logo
DATABASE RESOURCES PRICING ABOUT US

sudomising.com Cross Site Scripting vulnerability OBB-1254785

Description

Following coordinated and responsible vulnerability disclosure guidelines of the **[ISO 29147](<https://www.iso.org/standard/45170.html>)** standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence. Affected Website:| **[sudomising.com](<http://sudomising.com>) ** ---|--- Open Bug Bounty Program:| **Create your bounty program now**. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| **[XSS (Cross Site Scripting)](<https://www.owasp.org/index.php/Cross-site_Scripting_\(XSS\)>)** / CWE-79 CVSSv3 Score:| 6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N] Disclosure Standard:| Coordinated Disclosure based on **[ISO 29147](<https://www.iso.org/standard/45170.html>)** guidelines Discovered and Reported by:| **xav0 ** Remediation Guide:| **[OWASP XSS Prevention Cheat Sheet](<https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.md>)** Export Vulnerability Data:| Bugzilla Vulnerability Data JIRA Vulnerability Data [ Configuration ] Mantis Vulnerability Data Splunk Vulnerability Data XML Vulnerability Data [ XSD ] Vulnerable URL: ![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAAA3CAIAAABVZQ1/AAAACXBIWXMAAA7EAAAOxAGVKw4bAAAPJ0lEQVR4nO2dfUxT1xvHr1iwyu2U0lYElJcQIMSwxjHGMjQEjXOMkG5D98ZGjYQBQUIYY5SZjLEMCQOXsYUsixqny+YfCyHEGGfIXiohKqy71orYoSmllG4DRl3FgmX398fN7/7u77710BfK9Pn8dc+55+X7PD33Pvec256uIUkSAwAAAIAgEBZqAQAAAMBDC8QYAAAAIFhAjAEAAACCBcQYAAAAIFhAjAEAAACCBcQYAAAAIFisihiTlJR07do1oSTgJ+DP1Qx8Og8x165dq6ysDLWKEBP6GHP9+vV//vnn8ccf500CfgL+XM3Ap/Nwo9VqExMTQ60ixHiJMePj4zKZjPeU0+k8evSoUBKdvr6+oqIioaRvjI+PR0VF+d+IkO2IBVYDtD//+uuvgwcPKpXKuLi4d99998GDBwHvyweH+DxsgsSyTPB/AARqtHuV4dXPdCMBuXaWS0BMWA0wRc7MzBiNxtra2tBKCj2kKBaLBcdxlFMiJcXJzs6+ePGiUNI3LBbLpk2b/GyEJEm32+1ngZBD+7OoqOi1116z2Wyjo6O5ubmNjY0B78uHMeDzsAkSy9Ljv/iAjHYSYRx6lUoXCNS1s1z8N2E1wBT5rxC8AoR4rWxqaspsNufl5fEmQ866dev8LBBaaH/ev3/fYDB8+eWXcXFxaWlpx44d++6770Kt7l+PRCJJTU31uXoAR7v/45C2xU+jfGaVX0qAzyDFmE8//TQpKSk6OvqNN95wOp0YhjmdzsTERJfLtWbNmq+++oqZPHbsmEwm+/jjjzdv3hwVFVVaWnr//n2hlvv6+vbu3RseHs5NDg0N7dy5UyaTxcXFvfTSSzdv3mRNqFmT+snJyWeffVYmk6WlpX3zzTd0/r1799566y2lUrl169YPPvhgaWmJaqezszMpKSkyMvLll1+emZl55513lEpldHT0wYMH7927h3Hm7+J6mG1GRUW9/vrrlKMwDJuamnr++edlMllSUlJnZyfvQsTS0pJOp9u8eXNkZOT+/ftnZmZ4lbM6EhHP8uf69esnJiYiIyOp/LGxsdjYWPSmhoaGnn766fXr1yuVyv37909OTtJKjh49qlQqt2zZcuLECaZFN27ciI6