Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:
      a. verified the vulnerability and confirmed its existence;
      b. notified the website operator about its existence.
Affected Website: |
jimbyrdtaxman.com |
Open Bug Bounty Program: |
Create your bounty program now. It’s open and free. |
Vulnerable Application: |
Custom Code |
Vulnerability Type: |
XSS (Cross Site Scripting) / CWE-79 |
CVSSv3 Score: |
6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N] |
Disclosure Standard: |
Coordinated Disclosure based on ISO 29147 guidelines |
Discovered and Reported by: |
DayzSec |
Remediation Guide: |
OWASP XSS Prevention Cheat Sheet |
Export Vulnerability Data: |
Bugzilla Vulnerability Data |
JIRA Vulnerability Data [ Configuration ] |
|
Mantis Vulnerability Data |
|
Splunk Vulnerability Data |
|
XML Vulnerability Data [ XSD ] |
|
Vulnerable URL:
![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAAA3CAIAAABVZQ1/AAAACXBIWXMAAA7EAAAOxAGVKw4bAAASDUlEQVR4nO2dfUxT1/vAr1hrhfJWSkVApcwhMYY1zjG2qXFzUccaUxm6zTGtkyASJKRTBmxhHTPIEJyiM8aocf4xXWKIIcY406HrWOcLdrVWxA4Z1lKZAlJWsdbq/f1xvt7fzX3rBbmA8nz+IPece855nvuc557nntN7D+NwHMcAAAAAQACCRloBAAAA4IUFYgwAAAAgFBBjAAAAAKGAGAMAAAAIBcQYAAAAQCggxgAAAABCMXpjjFKpvHz5MlsSGFNA7wPPHZcvX96wYQMlcwx68iiNMVeuXHny5Mkrr7zCmATGFND7wPOIVqtNSEgg54xNTw4QY27evBkaGsp4yu12b926lS35jNTX1y9btowtOTyga+ewAHfFIVQjMjISHQ+tkZ8XUO+zWfUZrX3v3r21a9dGR0fHxcV98cUXjx49EkgQI0K0OVSQHY/xLNKcu5hA8LHboG+WQXcKWWJ3d7fVai0sLCQXGJFxbMQZ/Dymt7e3oqKCLfmMjIYYM3369K6uLvR3mEWzMbRGfl4QtPe1Wq3P57NYLA0NDSaTqaysTCBBwBDC564c/puFLNHj8QQHB0+cOJFcAGLMaOH27dt2u33hwoWMyeEEuQjFUYDhRNDef/Dggdls3rdvX1xc3MyZM7dv337s2DEhBL14iESipKQk8sEw89zdlSM4jo0svGLMzp07lUplVFTUp59+6na7MQxzu90JCQkej2fcuHE//vgjObl9+/bQ0NBt27ZNnjw5MjJyzZo1Dx48QO1cvHhx/vz5oaGhcXFxH3zwwbVr1xjF1dfXL168eMKECZTk8uXLt23bhjIvX748ceJEpAyGYevXr9+8eTN3gZdffpm7OkUN+loZOq6pqVEqlSEhIR9++GF3d/fmzZujo6OjoqLWrl17//59ovp3331HscAPP/ywZMkSosCXX365Zs0a1ObWrVujo6OnTJly4MABDMM6OjqWLFkSGho6c+bMn376CZWn2PzixYtvvPHGpEmToqOjV6xY0dHRgWHYP//8ExIS8tdff2EY1t3dHRkZeebMGf5qM7ZJrh4ZGfnJJ58QdiPz+PHjkpKSyZMnh4SErFixoru7G+Xfv39//fr10dHRU6dO/eabbx4/fjwgM1KcgW5VOnSJGIbdvn37/fffDw0NVSqVNTU1aHln0qRJt27dCgkJQRVbW1tjY2N5CmKUwiaID1evXo2Kivr9999R8uHDh+vWrQsNDZ0+ffrXX3+N2md0oYD3BaOq/B2Pkbi4uEuXLqGD8+fPo8xffvkl4GUSZRhHA0YvoqtKXqljHG0oNwuHbow+T4axI+gq0SVSoHjy2CFwjPF4PBaLxWQyXbhwweVyFRcXYxgWHh7e0tIilUq9Xm9WVhY5uXz5co/Hc+HChaampqamJrPZXFVVhZpSq9VardbhcDQ2Ns6bN08ikTBKZFsoU6vVBoMBZZ44ceLJkyenTp1CSYPBkJ6ezl1Ao9FwV+djL2SNxsZGi8XicrmSk5O7urqsVuu5c+fa29tLS0uJYk1PISyg0WiMRuN///1HXFdGRgYq3NLSYrPZDh06NG/ePAzD8vPzw8LCmpubT548SdzqFJubzeacnJzOzk6bzRYfH5+fn49hmFKpLC0tRavAZWVl6enpb7/9Nn+1GdtE1a1WK/IBh8NBlCdTVVVlMBgMBoPdbo+NjW1ubkb5BQUFLpfLbDafOnWqvr5+z549/PWhOAOjVekwSszPzxeLxa2trQaD4fDhw/Ra169f37RpU3V1NU9BjFL4CGLE7XZnZGRUVlbOnz8f5ZSXl/f391ut1lOnThmNxr1792IsLhTwvmBTlafjYRgWTYPxKrRa7aJFi1DsoXPx4sVFixZptVqUZBwN2LyIrioB42hDuVk4dGPzeQLGjqCrRJdIYWwulGEYhuGctLe3YxjW19eHkiaTKTExkTgllUrJJVESVXE4HCi/rq5u7ty5OI739PSIRCKv10uX4nA4EhIS0LHH45FKpT09PfSky+UKDg5GLaSmpup0ulWrViGJYWFhPp+Pu4DD4eCuTr92qVRKvkx0ab29vSjZ2NgYFBTU399PGGfGjBkcFsBxPC0t7dixY0TjXq8XFSauF8dxv98vkUjI1SMiIhhtTtDa2hoTE4OOfT5fcnKyXq+Xy+WdnZ381WZrk+IDjY2NhA+QUSgUZrOZkun3+6VSaVtbG0rW19enpaXx14fc+2xWpdiEUSIyKZFJNinC6XQmJiYePXqUpyBGKfjTvuMQRIFoMz09PS8vj3xKLpd7PB50bLFYUlNT0THdhbjd3uv1Mqo6IMdz0mC8HI/HU1FRIZPJVq5cabfbiXy73b5y5UqZTFZRUYEuim00YPQiuqoBRxuc5hhsupFBPk+pyNgRdJUoEunSycPamCJwjKEEErbxjtzrEomEyG9ublYoFOj4o48+UqlUOp2uurr67NmzRBm/3+9yudBxXV3dO++8Q5yiJFUqVUNDQ2dnZ3x8fG9vr0Kh8Pv9+/fvz8jI4FMgYHX6tXP4Ddka5CSHBSorK7VaLY7ju3fvXrlyJb1NHMddLhelOqPNzWbzu+++GxsbK5fLZTIZWRP0VFtbWzsgtdna5K6O6O3tFYlEfr+fku9yucRiMZG02+30e5hDH3Lvs1mV0hqjREom2aSItLQ0srkCCmKUQs+nC6KA2iwtLQ0KCjp48CCR39PTg2GY/CkymYzDhXBOx2ZTdUCONyB6eno0Go1IJCJyRCKRRqMhnioQ9NGAzYvoqvIZbRgfyOi60X2eXJGtIxgb5xgrKOPYmEI0DFMlgiNHjly6dMlms7lcLp1O9+abb+7atQvDsPHjx0+ZMgWV4X6jLD093WAwtLW1qdXq8PBwlUplNBrJK13cBQJWF5qMjAw00z9x4gSxaDA4NBpNdnb23r17JRKJ0+lcunQpcaqzszMoKKizs3MI2+TD+PHjByqRm+FZXrh9+7bVav3zzz+FFsRIf39/XV3d0aNH8/PzMzIywsPDMQzzer1BQUFNTU0i0f/u0KCg/y1rM7qQ0I5NXxy7e/cuY8kbN26UlZUZjcby8nIis7y8vLq6Oi8vr7y8/KWXXkKZ9NFgy5YtmABexK0bt89zdMSAGLsLZRiPtbJBzGMw0uz1+PHjxOyVjMViiY+Pp2T6/X65XE7M6ylJHMdNJlNqauqyZctOnjyJ4/iePXsKCgrQgyqfAgGr0699cPMYDgvMnj3bYDBERESg1Sf6AxFlyeL48eN0m9+5c4f8LGaxWIgyvb29MTExR48elclkzc3N/NVma5PPPAbHcYVCYbFYKJlsa2V89KH0PptV+a+Vtbe3o0zKEpbf7yf7GB9B3GtlbILotLe3i0Qi1E1qtTo/P584JZVK6atGCIoL4ZyOzabqgByP51pZbm6uVCrV6XRdXV2UU11dXYWFhVKpNDc3l16RGA0YvYh7HsN2r1FqMerG6POUiowdMaB5DH0cG1MMPsZ4PB6RSESsbBJJ1OuZmZlOp9Nms6lUKr1ej+N4c3Pz0qVLGxoaurq6HA5Hdna2Wq0mWkYrs0ajcfbs2UQmJYlQKBQKhQKVdzqdYWFhKpWKfwHus+QF4meMMXQLIMrKylJSUohrZ3RWjUZDrs5oc4VCsWfPnt7eXrvdrtFoiDJ5eXloCWXLli0LFy7krzZbmxzVyeaqqKhITU21Wq1OpzM/P99oNKL87OzsZcuWORwOm802Z86c2tpanvpQep/Nqn19fSKRqKWlhVhjoUvEcTwzM1Oj0bS3t9tstpSUFMrQT+l3PoIYpQQURIFsipaWFolEYrVaUTI3NzctLQ095ldVVZWXlxO1KC5E9B2bYzOqOiDH40lWVhYRX9muNysrC2cfDRi9KGCMYbzXKAMUm250n6d0NGNHMFqPLNHhcBCLeIzj2Nhh8DEGx3G9Xh8cHHzo0CFysqamRiqVVlZWKhSKiIiI1atXo59zfT6fXq9PSkoSi8UKhSIrKwv9Ik2WsmnTptLSUqJ9ShKxatWqzMxMIjl37lxKGe4CHGcZZ2aDizFSqbSqqopiAYTFYsEwjDAao7M6nc7FixdLpdKkpKTq6mpGmxuNxrlz50okkpiYGJ1Oh8o0NTVJpVL0WOf1ehMSEg4fPsw/xjC2yVadPoEoKiqSy+USiUSj0RBPix6PJycnRy6Xx8fH6/V6v9/PUx9K73NYtbi4mOyHdIk4jnd2dqrVaqlUmpCQUFlZyWYB/oIYpXALokMxRUFBwYIFC9Cx1+stLCyMj48PDg5OT08nPwVTXAjB4diMqg7U8YYWttGA0Yu4YwzjaIOgDFCMMPo8uaMZO4LRemSJXq9XIpGgeMM4jo0dAsSYQcBmfT4kJSWdO3eOLTnMPMuFcODxeCQSydh8w2RACNf7LS0txC/DgiKQIHAhAoFu0iGhoKAA/c4/suPYiDOsv/kH5Pr16xzJF4PTp0/Pmzdv+Ld4eu4QrvctFktiYqJAjQ+DIHCh54Lq6mo043whxzH+jPxeMkql8tKlSx9//PG///7Lv4rQ+2M/evTIZDLFx8cPbbNutxu9cjq0zQIB+fbbbw8cOHD37t3z58+Xlpbm5uYOpyD6N4wI4mtK/oALPS9MmDDhtddeG2ktRgFDPjMa0OzVarVOmzYNx/HVq1ejHwP5VxEUrVYrk8nq6uqGtlmxWJyRkcH4ISogKEajcc6cOWKxeMaMGTt27BhmQfT3sjjezuIGXIjMaF4rAxC8YkxtbW1iYqJYLFapVOjlSAR6qYMgPj6+uLiY+GCe+yxiy5Yt6H1Ns9lMfKnODVHlWeDjmmgX1WcUBAAAMJYJvFa2a9eu7du379u3z+l0FhUVZWVlEdv2YRiGdrPwer39/f1oPx/y903cZzHSp0kymczj8fCZeA3J10yjc29wAACAF42AUSg2NrahoYFI7tixg+PbDpPJlJyczOcsjuMulysiIgLNbHjOeclVhAam4QAAAM9IgHmM2+12