Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:
      a. verified the vulnerability and confirmed its existence;
      b. notified the website operator about its existence.
Affected Website: |
ventilatie-winkel.be |
Open Bug Bounty Program: |
Create your bounty program now. It’s open and free. |
Vulnerable Application: |
Custom Code |
Vulnerability Type: |
XSS (Cross Site Scripting) / CWE-79 |
CVSSv3 Score: |
6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N] |
Disclosure Standard: |
Coordinated Disclosure based on ISO 29147 guidelines |
Discovered and Reported by: |
xav0 |
Remediation Guide: |
OWASP XSS Prevention Cheat Sheet |
Export Vulnerability Data: |
Bugzilla Vulnerability Data |
JIRA Vulnerability Data [ Configuration ] |
|
Mantis Vulnerability Data |
|
Splunk Vulnerability Data |
|
XML Vulnerability Data [ XSD ] |
|
Vulnerable URL:
![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAAA3CAIAAABVZQ1/AAAACXBIWXMAAA7EAAAOxAGVKw4bAAARQElEQVR4nO2dcUwT5xvHT6xSsYCUUhEwgn+gMYaRhTHc0C1q1JGGVER0jimLBB0BRhrmnC6OsQ0dotscY2ZxiW7LNAshhBDCTOeWarpMsStYERCJ1FKYIlJWsdbK/f647HK7e9+3R+lB8fd8/up7995z3+d93pen99I+nUXTNAUAAAAAEhA03QIAAACAZxbIMQAAAIBUQI4BAAAApAJyDAAAACAVkGMAAAAAqYAcAwAAAEhFQOSYhISEtrY2XBOYRiAWAABMhunPMdeuXRsfH3/uueeQTWAagVgAADBJvOSYvr6+0NBQ5CmHw3H48GFcUzyNjY2ZmZm45iRhVXEdITiFvFb8JRNCjM0J3RfX2WfxE4pFX19fRESED3fxLwEig0WKmeMXGRNasD548eDBg7feeisqKio2Nva999578uSJb3amBt+mTcC6E1D4/hwzMjJSWVmJa4pH0hzDqlqyZMnQ0JBv1/p2uVeksOlf/BsLIKDwecGKJC8vz+12m83mCxcuGI3GQ4cOSXcvIJCZ5r2ygYGB7u7uV199Fdn0L8HBwdN4+ZTZ9BeSxgJ4tnn06JHJZPr2229jY2OXLVt2/Pjxurq66Rblf2QyWWJi4nSrCHRE5Zgvv/wyISEhMjLyzTffdDgcFEU5HI74+Hin0zlr1qwzZ85wm8ePHw8NDT169OjChQsjIiJ27dr16NEjnOXGxsYNGzbMmTOH19y2bdunn37Kdlu1atWZM2coinr8+PHu3btDQ0OXLFny4YcfPn36lHlcPXbsWEJCQkRExBtvvMEo5IlkVCE1XLlyZdWqVfPmzYuKitq6dWt/f7/QQe5DsVAD0uzmzZuPHj3KvG5rawsODmaF7dmz591332VtElzgcv369cjIyIsXL05IBstnn30mjAjBCDc0yCGiKKq/v3/