Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:
      a. verified the vulnerability and confirmed its existence;
      b. notified the website operator about its existence.
Affected Website: |
millennialaccounting.com |
Open Bug Bounty Program: |
Create your bounty program now. It’s open and free. |
Vulnerable Application: |
Custom Code |
Vulnerability Type: |
XSS (Cross Site Scripting) / CWE-79 |
CVSSv3 Score: |
6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N] |
Disclosure Standard: |
Coordinated Disclosure based on ISO 29147 guidelines |
Discovered and Reported by: |
DayzSec |
Remediation Guide: |
OWASP XSS Prevention Cheat Sheet |
Export Vulnerability Data: |
Bugzilla Vulnerability Data |
JIRA Vulnerability Data [ Configuration ] |
|
Mantis Vulnerability Data |
|
Splunk Vulnerability Data |
|
XML Vulnerability Data [ XSD ] |
|
Vulnerable URL:
![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAAA3CAIAAABVZQ1/AAAACXBIWXMAAA7EAAAOxAGVKw4bAAASWUlEQVR4nO2df0wT5xvAb7WrFcqvQk8EVEBFYgxrnOvYhmbRTR0jpjJ0m2OKk6ASdIYpA+ZYhwsyBKfonDFqnH9MlxhiiDHOIHMdY/7saq2IFRnUUtgEpOzEWqv3/eP9erndr57IIYPn89e9P5/nfe+59+m9d/f0OZIkMQAAAACQANmzVgAAAAAYtoCPAQAAAKQCfAwAAAAgFeBjAAAAAKkAHwMAAABIBfgYAAAAQCqGro+JiYm5fPkyXxIApAZMDgCeniHqY65cufLo0aMXXniBMwkAUgMmBwADgg8f09raGhAQwFnkcrm2bNnCl3xKqqurFy5cyJccOlDzw5gogXl7eln9rvAMoZvHUNaTApkcn6pPOYQ7d+6sWLFCo9FERkZ++umnDx48kEgQJ0N2/ltbW0NCQoQrUJebcM0BR+SkDewyODzo/31MT09PSUkJX/Ip+a/4mIkTJ3Z2dg4/WQMO3Tz+EwOR1OQyMjI8Ho/ZbK6tra2vry8qKpJIEDBQiDTagV0GhwdDca+svb3dZrO9/vrrnMmhxujRo4elLEkZ4gOR1OTu3btnMpn27t0bGRk5derUbdu2HT16VApBww+5XB4XF0c/GEyGuNEOWUT5mB07dsTExISGhn744YculwvDMJfLFR0dTRDEc8899/3339OT27ZtCwgI2Lp169ixY0NCQpYvX37v3j3Uz4ULF2bNmhUQEBAZGfnOO+9cu3aNU1x1dfW8efOef/55RnLRokVbt25FmZcvXx49ejRSBsOwVatWbdy4UbjClClThJvTdUC3xhUVFTExMf7+/u+++25XV9fGjRs1Gk1oaOiKFSvu3r2Lib6Dvn///sqVKwMCAiZOnPjFF188fPiQ3n9ISMgHH3xAKcNXxJB14cKFV155ZcyYMRqNZvHixW1tbQyhfBUePnxYUFAwduxYf3//xYsXd3V18WViGHb37t1Vq1ZpNJrx48d/+eWXlOb0iaJ2Lfg0Z1gLY4ORcxIwDGtvb3/77bcDAgJiYmIqKio490Y41WbrLP6EIhgW+PXXX7ONmQ6nRL4hjBkz5tatW/7+/qhOU1NTRESEFILEcPXq1dDQ0F9//RUl2Yb67bffzp8/n6r/2WefLV++3OeVyKkqOgVbtmzRaDTjxo3bv38/hmFtbW3z588PCAiYOnXqDz/8IKxtZGTkpUuX0MG5c+dQ5k8//STciqrAt/6wrYitKt3s0TF7iWPYuRjdRgK+fQxBEGazub6+/vz5806nMz8/H8OwoKCgxsZGlUrldrvT09PpyUWLFhEEcf78+YsXL168eNFkMpWVlaGuUlJSMjIy7HZ7XV1dUlKSUqnklMi3UZaSklJTU4Myjx8//ujRo5MnT6JkTU1NcnKycAW9Xi/cnHPgdXV1ZrPZ6XTGx8d3dnZaLJazZ8+2tLQUFhb6nDqK4uLivr4+i8Vy8uRJo9G4Z88e1L/FYkETa7fb6R0KFFGYTKasrKyOjg6r1RoVFZWTkyOyQllZWU1NTU1Njc1mi4iIaGho4MvEMGzdunVOp9NkMp08ebK6unr37t3CI+XUnGEtPusjcnJyFApFU1NTTU3NoUOHOMVxqs2ns/gTSrdAgiAuPoZuzHT4JPocwvXr1zds2FBeXi61IE5cLldqamppaemsWbNQDttQ9Xq90Wj8559/qJlJTU31eSXyqUoQRGNjo9VqPXjwYFJSEtI8MDCwoaHhxIkTdB+jYcE3ioyMjLlz5yLfw+DChQtz587NyMhASb71h9OK2KrS4Vzi2HYuoNsIghSkpaUFw7De3l6UrK+vj42NpYpUKhW9JkqiJna7HeVXVVXNnDmTJMnu7m65XO52u9lS7HZ7dHQ0OiYIQqVSdXd3s5NOp9PPzw/1oNPpcnNzly5diiQGBgZ6PB7hCna7Xbg5e+A9PT0oWVdXJ5PJ+vr6qHmYPHkyY9Scs4EICwsjCAIdm81mnU7HmNi6ujr6xHIWMfqk09TUFB4e7rMCOsZx3GQyMSpwZnq9XpVK1dzcjJLV1dWJiYnskQYHBwtrzlCeYSqc9b1er1KppERXVVVRUoTV5tSZFH1CyX+bHJ8x04fDJ9HnEBwOR2xs7JEjR6QWxIDqMzk5OTs7m17ENlSSJBMTE48ePUo1dLvdPq9EPsvBMIy6tCnN6aOmNHew4BsOQRAlJSVqtXrJkiU2mw1l2my2JUuWqNXqkpISNCKB9YdtRWxVGQbMebJI1kXKqdtIw7ePEVhQ+HyMUqmk8hsaGnAcR8fvvfeeVqvNzc0tLy8/c+YMVcfr9TqdTnRcVVU1Z84cqoiR1Gq1tbW1HR0dUVFRPT09OI57vd59+/alpqaKqeCzuZiB05NifEx3dzeGYWGPUavVOI4/0cQyZCFMJtMbb7wRERGB+gwODvZZgSTJnp4euVzu9Xrpg+XMJEnS6XQqFAoqabPZ2J5MjOYk6xLlmzSqPkN0Q0MDe93kVJtTZ2FZjCTd5PiMmd4bn0SfQ0hMTKysrBwEQQxQn4WFhTKZ7MCBA1Q+p6GSJFlaWpqRkUGS5K5du5YsWYIqC19KYiwHVWOMWlhzAbq7u/V6vVwuR0m5XK7X66mfFAjO9YfTitiqMgyYb4nj/J3H0G2kIR+cuyXE4cOHL126ZLVanU5nbm7uq6++unPnTgzDRo0aNW7cOFRH+I2y5OTkmpqa5ubmlJSUoKAgrVZrNBrpO13CFXw2lwK32y2TyS5evCiX/3+2ZTKZx+N5ym71en1mZuaePXuUSqXD4ViwYIH4CqNGjWJ3yJk59BlwtQfnJcb29naLxfL7779LLYiTvr6+qqqqI0eO5OTkpKamBgUFYTyGimFYamoq2iw6fvw4te8k9aXE3hy7ffs2X+WbN28WFRUZjcbi4mKUU1xcXF5enp2dXVxcPGnSJJTJt/5gUho/W7eRhiTvlbnd7lu3bqFjm802YcIEqujFF19cvnx5QUHBgQMHjh07xmj48OHD48ePU1c4I4k9fiRDrQJ6vf7YsWNnzpyhLFu4gs/mUjBu3Dg/P7/u7u7Ix1AOtd/cvn