mzp4+/ZtnU6nVquZJzY1Na2srIyPj1+5ckWr1Z4/f54bFUEQBQUFZWVlJpOpv78/NzdXLBZz6xw9etRisYyNjV25cqWnp6ejo4Ma9eTkpF6vv3jxYm5uLl+P+HnjmwTMfiBBECqVqr6+vrq6miCIhoaG/Pz8l156Cd+XQGVlZXv37qXWHpbh4eG9e/eWlZVxf0T9A+jv79fpdBaLJS0tzWazjY+PDw4OGo3G+vp6qlpVVVVYWNjU1FRfX19nZycyAO7lIFBT3dLS0tfX19fXZzAYFArFxMQEQRAyjoDOFQDAP/C3OUajkSCIO3fuUMWBgYEdO3bQP0LulVGnmEwm6nhXV1dWVhb12WQypaSk0KfY7XaSJBcWFrjFlZWV6OhoqpGOjo7CwkJWj1Kp1G63U591Oh29HcSss7CwEBoa6nA4uIOi67hcLpIkp6enqWJPT09OTg41BDowfI/IljGTwBwmdw5jYmI8Ho/T6UxLS2tsbJRKpVarFVMTOSg+dru9ublZIpGUlJQYDAbqoMFgKCkpkUgkzc3N9ABZA2Hu0YlEopWVFao4MDDw+OOPU9MoFovpaezq6mKF5+G5HMiplsvlY2NjrNPNHNRx7lwBAIJHqNdFiCRJeodKoVAsLCx4PUUsFm/fvp36nJaWZjKZ6NMHBgboalevXs3OzqY3VZjF8PDw/Pz87u7uDz74oKuri/X/63/++cdms6WkpFBFt9sdGooYSGxsbHFxcU5Ozp49exQKRVZW1osvvsiqMzs763Q6VSoVHS31W48kSeZuj8AehUwCa9RIW7dubW9vf/nll9va2uLj4/EdCRcZGVlXV1dZWfnOO++kp6dT30xLT08vKCiYnp6mN+JYSJJk7tFFR0eHh4dTRYVCQX01YHZ21u12M6eR2w7f5WBN9dLS0sLCQkZGBuv0pKQkZHgBmisAgF94X2P8KCQkJDExkS7iv1FWUlLS3t6u0WiGhoa6urqY7TgcDpFINDIyQv+iF4nQm37ffvvt6OioXq+3WCw1NTXPPffc119/7UPkwnv0Cr9RRrNarSKRyGq1+tYLnz/++KOhoUGr1dJfS2tqavr888+PHDnS1NT02GOP+bc7Fu7lOHbsGLJmSEgI6wi1OcY0NzdHfQjQXAEA/AB/m4PZohG4V9bd3U1vEzG5XC6pVErvrrCKHo/H4XBIJJIvv/yyqKiI2yNJktztFG5UTDqdTqlUeoTtlXEb4esR2TvfJLCGyfdtscXFxYSEhO+++04ikUxMTGBqChk4rbKykiTJmpoam83GPG6z2aqrq0mSrKys5A4Es0dHF6m9MqPRSB1H7pWxUJcDGbZcLtfpdKyDfHtl3LkCAAQP39cYu90eGhpKb+vTRerXa3Fxsdls1uv1Tz/9dGNjI90CvR2v1Wp37txJH2cVKQcPHoyOjr58+TI3mMrKypycHOp/xC0tLU1NTdyoJiYm8vLyrl27ZrPZTCZTeXl5QUEBN/Ly8vLCwkKTyaTX6zMzM9va2pC/+Ph6ZD5gYK0x3EngDjMvL0+j0VgsFoPBkJub+9FHH3k8niNHjpSUlHg8nlOnTu3evRtTk+9KIWk0GnoZ4DIajRqNhjsQIWuMx+MpLi5Wq9VGo1Gv12dkZHDXGOTlQIbd3NycnZ09Pj5uNpurqqq0Wi1mUMi5AgAECd/XGI/H09jYGBERcfHiRWaxtbWVJMmzZ8/K5fKYmJjS0lL6ETGztWPHjtXX19NNsYqU7u5ukiSRpzscjurqaqVSGRERkZ+fz7wBoqNyOp2NjY2pqalhYWFyuVyj0dDPhJmR2+32iooKqVSqVCobGxtdLhfyFx+yR8zNHHISuMOcnZ09ePCgRCJRKBS1tbVOp3NkZIQkSeoeyOFwpKSkdHZ2ImtirtQD8mGNsVqtBQUFJEmmpKScPXuWu8YgLwcybJfLdfz4calUKhaL1Wo1666LiW+uAABBYovH4/Hv5tvMzMzOnTvv3r2Lr/bkk092dnY+++yzyOJ/FD12vknYGMP06ubNmy+88MLff/+93oEAANbZQ33mz3Tz5k1McaPaJMPU6XQ7duxY7ygAAOtv/fMu/yesra2dO3fu999/x9S5d+/ewMCAUql8aFEFlZMnT164cGFubu769ev19fWVlZXMnwqZQADAxgNrjCAhISFut5vvi7aUioqKqqqqAGXbDH67d+/u6OhQKpUajebo0aOHDx9m/lTIBAIANqD1fiAUWD4/CadyMzOPuFyuzMzMwcFBP4Xmhb+e4T+cBKDc6eISOIHMrxt4/QI0ACDIwX0MGjf/f0hIyOjo6IZ/XO8bIa9LgAkEYBOCNQYEl9DQ0NTUVOYHAMB