OvnTpEpVcWFg4dOiQTCZLSEh4//33KVtYo0hokPA6X6hNXrW8Unl9TsEd8LzExcX98ssvdPL7778XMYFbQHy08yrkNYS5zMV76XH9zJVK2xIXF3flyhVEi5hlEE3A+EZOQEwQqc7rNz/vDCgiAQwlxrhcLoIgBgcHr169arfbGxsbMQzbuHHj6OgojuNut7ukpISZfOGFF1wu19WrV4eHh4eHhw0GQ3t7u1DjIi9jCgsLtVqt1WodGBjIzc2VSqXiOqurqx977LGRkZHz588zY0xNTY3dbjcYDBcuXOjr6+vu7qaNGhgYIAjCbrenp6dPT08bjcbLly9bLJampiZu+171uFwuo9FIOcpqtdKNVFdXR0REjI2N9ff3nz59mld8e3t7f39/f3+/2WyOjY0dGRkRUr4s8bzL/bdu3aqvr+/o6EBvymAwlJeXOxwOk8kUHx9fXV1NKxkdHTWZTKdOncrNzaW7cDqdL774Yltb286dO6mclpaW+fl5o9F44cIFvV7/xRdfYJxRJPTJCjmft00htVypvD7HBAY8hmFKDiyRWq129+7dzKhDMzQ0tHv3bq1Wy8z0Otp5FQr5nBbPvfS4fhaRimgR1yh0E8St8NMEoZsPt0d/7gyIIgEMQ3gfg2HY3bt3qeTg4GBycjJ9ivd9DFXFarVS+T09PVlZWdSx1WpNTEykq7hcLhzHZ2dnucnZ2VmJRMJaouX2SC8cezweqVTK7JQ65fF4cBy/c+cOld/X15eTk0MpnJubozIHBgbCwsLm5+dpG1NSUljdedXDctTAwADlKEoYLYAWxkKlUhkMBmYOr3K6I6/iue6lsNlsycnJZ8+eXVZTTMbGxmJiYujqzPZphxQUFFRVVTFrKRQKl8tFHRMEkZ2dzfWhELzOF2mTq5YrleTzOSk64G0cWHVdLldra6tcLj9w4IDZbKYyzWbzgQMH5HJ5a2srrZZEGO28CnkNQbn0WH7mlcpFqBjXKHQTeK0IlAlC1bk9+nlnQBEJ72MolvfOn3lbF4kxUqmUzh8ZGVGpVNSxx+Ox2+30qZ6envz8fKHkK6+8olar6+rqOjo6fvrpJ3Exdrud1Sl1ym63R0RE0Plms5m64wi1w0yyionrEWqTJYAWxmRubk4ikXg8HmYmr3JxJ7CSLH9S5OTkdHV1iWvmJg0Gw549e2JjYxUKhVwu5/UPndPU1BQWFnby5Ek6f3Z2FsMwxX+Ry+X0kEC8DrnOF2mTq5bbC6/PvfoEhdnZWY1GI5FIqKREItFoNPRti8braOdVyOsulEuPtyJLKqJFQkYhmsArJlAmCFXn1vXzzoAiEmIMxYq+81+7du2WLVvopPi3lr/99tvjx49nZmYuLi7W1dUdPnx4JaVyCbaetWvXBrZB7kLZ1NSU0Wj0QblGo9m1a5derycI4vz58yIl5+fne3p6zp4929jYSL/JcLvdYWFhw8PDBEEQBGE0GgmCWJYArvNF2kRXuyyfe10rwzDs9u3b1dXVer2+paWFymlpadHr9VVVVbdv32aWRBztAR8VIlLRi/EatWpNAEKMeAjybR6DMSaSvb299ESSicfjUSgU9FyVlWRBEER8fPzdu3fDwsKY61FCa2W9vb3ia2U+zGO4elDmMZQwi8VC5YuslREEwfKP0FoZinhef3o8HmYOYlN//PEH8xmWIAiReYxEIhkZGSFJsrCwsLq6mj6F4zh3zYS3Ea9Qzhdqk1ctby9cn3P1MH3ida2soqICx/G6urrp6Wlm/vT0dG1tLY7jFRUVVA7KaOdV6HUeI3TpsSoKSUW0iNcoRBN4rQiUCULVuT36eWdAEQnzGArfY4zL5ZJIJPRKKJ2kPoDi4mKbzWYymdRqdXNzM90CvWKr1+u3b99O57OSIyMj+/bt++GHH6anp61Wa1lZWWFhIUmS2dnZZWVlDofDbDbn5uYyR4BGo2F2Sp8qKysrKiqyWq0mk2nHjh1dXV0+xBhePSgxhiTJ4uJijUZjsVhMJlNmZiadz1y8bm1tzc7ONhqNNpuNejTjVS7eETPJ8ifX/+hNkSSpUqm6u7vn5ubMZrNGoxFfK6OOR0dHpVKp0WikkhUVFTk5OSaTyW63t7e3t7S0UPmsUcSL0GAQapOrlvdq5/W5P2tlJSUl9MMEF4vFUlJSQh0jjnauQpQYw3vpsfwsLhXRIqZR6CaQCDHGZxOEqvP6zZ87A4pIq9XKXFJ7ZPE9xpAk2dzcvGHDhlOnTjGTnZ2dOI63tbWpVKpNmza9+eab9EszZmv19fVNTU10U6zk4uJic3NzampqRESESqUqKSlxOBwkSY6NjeXn5+M4npGR0dXVxRRjs9n27t2L43hqampHRwczFpaXlysUivj4+ObmZo/H40OM4dWDGGMcDkdhYSGO44mJiW1tbbw3aI/H09DQoFAopFKpRqOhHs24yr1+InSS5U+hwogxRq/XZ2VlSaXSmJiYuro6lBhDkmRNTc2uXbuoY7fbXVtbGx8fv2HDhoKCAuYjPGsUcREaDEJtctXy3mJ4fe7/+xgUEEc7V6HXGCN06ZEIfvYHdBNIbzHGHxOEqvP6zc87g1eRbrdbKpWKPz89CniJMT6AOENMTU29fPmyUPJhZXR0lH49GFQeEX/+SwnSp/MQLM74acLKeAC9l5qaGu73bh41JCv79ud/3Lp1SyT5sEIQRHJy8gp09Ij4818KfDqPCB0dHcv9esvDhy/fK3vw4MGrr776+++/I5Z/xHcv//DDD0+cOPHnn39euXKlqampoqIi1IpWKdwvblH8/fffoZYGAL4QHh7+5JNPhlpFiPFlHhMeHh4REVFfX3/mzBmvhWH38ry8vNra2qqqqm3bttXU1JSWloZa0SpF6Ilv9W9uDQCAEGtIkvRaaGFhQavVnjt3jn6i/PXXXwsKCqamprzW/eijjxwOx2effeaPyvHx8e3bt4s/zzqdzu7ubp1O509HAAAAQADxvla2sLCwb98+j8fDzJTL5S6XC6WDgPxDRkJCwvT0tHiZubm51tZWPzsCAAAAAoj3GONwOPbs2UNtobhcVtXu5QAAAMAK4z3GJCQkvPfee+gtMvfc9rp7OYa2gXmgtv4GAAAAVpJA7lfG3cAcZa/+5W5gHtjdywEAAIAggvg7GqHdySh4NzBH2b2cRNvAXGg7I/93LwcAAACCR2DmMRkZGYuLi3fu3NHpdPSfLV68eDE7O5v628eoqKji4uKcnJy33367s7Pz559/pso4nc7Z2dnMzExWgziO8/5fJIZhUql069at1HF6errVauUtFhkZqdPpxsbGFhcXMzIy/LcRAAAAWC6BiTG8e32j79UfpN2/YetvAACA0BKYGKPT6cxms0qlUqvVlZWVGIYtLS2dO3eO9a3lJ554orS0VKfTnTx5sre3F8OwjRs3yuXyZe0C4Ha7JyYmqGOz2bxt2zbeYpWVlWq1OiYmxmw2w49mAAAAQoKPMcbj8Ugk/7dHQHR09CeffGIymajfzQwODsbExCQlJVFnb968+dxzz/34448zMzMTExOff/65Wq2mTtXW1paXl1+/fn1ycvLw4cOXLl3y2ntdXd3k5OSNGzeam5sLCwupTIVC4Xa7f/vtNyrpcrlMJlNnZ2d0dLRvNgIAAAB+4mOMIQiCdwKRkJBAbTDDWihLSUnJycmpqKiIjY3Nyspyu93Hjx+nTjU0NOTl5eXn56ekpNhsNq/vTnAcz8rK2rFjR25ubmZmZkNDA5UfGRl55MgRtVpNfXf5zJkzCQkJvlkHAAAABASkvWRYLCwspKenHzly5NChQ0Jl0tLSTp8+/dRTT/knjw3KpjIAAADAKsGXPTHXrVv39ddfP/PMMyJlYPdyAAAAwMe1MvEAAwAAAABYYH/nDwAAAABMfHkfAwAAAAAowDwGAAAACBYQYwAAAIBgATEGAAAACBYQYwAAAIBgATEGAAAACBYQYwAAAIBgATEGAAAACBYQYwAAAIBgATEGAAAACBYQYwAAAIBgATEGAAAACBYQYwAAAIBgATEGAAAACBYQYwAAAIBgATEGAAAACBb/Abg1ahDnEvBSAAAAAElFTkSuQmCC) --- **Mirror:** [Click here to view the mirror](<http://1254785.openbounty.org/mirror/>) ### Coordinated Disclosure Timeline Vulnerability Reported:| 9 August, 2020 10:34 GMT ---|--- Vulnerability Verified:| 9 August, 2020 10:51 GMT Website Operator Notified:| 9 August, 2020 10:51 GMT a. Using the ISO 29147 guidelines| ![](/images/done.png) ---|--- b. Using publicly available security contacts| ![](/images/done.png) c. Using Open Bug Bounty notification framework| ![](/images/done.png) d. Using security contacts provided by the researcher| ![](/images/done.png) Public Report Published [without any technical details]:| 9 August, 2020 10:51 GMT Vulnerability Fixed:| 2 September, 2020 20:06 GMT ---|---