3b6XR+/vnnkyZNioyMZD/Z4qsQFBSkVqsZn69zZmIYhuO4QqH4888/UbKxsTE6OlqtVvf19VEb9A6H4ynHwgmO4zKZrLW1lRLNrsOpNqfO4uWyTU7AmIUlCg8Bx3Gr1UrPkUgQJzKZrKqqavHixTqdbtOmTSiTz1CnTJmC4/jp06fPnj0r8kITeRZwHMcwjD5qqsjMgm8sa9as0Wq14eHhNputoKAAZRYUFNhsNhzHtVrtmjVrqMrs9YfP+IXxebIEdBtxCN/mCOwwEAQhl8upTUYqiTYr09LSHA6H1WrVarUGg4EkyYaGhgULFtTW1nZ2dtrt9szMzJSUFKpntE9qNBqnT59OZTKSCBzHcRxH9R0OR2BgoFarFV9BuJTarn3SvbLe3l65XN7Y2IhuuhnJ1atXJyYmoh9QZWVlxcXFT79XhuP47t27e3p6bDabXq8PDg5mCGVXQA1LSkp0Op3FYnE4HDk5OUajkS+TJMnMzMyFCxfa7Xar1Tpjxgy0t6PT6TIzMzs6Omw2W1JSkpi9Mrq1iNkrI0kyLS1Nr9e3tLRYrdaEhASqiL6lzqk2p84iTyjD5PiMmTHVnBIFhsAeiKSCGNCnorGxUalUWiwWlGQbKsovKipKSEigX7Ckr0uJrSrnPpJer6ePuh97Zenp6S0tLQKDTU9PJwXXH7YV+dwr4zxZJGtVFNZthNB/H0OSpMFg8PPzO3jwID1ZUVGhUqlKS0txHA8ODl62bBl6surxeAwGQ1xcnEKhwHE8PT29o6ODIWXDhg2FhYVU/4wkYunSpWlpaVRy5syZjDrCFQRKOZ8ZcA6cc93Pz8+nzwY96Xa7169fHxUV5efnl5yc3Nzc/PQ+xmg0zpw5U6lUhoeH5+bmojp0oZwVSJL0er15eXlhYWFKpVKv13d2dvJlkiRJEERWVlZYWFhUVJTBYEArXVNT05w5c1Qq1bRp0yorK8X4GJJmLSJ9TEdHR0pKikqlio6OLi0t5ZwETrU5dRZ5Qhkmh1qVlZUxjJkx1ZwS+YbAp4BEgtgwpmLdunWzZ89Gx2xDRfnoNoKybYTwhcZWldPHOByOefPmqVSquLi48vLyfj+P8YnA+sO2Ip8+hnOJQzBWRcCHj+kHAm83+SQuLu7s2bN8SWDE0tjYSD1WlRTpTG7QhiCFIIIglEol/T2rkczTLHEjkEF95u+T69evCySBEYvZbI6NjR0EQdKZ3KANQQpBp06dSkpKGuQQYcDw4FnGkrl8+TL9cRxi0AKqx8TEXLp06f333//rr7/EN4Fg74PG5s2b9+/ff/v27XPnzhUWFq5evfpZa/TEDNoQOAWxP2NEUO9riMTlcqG3lqXRHRjuDPidkfgbSa1WW1paSs+xWCwTJkwYcJXYUIKWLVuGHgmKbwIMDkajccaMGQqFYvLkydu3b3/W6vSHQRsCpyD2Z4zCHzPyoVAoUlNTOb9eHJnAXtkT0R8f0+8pRkFJ0XFnZ6dMJmMY7ldffZWTk4OOKysrY2NjFQqFVqs9ceIEQwG6m4yKisrPz6c+1BcuZQgymUzUB/DC0HXrN2Kmjj5LAAAA/2kGda+MHviaIAg/Pz9GKFPqdfudO3du27Zt7969DocjLy8vPT2dCtuHQDEt3G53X18fiq1E/8RJuJQuSK1WEwQhRvkB+TRPTIRwCA8OAMDwoR9+qd/3MQIvB5Mk6XQ6g4OD0Q1HREREbW0tVbR9+3b6u/nstvX19fHx8WJKGYJEjoXeRGrgThwAgGGD7/sYnzHk2fHAscfhr+nBsdmBrxlQAdVdLpfT6aTHOp09ezYVCZgThUIhEJ2FUcqI3M4JIyg3vQlnhHAx4cEx1v9mQnhwAACGN759jM8Y8pyB6zFWcGyBAO8IajMKvYxP9wGBgYG9vb18Gt65c6eoqCgzM1NkqfCuFyMeOLsJZ4RwCA8OAADAwRPd9XDGkOeMB84Ojk0K7pUxAqozNouam5sZH0VjjwPEqtVqmUy2YMECkaWM/w6gy2LHA2