logo
DATABASE RESOURCES PRICING ABOUT US

pleycs.com Cross Site Scripting vulnerability OBB-1265570

Description

Following coordinated and responsible vulnerability disclosure guidelines of the **[ISO 29147](<https://www.iso.org/standard/45170.html>)** standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence. Affected Website:| **[pleycs.com](<http://pleycs.com>) ** ---|--- Open Bug Bounty Program:| **Create your bounty program now**. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| **[XSS (Cross Site Scripting)](<https://www.owasp.org/index.php/Cross-site_Scripting_\(XSS\)>)** / CWE-79 CVSSv3 Score:| 6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N] Disclosure Standard:| Coordinated Disclosure based on **[ISO 29147](<https://www.iso.org/standard/45170.html>)** guidelines Discovered and Reported by:| **geeknik ** Remediation Guide:| **[OWASP XSS Prevention Cheat Sheet](<https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.md>)** Export Vulnerability Data:| Bugzilla Vulnerability Data JIRA Vulnerability Data [ Configuration ] Mantis Vulnerability Data Splunk Vulnerability Data XML Vulnerability Data [ XSD ] Vulnerable URL: ![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAAA3CAIAAABVZQ1/AAAACXBIWXMAAA7EAAAOxAGVKw4bAAAPwElEQVR4nO2db0xT1xvHr1hZoRflT1sQaqBokBCCxhDGFpY5NUoYIR0ibhmbuBFHCFsYcU4xYYwZdAzcxpwxy5Ygb/SFM4aQxRHikoYwJohd1zBsgEGH0LDydxctFbm/F3e/k7t7z7m9Ba5l8nxe9dze+5znec7ZHvu0fM86lmUpAAAAAFCAAH87AAAAADy1QI0BAAAAlAJqDAAAAKAUUGMAAAAApYAaAwAAACgF1BgAAABAKVZFjTEajb/++itp+BSzdiIFAGBt4v8a89tvvy0uLu7YsQM7fIpZO5ECALBm8VJjhoeHQ0JCsG/NzMycPXuWNJRPc3NzTk4OaSjfn/8c0pEqgXT2pqamjh49qtPpYmJiPvzww0ePHi1hivfffz8oKOjy5ctLc2x4eDgsLGwJ8y4HOZtqydsbANY4S/8cMz09XVNTQxrKx6ca8zSx2iItLCz0eDwWi+XWrVsdHR2VlZW+WpiYmGhoaOjs7CwoKFDCQ4WIjY11uVzS9yx5ewPAGsfPvbKxsTG73b57927s8ClmtUX68OHDnp6eb775JiYmZvv27efPn7927ZqvRhiGCQ4O3rFjx/r16316UKVSJSQk8F88YZ555pknPykArAVk1Zgvv/zSaDRGRES88cYbMzMzFEXNzMzExcUxDLNu3brLly/zh+fPnw8JCfnss88iIyPDwsKOHDny8OFDkuXm5ub9+/dv2LBBMOTaF16NzM/Pv/322yEhIbGxsR999NHjx48pivr6668PHDiA7jl9+vSRI0ceP3586tSpyMhIjUZz6NChiYkJ7t2urq4XXnghJCQkJibm4MGDv//+u2AK7INzc3PvvPOOTqfbsmXLxx9/zM3L+VxfX280GjUazeHDhycmJj744AOdThcREXH06NG5uTls4CQfsNF1dXU999xzQUFBOp3u0KFD9+/fR1OfPXtWp9Nt3rz5u+++I3mOXU2KooKCgv7880+NRsMN+/v7o6OjKYq6f//+gQMHNBrN1q1bP//8c4lG1sTEBH9LkLKEvRgTE3Pnzh3uxS+//MIZ/PHHH0lziW/A5lCcAWyi+J067K4T7HZprwAA4OO9xjAMY7FYOjo6bt++PTo6evLkSYqiNm3a1NfXR9O02+0uKCjgD1955RWGYW7fvt3d3d3d3d3T01NbW0syLtEok2Okurr6wYMHVqv15s2bZrP50qVLFEWZTCaz2fz3338