uVzkjU4XLFhAbIZKRywW+3w+nmd5bnZN3pSbXGWU7A0OAAAAsBEgxqA38clhICwsrK+vj7HwvXv3ysrKsrOzeZ4NuOpF2QycUmWU7A0OAAAAsMI9zaGvF7W1tZG3z8Kebkoqk8mCgoKWLl1KrstxlrLZNUUQfTNwSpXRuTc4AAAAQCbAPAZttU3OefLkCbEFKYZhwcHBFovFYrFYrdazZ8/euXNn586dfM6ePn06NTWV7TuyWbNm+Xy+tra2kpIS4t8UkqtERkZmZmampaV9/vnnNTU1v/32G4Zhbre7p6cnJSWF3qBUKmWTJZFIpk6dio6Tk5MdDgdjsZCQkJKSktbWVp/PN2vWLMYyAAAAAJkAMQYtFj169IjI6evrCwsL+//6QUFxT5k/f35tbS3xX/a4z3IvlJWXlxuNxry8vBs3bhCZlCpHjhzZv39/SkqKz+fT6XQbN25E+YLuDY726aO8HQcAAAAwEiDGhIeHx8bGNjY2EjmNjY0cT/H0eQ/j2cePH584cYIjxpSUlNjtdoVCoVKpNmzYwFbl1VdfXbNmTUlJycGDB48fPx4eHi6TyQa6BYDX67116xY6ttvt06ZNYyy2YcMGlUoVExNjt9tLSkoGJAIAAGBsEvj7mOLi4s8+++zXX3/t7u7++eef9Xp9UVERucDDp1y7dq2oqIjyT34Yz5pMppiYGKVSSRTz+/3kJTgMw6Kior7//nubzYa+m6FUuXbt2nvvvXfmzJnu7u5bt27t3r1bpVJhGFZYWJiTk3PlypWOjo6NGzeSP+XhQKfTdXR0XL16Va/Xq9VqlCmXy71e799//42SHo/HZrPV1NRERUXxaRMAAAAYyu/8FQpFTk4O8X+TOM7SN7s+duxYSkoKhw6UKqNnb3AAAACAjXE4jg9nSEPMnDnz8OHDr7/+Oko+fPgwOTn5q6++WrduHc8qQ8XNmzdnz549iK0JAQAAgICMTIyh88cff7z11lvDLxdiDAAAgHCM/N7+iBEJMAAAAICgjJYYAwAAALx4jJa1MgAAAODFA+YxAAAAgFBAjAEAAACEAmIMAAAAIBQQYwAAAAChgBgDAAAACAXEGAAAAEAoIMYAAAAAQgExBgAAABAKiDEAAACAUECMAQAAAIQCYgwAAAAgFBBjAAAAAKGAGAMAAAAIBcQYAAAAQCggxgAAAABC8X94ote7uzowBAAAAABJRU5ErkJggg==)
Screenshot: ![jimbyrdtaxman.com vulnerability](/twimages/screen-1258214.jpg)
Mirror: Click here to view the mirror
Coordinated Disclosure Timeline
Vulnerability Reported: |
12 August, 2020 17:26 GMT |
Vulnerability Verified: |
12 August, 2020 17:39 GMT |
Website Operator Notified: |
12 August, 2020 17:39 GMT |
a. Using the ISO 29147 guidelines |
![](/images/done.png) |
— |
— |
b. Using publicly available security contacts |
![](/images/done.png) |
c. Using Open Bug Bounty notification framework |
![](/images/done.png) |
d. Using security contacts provided by the researcher |
![](/images/done.png) |
Public Report Published |
|
[without any technical details]: |
12 August, 2020 17:39 GMT |
Vulnerability Fixed: |
6 September, 2020 15:34 GMT |
— |
— |