/l/c1hi/1PZXvPTY29q233qIS/lO4OfC5+duRGd25HRH/zy3Pqok0PDy8a9eu8PBwmUy2f//+v/76i1sHmZ+f2wU3/7/AmSGwWf0xvfNN5rlz51jtsN5QyXzNJSa7PrcdfPzc9jFxMqertLT01VdfpU8/ceIE68EME/JdA769lQAAEJy8rzF8qe/Hx8ephP8mk4lO8E7w5MDn5m/nHkF2hKyJTPM+NjZWUVFhtVr1er1SqayqquKOhS8/P6sLbv5/4TND8Gf1x/SOnEy73T7yf/hXJFD4suvztcMXPx++OJnTdfr0aa1WS/9hUE9PT1FREV+DmHcN+FwTABBc8I9rMKnv6YT//f39dMJ/DyoHPjd/O/cIsiNkTQ9/6ira1NRUQkKCh/PEG5mfH9mF10fl+ICRWf0xvXMnk68dvj+858uuz9cOJn5k+/iLzjwrJyfn+++/pw9y361AQ75r4AFrAgCCipe/wcSkvqd3VJRKJZ3wny8HPit/O/cIX0fIc5Fp3m/cuHH8+PGJiQmn0+l2u91uN6sCJj8/twuvMAEjs/rje0dOJt/bAfji4cuuj2wHEz8fvjhZ1Gp1b2/vvn37ent78/PzH3nkEb4Gke8aeMCaAICg4ue/80fmwHc6nf7tBZnmXa1Wl5eXnz9/XiwWm83mvLw8IbH5NzCM9e39YSoqKqK2NHt7e5Ev1mTivmvgwWsCAIKHlzVGLpeHhYXdunWL+g/v5OQk/T9xpMTExIiIiIWFhWeeeYY+ODMz4zWO++pIp9OxjszNzVkslo8//pgqUi/OEhKbzzABOxyOP//8k7p1MBgMjz76qG+9I9uRSCQrKyt3796lbinMZjMdj0gkmpmZSU5OpuLBt8MXP1/7wj3xxBNyufzHH38cHBy8fPkypub777//zTffVFRUGAyGuLg4v9QEAAQXr7tpXlPfs/5WjpsDn/tsA/m0g9sRX00kuVze0dGxuLhoMBjUajUV0p07d0JDQycnJ10uFzI2vi5Y+f8FzoyHP6u/wN5Zzz+Q7WRnZ5eXl1utVirJPz67PqYdZPx87eMvOmu6GhoaMjIyqDcpYODfNeBbTQBAUPG+xnhNfc/6dcPNgS9wjeF2xFcTSavVZmVlicXihISEmpoaOqTa2lo6jb+Q/Pw01psLhMwM3Rry1QYC3w7A/J3e0tLCbWdqamrPnj0kSaanp7e1teGz62PaQcbP1z7+orOmi7rRxEwdAGCT8H9u/01O4KsNAm19s+svLy9LpVKLxXK/36QAAGwwG/OxM1jf7PpXr17Nzc2FBQYAsG7vjwF+d/LkSYVCUVhYOD09XV9f39DQsC5hLC0ttbe3v/HGG+vSOwAgqMB9zMaBz67/0NAPftaldwBAUIHnMQAAAAIF7mMAAAAECqwxAAAAAgXWGAAAAIECawwAAIBAgTUGAABAoMAaAwAAIFBgjQEAABAosMYAAAAIFFhjAAAABAqsMQAAAAIF1hgAAACBAmsMAACAQIE1BgAAQKDAGgMAACBQYI0BAAAQKP8DC+bRqU9ewtgAAAAASUVORK5CYII=) --- **Screenshot:** ![vietstore.jp vulnerability](/twimages/screen-1254412.jpg) **Mirror:** [Click here to view the mirror](<http://1254412.openbounty.org/mirror/>) ### Coordinated Disclosure Timeline Vulnerability Reported:| 8 August, 2020 16:48 GMT ---|--- Vulnerability Verified:| 8 August, 2020 17:02 GMT Website Operator Notified:| 8 August, 2020 17:02 GMT a. Using the ISO 29147 guidelines| ![](/images/done.png) ---|--- b. Using publicly available security contacts| ![](/images/done.png) c. Using Open Bug Bounty notification framework| ![](/images/done.png) d. Using security contacts provided by the researcher| ![](/images/done.png) Public Report Published [without any technical details]:| 8 August, 2020 17:02 GMT Vulnerability Fixed:| 5 September, 2020 15:40 GMT ---|---