jm7m5ubW1tW1tbW1tbXa7PTo6ure3l3s3Ozu7sLDQ4XC0t7dnZGSo1WrBFNgH33vvvdHR0Z6enps3bzY3N1+8eJGfq/b2dovFMjo6mpiY6HK5rFZrZ2fn0NBQRUUFNlKSD9joenp6jh075nQ6bTabwWAoLS1FU/f19dlstsbGxoyMDJLn2NUUcO/evePHj9fV1VEUVVpaunHjxr6+vtbW1sbGRnSPTkRERAR/S5CyREqdmMLCwr1793K1R0BXV9fevXsLCwvRFWwOSRkQJIoPdtcJdjvJYQAAMLCSDA0NURQ1OzvLDTs6OuLj49FbNE3z7+SG3CMOh4O7fv369dTUVO61w+GIi4tDjzAMQ9P05OSkeEgyIphUq9UyDMO9tlgsaWlp3Ov09PRr166h+91ut16v7+npEUQ3OTmpUqncbrdEBsQPLiws0DQ9ODjIDZubm9PT05HP09PT3PX29vaAgIAHDx6g1G3btk0cqYQPpOgQ/f39UVFRaGqUSZLnEquJGBkZiY+Pv3r1KhepWq3mr0JoaCi6TQD779XBZomUOiwMw9TU1ISHh+fn59vtdu6i3W7Pz88PDw+vqalBySHlkJQBQaLkbF3BxgMAQCYqr0WIpmn0q5vo6OjJyUmvj6jV6i1btnCvExMTHQ4HeryjowPd1trampaWhtovgiHJCGJqasrlcsXFxXHDxcVFleqfcEwmU0tLy8GDB1taWrKystxu9+TkZEpKisBCWFhYXl5eenr6nj17oqOjU1NTX3zxRf4NMzMz4gfHx8c9Ho/RaES+cf9v4nK1adMm7rXBYNi4cWNQUBCKHX2xzI+U5AMpurt37544caK3t9fj8SwuLi4uLqKp+Y0srOeUjNXMy8srKys7fPgwFylFUfxVQLfFxMRQkmCzJJE6MRqN5tSpU8XFxW+99VZSUhL3O7ekpKTs7OzBwUGUZ1IOJTIg0fHzuusAAPAJ7zVmBVm/fv3mzZvRcJm/KHO73QEBAd3d3ai0BAT80/rLzc3l2iAtLS2oo4L9IvrKlSt37tyx2Wyjo6Pl5eXPP//8V199JXZbvldyEESK9YEUnclkKioqunTpklqtHhkZyczMlJjIV8/HxsasVuvPP//s9U6dTie48tdff/k0lxwGBgYqKyvNZnN1dTV3pbq6uq6urqSkpLq6euvWrehOcQ7PnDlDKbB2AAD4hvTHHHFDDHVLZPbKbty4gRoOfBYWFrRaLWqbCIYkI4JJaZoWd8A4kpOT29raQkNDudaQXq+3WCzSwVosFoPBILgoflCiV0bKFX8oiFTCB3F04+PjKpWKfzNnE9vJEXsu7SHnG98xQa/sxo0bT7JXVlxcTNN0eXm5y+XiX3e5XGVlZTRNFxcXYx9EOfSaAcFFia0LvTIAWBpLrzEMw6hUKtQoR0PuP9S8vLyRkRGbzbZz586qqipkATXNzWZzcnIyui4YkozMzs6qVKq+vr6FhQWWZYuLi9PT07l/vdbW1lZXVyMLlZWVKSkp2dnZ3LCmpiYtLc1qtY6MjJSWlprNZpZle3t7MzMzb9265XK5HA5HUVERdz+/s499sKioKCcnx+Fw2Gy2Xbt2NTQ0SOeKPxRESvKBFJ1er7948eL09LTdbjeZTBI1Ruy51xojiJ1lWZPJxF8F8f18BPaxWcJexFJQUDA0NCQxV0FBAfealEOvGRC4LbF1BbsdAACZLL3GsCxbVVUVHBzc2NjIH9bX19M0fe7cOb1eHxoa+uabb6LvvfnWjh8/XlFRgUwJhtydWCMnT55Ek7rd7rKyMoPBEBwcnJWVxf83uMVioSgK+bawsHDixAmtVqtWq00mE/dPY4/HU1VVlZCQEBgYqNfrCwoKnE6nIGTsgwzDHDt2TKvVGgyGqqoqruDJrDGCSLE+cG9hozObzampqWq1Oioqqry8XKLGiD33WmPEV0ZGRvbv3x8cHBwfH19XV+dTjcFmCXtxmZBy6DUDArcldh0r2u0AAMhhHcuyK9t8Gx4eTk5ORj8dJrF9+/ampqZnn30WO5RpRIK5uTmtVjs6OvrktUmkEUT6H2J4eHjnzp1TU1P+dkQplr/rAAAQ8ES/8+dz7949ieHyaW1tzcjIWG0FhlIgUgAAgFWLn7VkFFL1n5mZuXDhQn5+/vJNrUH8fuKA3x0AAGCl8GeNUU7VH/XTl29qreH3Ewf87gAAACvIyteY2NhYmR1tib+PkW8Ey/z8/Pfff48VOlyp0wGewCkDftGT56/C/Pz8a6+9hsKMjY0VfBmjRBJWRI56aXL9y9x1Em745cwCAFgN+PNzzJpV9ZeJX/Tk0SrMz89nZmYuLCxI3CxHFX/JDiwHkOsHgFWC32rMmlX1X83wV8HpdO7bt49TxpRgZVXxV3AbrAa5fr+fWQAAfsd7jRGrpvukJE+CpOpPSSrnY9X+xRr4fJn9sLCw119/HYnYc3z66acCO4LuCr+5MTY29vLLL4eEhBiNxvr6en7TQ2xH2n+xfZKrAj157IEFgpSK58WulEQ4/FWIjY09ffq09CLyg8Kq6/ukz0/JOPJAObl++a7+8ccfGo3m7t27FEVNTEyEhYX99NNP2EewZxYAwJrCe43BqqbLVJIXK8AjsxKNMgnlfKzaP1YDn2EYq9XKidg7HA6+rj7DMN3/R/roAY7S0tLAwMD+/v62trampiavduTL1yM7YlcFevLYAwsEdrDzileKFI54UXwCu0980uenZBx5oJxcv3xXjUZjRUVFWVkZRVGVlZVZWVkvvfQSJbnbAWDtIv0nmljVdJlK8ixB1YqVVPWXVs7H6q6LNfAFIvbt7e38Iwmwdkh/A89pdiF/kL49yY6vambSrvIfER9YwE81dl7xSpHCES8K1gcB6F2Sur58fX5W3pEHysn1++Sqx+NJTEysqqrSarVIl4G02wFgLePlbzBJyvMyleRJCvASqv4S8u9Y3XWSBj5fxN5gMPBF7H3Sbx8fH19cXOT7I23HJ/l6DglX+QgOLBB830CaV7BSEuEIFsUnSPtEvj4/JePIA0Xl+n1ydcOGDRcuXNi3b19DQ0NkZCR30et5BwCwBvHeK7ty5cq3336bkpLi8XjKy8vfffdd0p1iHXVS92AFf1GGNPAtFovFYrFarZxS2dNHbm7uDz/8QFFUS0uLuFG2fJb5gy7SPhkYGOD0KPn6/GazuaSkZGBgQMIBkkHl5Prlu0pRlNPpDAgIcDqd6Ar0ygAAg0+fejjVdJlK8iyheyCt6i+zV8bXXRdr4EsfSYC1Mzs7GxAQwO9Z8XtlSACY1CtDdkj+k+zLPz2BFR1YwIfUKxNYIIVDOnFAZq9MAFLXl6/PL/PIA+Xk+n06SmB6ejoqKurq1avh4eG9vb3cReiVAYAYLzUGq5ouU0meZFNa1Z8lK+dTBN11sQa+1xqDtZOWllZUVOR0Ou12e0ZGBnokLy/PZDINDQ3ZbLaUlBR+jcHaIcnXY+3LPz2BFR1YwP5bil88L3alsOGIVwH5I7DAnxG9S1LXl6/PL/PIA+Xk+uW7yrJsSUlJfn4+y7JnzpzZvXs36SkAALzUGDnq9xxYDXws0qr+rKRyPlZ3XayB7/XDQW1trdhOf3//nj17aJpOSkpqaGhAjzidzuzsbJqm4+Lizp07x68NWDsk+XqsfZ9OTxAcWOBVSx+7UthwxKuAnYI0lDihQCYyjzxYDXL93d3dNE1zn43cbndcXFxTU5NPFgBg7eBbr2xFSEhI6OzsJA1JrJKDCPv6+vR6vb9mZxhGrVYLfkO1HFA4MldBwAouytIc8Moq2TYAsGbxg7a/0qr+imKxWOLj4/01+4ofWIDC8fsq+N0BAACUwG/nx/yH+OSTT6Kjo3NycgYHBysqKiorK/3iBndgwauvvrpMOysVzqNHjzo6OgwGwzL9AQDgacbfH6Tk4semh9ls3rVrV2Bg4LZt27744gu/+MCybGBgYG5urvjPEn1lpcIpLCwMDw+/fv36Mv1RFOiVAYB/WfmzlgEAAACAw8/nYAIAAABPMVBjAAAAAKWAGgMAAAAoBdQYAAAAQCmgxgAAAABKATUGAAAAUAqoMQAAAIBSQI0BAAAAlAJqDAAAAKAUUGMAAAAApYAaAwAAACgF1BgAAABAKaDGAAAAAEoBNQYAAABQCqgxAAAAgFL8Dx33rqgJRRgyAAAAAElFTkSuQmCC) --- **Screenshot:** ![pleycs.com vulnerability](/twimages/screen-1265570.jpg) **Mirror:** [Click here to view the mirror](<http://1265570.openbounty.org/mirror/>) ### Coordinated Disclosure Timeline Vulnerability Reported:| 19 August, 2020 12:24 GMT ---|--- Vulnerability Verified:| 19 August, 2020 12:30 GMT Website Operator Notified:| 19 August, 2020 12:30 GMT a. Using the ISO 29147 guidelines| ![](/images/done.png) ---|--- b. Using publicly available security contacts| ![](/images/done.png) c. Using Open Bug Bounty notification framework| ![](/images/done.png) d. Using security contacts provided by the researcher| ![](/images/done.png) Public Report Published [without any technical details]:| 19 August, 2020 12:30 GMT Vulnerability Fixed:| 9 September, 2020 17:51 GMT ---|---