jxo2hoaHLli376aefmIPI2CEtEBx/+vTp+++/v3Dhwvnz52/duvX+/fsEwUgZBK5cubJ69erQ0NDY2NgtW7bcuHGDYJyg/PDhw1FRUYsWLfruu+8IminUCsKBtIwLk9AR3u4NbguIN715d8ctXqEXuP7z5s27c+fO/PnzmQt7enpiYmJ4GrzO56+//nrjxo1s/4MHD+7atcvrsnr48OGePXuioqIWL1780UcfMWOFHFXctMFNDyGxsbFXr17FnQUYvOcYp9NpNpuNRuPly5ftdvv+/fspigoPD+/s7FQoFC6XKzc3l9vcvHmz0+m8fPlya2tra2uryWSqqqrCGcdtlOXk5DQ0NDAHBwYGzGazVqulKKqiomJsbKy9vb2lpcVgMJw8eZJR2N7ezii0Wq0HDhxgLuSpwmkwmUwFBQWDg4MWiyUuLq6oqEjoILc/UoMQjUaj1+uZ101NTePj4y0tLUxTr9dnZGTwBhnpAovD4cjKyjpy5Mjq1asnJIO13/ov3IgQjHBDgxwiiqKKiorCwsI6Ojqam5vZVYqMHc4CzvGqqiq9Xq/X67u7u2NiYjo6OgiCkTIIaDSavLw8q9V66dKl9PR0uVxOME5Q3tnZabFYTp8+nZ6eTtCMXEHkYPEs48KEc8QrhOmNW7w4L7wu9q6urrKysurqau5BMfNZq9UaDIZ//vmH6dDY2JiVleV1WZWUlNjtdpPJ1NLS0tjYWFtbixtV3LTBjWqUAJGj/f8OTeT27dsURY2OjjJNo9G4dOlS9pRCoeD2ZJrMJVarlTleX1+fkpLCvLZarfHx8ewlTqdToVAMDw8Lm2NjY2FhYYyR2trazMxMpo9KpXI6ncxrs9mcmprKU3jp0iVWIU8Vq5annEtPT090dLSwG/e1UAPSlN1uDwkJcblcNE2npqbqdLodO3YwpsLCwtxuN2/EkC6wfTIyMgoLC7n2kUOB9IsQEZwvvNAgh8jj8cjlcq7ZBQsW0PjYCS0QHFer1SaTSXh3oWCcDBzDw8MymYyJi1fjZOW88UFqJqwgJEjLSGFIR4SrkhkN4dxAzhbcVMF5QZhaDDabbenSpefOnePdVMx8pmk6LS2trq6OvdDlcpGXlcvlUigUvb29jJ3Gxsa0tDTkqOKmDWF62AQI+wBCZF6TkEKhYJ++Y2JihoeHvV4il8sXL17MvF6+fLnVamUvNxqNbLfz58+npqayz/Lc5rx58zIyMhoaGoqLi+vr6/Py8iiKevDgwdDQUHx8PNN/fHxcJpPxFMbFxYlRyOWvv/7at29fR0eH2+0eHx8fHx8ndMZpoCiK+77m3r17ixYtSkxMNBqNK1assNvthw4dSkxMfPr0qV6vX79+Pbs9yEB24eDBgy0tLadOnRIjAwkyIgQjvNAgh+ju3bsURXHNMi+QscMNMtJxh8MxPDyclJTE8wIpGCcDR0RERHZ2dlpa2tq1a2NiYlJSUl555RXCaBCUc7ehcJqpia8gnmWcMJwjkwS3eHFe4PozZGdnl5aWbtu2jXtQ/HzWarVNTU1btmxpamrKyMgIDg4mL6vh4WG3252QkMDqYbILJRhV3LQhjGpsbOxEBxOgKMp7jvEjs2fPXrRoEdskf6IsJyenpqYmNzf38uXL9fX1FEW5XK6goKDW1lb2T2FQUJDb7Z6kKq1Wm5+ff/LkSblcbrPZNm3aROiM1MC8MJvNvM4ZGRl6vb63t1ej0YSHhycnJxsMBuFGGZmxsbH6+vpz584VFRVlZWWFh4fjZEx0KAi+8GIxoSGiULGbqAWKombPni1e8IQ4e/bs1atXLRaL3W7X6XQvvfTSV199hTM+IeVCzZOH4LXQkbKyMr8L8JmBgYH29vY//viDe1D8fKYoKisri9nXampqYt6sUH5