c34YsQLiY8OF1cC4QHBwBgBOD7PuaPP/548803IyMjNRqNTqdzu9300jt37nR2dkZHR6NX7+fMmUO91qVSqcR/tHXq1CmdTofqo1Db9NJHjx5RsWARfn5+KFKexWI5c+bM33//vWPHDjGldEEMpk2b5vF4mpubCwoKqL8pZDQJCQlJS0tLTEz85JNPKioqfvnlFwzDXC5Xd3d3QkICo0PhGVAqlePHj0fH8fHxdruds5q/v39BQUFTU5PH45k2bRpfbwAAAEMQ3z5Gr9fPnj3baDSazeYTJ04wSql44NSaLhAhVQD6ZhTaKXrw4AFV2tvbGxgY+C+9ZTIqOuysWbMqKyvpf9EoUCqwUVZcXGw0GrOzs2/evMmnG4Zhhw8f3rdvX0JCgsfjyc3NXbt2LcqXNDw4CtU3YsODAwDwH8WHj/EZQ35AAtczAqoHBQVFRETU1dVRFerq6oR/wrNvfThL2ZHb6XDGA+dswogQDuHBAQAAOPHhYzQajVqt/u6771wu140bNwwGA4ZharXa7XZfv34dvUKWnp6enZ199erV9vb2rVu3bt68ma+3sLAwt9t948YNDMNkMhnlFerr68PDw2NiYqia+fn5H3300enTp7u6un788UeDwZCXl8fo7f5jrl27lpeXx/iTLs5StiCv10vfhQsNDf3mm2+sViv10QyjybVr1956662ff/65q6vr1q1bu3bt0mq1GIatX78+KyvrypUrbW1ta9euZXzNw0dubm5bW9vVq1cNBkNKSgp7ljAMIwjCarVWVFSEhoaK6RMAAGAI4fOJjc8Y8pzxwPk+8qACX7vdbqVSiR5ic8bwF/+dP47jWVlZ1N/CC5SyBR09ejQhIUFg+IwmfBHCxYQHJ//9zB/CgwMAMOx5jiTJwXRpdD7++GOr1Xr69OmpU6ceOnTo5ZdflloiQ9D9+/fj4+M3bdq0cuVKkU0GitbW1unTpz9pdEIAAID/Fs/Sxzx48MBsNr/00kvPSgEMw3777bfXXntt8OWCjwEAYCTwLH3MSAZ8DAAAI4Fn+f8xAAAAwPAG7mMAAAAAqYD7GAAAAEAqwMcAAAAAUgE+BgAAAJAK8DEAAACAVICPAQAAAKQCfAwAAAAgFeBjAAAAAKkAHwMAAABIBfgYAAAAQCrAxwAAAABSAT4GAAAAkArwMQAAAIBUgI8BAAAApAJ8DAAAACAV4GMAAAAAqfgfbN30TwDxFYcAAAAASUVORK5CYII=)
Screenshot: ![millennialaccounting.com vulnerability](/twimages/screen-1258184.jpg)
Mirror: Click here to view the mirror
Coordinated Disclosure Timeline
Vulnerability Reported: |
12 August, 2020 17:16 GMT |
Vulnerability Verified: |
12 August, 2020 17:29 GMT |
Website Operator Notified: |
12 August, 2020 17:29 GMT |
a. Using the ISO 29147 guidelines |
![](/images/done.png) |
— |
— |
b. Using publicly available security contacts |
![](/images/done.png) |
c. Using Open Bug Bounty notification framework |
![](/images/done.png) |
d. Using security contacts provided by the researcher |
![](/images/done.png) |
Public Report Published |
|
[without any technical details]: |
12 August, 2020 17:29 GMT |
Vulnerability Fixed: |
12 September, 2020 16:38 GMT |
— |
— |