aVgSQ04P675tIhnv37vnljs845Mcc3KM38hRyr6yhoYH3+Mzg8XhUKhX7VMtr0jTtcrmUSuUXX3yRlZXFHlQoFLztCIJCWsRe2d27d2UyGdvfbDYjHeS+FmrAYTQaU1NTMzMzm5ubaZqura0tKSmJjo622+04bbRgkGUyWUdHB03TGo2mqKhI/FBwj+MigvSFFwvcEPF2GxoaGljZvNjhLBAcV6vVZrNZ6ItQMEGGGMxmc1xcHM64SOUEzeT5KQRpWcyUYxwZHR0NCgribj9OZq+MnSqELTjCYvd4PNwVTU9wPjOsXLlSr9cvWLCAu1OHW1Yejwe3V8ZzVuS04U4P2CvzDd9zjNPplMlk3d3dvCYz7bKzs202m8ViSU5OLi8vZy2wG50Gg2HlypXscV6TYceOHWFhYT///DN7ZO/evWlpacxbjKqqqoqKCvIa5qpiu42Ojspkss7OTo/HQ9O0Wq2ura0dGRnp7u7WarVIB7mXCzUQBlCtVqvVasZrm80WFhaWnJzMG1uRibyzs1Mul7e3t+Nk8Pxih5oQEaQvwljghkir1XLNckeeFzukBYLjlZWVqamp7e3tNputqKjIYDAQBBNkCOno6Ni0adOFCxeGhoasVmt+fr5GoyEYF6OcoNkvOQYpDOdIampqfn7+4OBgd3d3eno6czve3KD/O729ThVyjsEtdq5loXde5zNz/NChQ0lJSWyMGAjLKj8/PzMz02q1WiyW559//sSJE7hRRU4bwvQAfMP3HEPTdHl5eUhIyOnTp7nNY8eOKRSKI0eOqNXqBQsW7Ny5c2xsTGitrKzswIEDrClek6GhoUGhULCX0zTtcrlKS0vj4uJCQkIyMjJ6e3u9rmGuKvbg/v37WeUGgyElJUUul0dHR+t0OqSD3LsINRAGcMeOHdnZ2WwzJSWFdXOiOYam6ZKSkjVr1hBksH4JH8KqqqqEEUEaEcYCN0Q2m23Dhg0KhSIxMbG6upo7dLzYIS0QHPd4PPv27VOpVHK5XKvVDg0NEQQTZAhxu93l5eWJiYlz585Vq9W5ubmDg4ME42KUEzT7JccgheEc6enpWbt2rUKhWLFixYkTJ9jbcec8g3BpMHcXLl7yRwmQix3p7ETnM03TzBY0VzZNXFZOp7OgoEClUsXFxZWXlzM5FTmqyGlDmB6Ab8yiadq/m299fX0rV65kP3GIY9myZd9///2LL76IbALTCMTi/xaRi9fn/j7w8OFDlUplt9sDqkQQIJ4p/Z8/l66uLkITmEYgFkDgcP78+fT0dEgwMxdJask8fPgQCsLPFNra2t5++23c2SdPnrz++ut///23SGuB81sAwm/MMUj6pls8AS4vQHA4HDU1NTk5OdMtBPAd/z/HMO+CoSD8TCEvL2/79u24s3PmzJk7d25ZWdkPP/zg1VRA/RaA8KPkDAFSKDfA5QUIarVao9Hs3LlzuoUAk8Dv/+H55JNPuB9J9A3CV/G5MLVjxdjx+r9Wv+MvFyZpn3zHoaGhoKAg7od/XC7X9u3buZZNJhNb+4BMQIUeAIBAwP97ZX4pCC+y7r3U9cknQ8C6wL2j0+kMCQlhyz8/fvx406ZNHo+H21+pVDqdTjGWIfQAAPDwc47xY0F4v9S9Z4tvT0sV7kAu3Y9kcHBw/fr1vPKFIgm00AMAEAh4zzG//PKL+A68gvDIEtnCEujCytvCn60U1g/n1SdH6mSLb8fGxv75558+eIT0QiIXcNpwpfW5IMu/C1XhirozLFmy5ODBg+TBwQ1UoIUeAIBAwHuOycvLW7duHfJnEq5cubJu3Tq2jhD1390SXIlsZAl0YeVtLsj64bz65ASdk/EI6YVELuC04crLc8GVf+epIhR1nxAzNPQAAEw1Xv9j43Q6KysrlUplTk4OWzmmu7s7JydHqVRWVlayFbm5BeEJJbKFJdCFlbd5X1OnMPXDud2QOifpEc4LiVwQ4wW3vDz3QmRpdGSheFwdNmQHYXNGhx4AgClG7OfKhoeHtVotWx9QJpNptdqRkRFun/r6+rVr17LN7du3Jycn63S66urq33//nTk4MjIik8nYokkM5IJ9t2/flsvl7KmOjg61Wo27kKdzkh4hvZDaBaE2k8m0fv36mJgYlUqlVCqF5UyYQuuqf1EqlYx9rynEhxzzDIQeAIApQ9T//G/dusXU+KuoqGCOVFRUGAyGwsLCW7dusd14Hys6e/bsqVOnkpKS3G63TqcrLi5mT0lRAh2pU3xPpEcU3guJXEBq02q1a9asMRgMZrO5ublZeAlbGt1sNpvN5vb2dtzXLybPTA89AABTitcstHfvXoVCodPp2LqEDENDQ6WlpQqFYu/evTSqOD8XbolsYQl0r29mKUz9cF45ZKROnz0ieCGRC0htIsvLI0ujS/EcQ8/k0AMAMMV4f45xOp0Wi+XYsWORkZHc45GRkZ9//rnFYmG+PGE0GqOjo9lfoLtx48Zrr73222+/3b9//86dOzU1NcnJycyp0tLSgoKCa9eu9ff3FxcXX7x4UUwu1Ol0/f39169fLy8v12g0zEGVSuVyuW7evEnQ6bNHBC8kcgGpLSoqSqlUfvPNNw6H4+bNm+Xl5cxxpVLpcrm6urqYj5Dl5uYWFhZev359YGDg6NGjH3/8MU4G945BQUG8b8MI8Xg8vB/ZnLmhBwBgqvFXsuIVhCeUyBaWQPf6ZpZQP5z3+wL+BefFFLuAK63PrdaOLI2O+848e0eXyyWXy3n/J+ddVVdXl5SURBilZzL0AAD4Bb/V9peuIPwU1A+XmkB24Z133rFYLL/++ivy7OPHj5cvX/7BBx/s3r0bZwFCDwAADr/VxISC8DOU6upqwgcEgoODf/zxx5dffplgAUIPAAAOSWr7AzOIOXPmvPDCC4QO5AQDAABAAHIMAAAAIBX+/61lAAAAAGCA5xgAAABAKiDHAAAAAFIBOQYAAACQCsgxAAAAgFRAjgEAAACkAnIMAAAAIBWQYwAAAACpgBwDAAAASAXkGAAAAEAqIMcAAAAAUgE5BgAAAJAKyDEAAACAVECOAQAAAKQCcgwAAAAgFZBjAAAAAKn4H9Eh7mqJypKOAAAAAElFTkSuQmCC)
Mirror: Click here to view the mirror
Coordinated Disclosure Timeline
Vulnerability Reported: |
12 August, 2020 09:50 GMT |
Vulnerability Verified: |
12 August, 2020 10:01 GMT |
Website Operator Notified: |
12 August, 2020 10:01 GMT |
a. Using the ISO 29147 guidelines |
![](/images/done.png) |
— |
— |
b. Using publicly available security contacts |
![](/images/done.png) |
c. Using Open Bug Bounty notification framework |
![](/images/done.png) |
d. Using security contacts provided by the researcher |
![](/images/done.png) |
Public Report Published |
|
[without any technical details]: |
12 August, 2020 10:01 GMT |
Vulnerability Fixed: |
13 September, 2020 14:41 GMT |
— |
— |