logo
DATABASE RESOURCES PRICING ABOUT US

ijtrichology.com Cross Site Scripting vulnerability OBB-1281449

Description

Following coordinated and responsible vulnerability disclosure guidelines of the **[ISO 29147](<https://www.iso.org/standard/45170.html>)** standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence. Affected Website:| **[ijtrichology.com](<http://www.ijtrichology.com>) ** ---|--- Open Bug Bounty Program:| **Create your bounty program now**. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| **[XSS (Cross Site Scripting)](<https://www.owasp.org/index.php/Cross-site_Scripting_\(XSS\)>)** / CWE-79 CVSSv3 Score:| 6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N] Disclosure Standard:| Coordinated Disclosure based on **[ISO 29147](<https://www.iso.org/standard/45170.html>)** guidelines Discovered and Reported by:| **CoderYounes ** Remediation Guide:| **[OWASP XSS Prevention Cheat Sheet](<https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.md>)** Export Vulnerability Data:| Bugzilla Vulnerability Data JIRA Vulnerability Data [ Configuration ] Mantis Vulnerability Data Splunk Vulnerability Data XML Vulnerability Data [ XSD ] Vulnerable URL: ![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAAA3CAIAAABVZQ1/AAAACXBIWXMAAA7EAAAOxAGVKw4bAAAQXUlEQVR4nO3df0wTZx8A8LPWUuAAKaUi1AHOMbIQ1xBGcGOJm2YjrCGVKTrGtE6jSIgSok7RMMY2JAqGbY6YZSbMkcwsjhhiFmc6tjSEKSAW1jGsTEvB0ikwYBVLrd77x7P3ct6v3qBHC/t+/uJ57rnn+T7Pc+3DXenDIoIgMAAAAEAEEn8HAAAAYMGCNQYAAIBYYI0BAAAgFlhjAAAAiAXWGAAAAGKBNQYAAIBYAmKNSUxM7O7u5kqCAAfzBQDg4v815tdff338+PHzzz/PmgQBDuYLAMDDyxozMDAQFhbGemhiYuLYsWNcSeGam5tzcnK4kmKjdZBM8neHZ1gEFphl+cDBM1+z7NT8HROmv/76a/v27dHR0XFxce+9997Dhw/F7h1Z/8DAQGRk5IxPB2CWZn4fMz4+XlVVxZUUzr9rTHx8/MjICDPJ3x3aWf9lPPM1y1FaSIOs1+vdbrfJZGppaWlraysvLw/w3gV4eGAe8fOzsuHhYYvFsnbtWtbk3AgKCuJJCjzrv8nrfM1ylBbGID948KCrq+uLL76Ii4t79tlnT548ef78eUzk3kml0qSkJOoP/9bCGHzgd4LWmE8++SQxMTEqKuqdd96ZmJjAMGxiYiIhIcHpdC5atOirr76iJk+ePBkWFnbixIlly5ZFRkZu27btwYMHXDU3Nze/9tprS5YsoSU3bNhw4sQJlNnd3R0UFITaxTBs9+7dzzzzDM/RAwcO8J9+4MABMgDWZ2W03qHMY8eORUdHL1++/MyZM7SzHj16dPjw4WXLloWGhm7atGl0dJRr3DAMu3///u7du6Ojo1esWPHBBx88evSIOSxcZYaHh994442wsLDExMTa2lr0DOTzzz9//fXXyXOPHDmybds2WoWsEbK2grpWW1ubmJgYGhq6efPm0dHRAwcOREdHR0VFbd++/f79+8zp27x588cff0zmr1mzhhw3lDM9Pb1jx46wsLD4+Pj3338ftcU/Tbt37yZPFx5VR0fHmjVrgoODo6OjN23adOfOHZ6h4wqMiqvCjo6Ol19+OSwsLC4u7s033/z9999RkMwrPzg4eHBwMDQ0FJ3Y398fGxtLHRzhvePqBVNcXNy1a9fQD1evXkWZP/zwA1d5EiojUnjMQSPrp76+MO7XFM3t27dDQ0OvX7+OYdjo6GhkZORPP/3ktY9gLnlfY5xOp8lkamtra29vt9vthw4dwjAsIiKir68Px3GXy1VQUEBNbtiwwel0tre3d3Z2dnZ2dnV1HT9+nKtyrgdlWq3WYDCgzIsXLz5+/PjSpUsoaTAYdDodz9Hs7Gz+07Ozs/m7TOsdGoS+vj6z2dzQ0JCZmUkrf/z4cYPBYDAYLBZLbGxsb28v17hhGLZ371673d7V1XXp0qXm5ub6+npmAFxliouLZTJZf3+/wWA4e/YsytTpdEaj8e+//ybHMDc3V0iEXK2gyFtbW00mk91uT05OHhkZ6enpuXLlitVqLSsrY85XXl7ehQsXUObw8LDJZNLpdNQAKisrp6amenp6Ll26ZDQaT58+jXmb5VdeeYVag8Courq6du3a5XA4zGazWq0uLi7mGTquwKi4KtRqtXq93maztba2ZmZmyuVyFCT/lX/jxo39+/fX1NTQ8gX2jqsX0QwYG71ev27dOrT2MHV0dKxbt06v1zMPzTI8EuugYWyvL9YrltnNxMTEsrKykpISDMPKy8uzs7Nplw3wP4KX1WrFMGxychIl29raVq5cSR7CcZxaEiXRKTabDeU3NTWlpaWhn202W0JCAnmK0+nEcXxsbIyZtNvtISEhLpeLIIj09PTS0tL8/HxUeXh4uM1m4znqdrv5T3e73cywmb0g81GPyDiZZ6lUqq6uLiHj5vF4cBy/desWym9ubs7IyKBVyFXG4/HI5XIyv6mpaenSpejnjIyM8+fPk/WgjlMxI+SJBMOw8fFxlN/a2iqRSKampsiOrFq1ijlfU1NTaF4Igqivr8/JyaF1SqlUOp1O9LPJZEpPTye8zXJ/fz9tCoRERdXf3x8TE8M/dKyBcSErHBsbk0qltHHmufKRoaGhlStXnjt3jmC7wLz2jqcXQwys8TudzqqqKoVCkZeXZ7FYyHyLxZKXl6dQKKqqqtBo+DY8hHXQCLbXF8F2xXJ10+12JycnV1RUKJVKh8PB2nHgR97XGNpbMHnd8Lw7y+VyMr+3t1elUqGfPR6P3W4nDzU1Nb366qtcSY1G09LS4nA41Gr1+Pi4SqXyeDxffvllbm6u16NCCnjtBfU1Ri1DyxkfH5dKpR6PR8i42e12mUxG5lssFvSeRS3PVYaW39vbS85FdXW1Xq8nCOLUqVN5eXnEk1gjFBIJ8eSM05K0+dqyZcunn35KEMT69esbGxupVY2NjWEYpvw/hUJBXhI808QzBTxRdXV1rV+/PjY2FjXEOuzk0PEERmKtEPVXo9GUlpbW1NT8/PPPBO+Vj2RkZKAhIngvMK7e8VwA/8rY2JhOp5NKpWSOVCrV6XTkKiJeeMxBY9ZPcFyxPNDdMDm2IKBI5/CWCVu8ePHy5cvJJP9flGVnZxsMhlu3bmm12oiICI1GYzQaySdd/EeFFPB518SoVqDc3Fz0hOHixYuszzowESKkzVdeXt6pU6cKCgra29ubmpqoJV0ul0Qi6ezslEr/ud4kkn8e0vp8mnQ63c6dO0+fPi2Xy4eGhrKysngK8wTmtcJvvvnm2rVrZrPZbreXlpa++OKL+/fv52lreHi4p6fnl19+mVm/+DEfjt27d4+15B9//FFeXm40GisrK8nMysrKmpqaoqKiysrKp59+WowIEeagffbZZ1yFmVcsVzcdDodEInE4HD4PGPgA/xI0s/sYjPLE4MKFC7QnBojH41EqleSdNS1JEERbW1t6enpOTs73339PEER9ff3evXtjYmLQnRD/USEFvPZC4H0MQRAqlcpkMgkZt9k/K7NarSif9iwiJSXFYDAsXbqUfEBHxYxQSCQE9y+tzPlyuVwKhaKuro68U6RWheM489EHwTtNM/hV+u7du9Rfz00mExkt19BxBYZwVUhjMpnUajX/le/xeKjDNYPe8fRC4LOywsJCHMdLS0tHRkZoh0ZGRkpKSnAcLyws9Hl4rNCgMetHmFcsVzfHx8djYmLOnTunUCh6e3t5WgR+MfM1xul0SqVS8qkumUSvtI0bNw4NDZnNZo1GU1FRQdZAPo01Go0pKSlkPi2JqFQqlUqFThkaGgoPD9doNAKPei2A8rnWGGrvvK4xVVVV6enpPT09Q0NDxcXFRqORZ9x27tyZk5Njs9nMZnNqaiq6wZ+cnJRKpX19fej5AGsZgiA2btyo0+msVqvZbF69ejX1NVxeXr569WqtVsscatYIuVoR+IbCOl/5+fnh4eHffvstc5QKCwszMjLQL7DHjx+vrKz0Ok0ze1amUqnq6+vHx8ctFotOpyPzuYaONTDq0LFW2Nvbm5WV1dLSMjIyYrPZdu7cqdVq+a98WrUz6x3PBSBEQUEBuQawslqtBQUFIoXHOmjM+hHWK5ZVUVERej780UcfrV27VsAwgDk18zWGIIiKioqQkJCGhgZqsra2Fsfx6upqlUq1dOnSrVu3kh8PUmvbv39/WVkZWRUtieTn52/cuJFMpqWlUcvwH+UvwHq/QkuSvfO6xng8noMHDyqVSrlcrtPpRkZG+NfmXbt2KZVKtVpdUVFBPnQ+dOgQOZhcZRwOh1arxXE8ISGhurqaOhcmkwnDMHIuvEbI1YrANxTW+bpw4QKO46zT7XK5SkpK1Gp1SEhIdnY29Td6rmma2duc0WhMS0uTy+UxMTGlpaVkPtfQMQOjtcVaodvtrqioSEpKkslkKpWqoKDA4XCgE1mvfNaYZ9A7ngvAt8QIj3XQmPUjrFcsU2dnJ47j6N7R5XIlJCScPXt2tp0HPuVljZkB1iuGKSkp6cqVK1xJfxEYfCDo6+ujfqTsdDrlcjntj3PEEyDzNTO0ofOVOb54ROqFrwR4eGDOzOln/lQ3btzgSQKvTCbTypUryeTly5czMzNnsDPVzMzr+aIN3TwV4L0I8PDAnPH/vsuB4+HDh21tbWq12lcVdnd379mzh7/Ft956688//xRY4YcffnjmzJl79+5dvXq1rKyssLAQ5U9MTKC/Wp5txAsX19DNLwHeiwAPD/iHz++M5tHjJhq9Xq9QKJqamnxVoUajqa6u5i+zdetW9CmrEEajMTU1VSaTrVq1qq6ujsyXyWS5ubnMb7cBEtfQ+dAcXPlz0IvZCPDwgF8sIgjCt4vWwMBAQkICLbOurm7fvn2+bSgwTUxM1NfXHz58eHR0VKVSTU1NUfcWnJ6e1uv1Fy9eJLd+uX79enZ29vDwsJ/iBQAAEYnyrAxtZ0JF7vK04JH/FMDpdIaEhNAWmKysLI/HQy2vUCicTudcRwkAAHNCrM9jgp7k36/BBwiHw7F+/XrmfogAALBQeV9jmDvAU/f6joyMfPvtt8kt2bmwbt/NmsnVHK0YTyvMzdUFNoQJ3sacqyHqPwX47rvvaOHFx8cfOXKEf6CE7L4OAADzhfc1hnUHeKfT2dPTgzaut9ls1P3eubBuj8/M5GqOVoxrM3OuzdUFNoQJ3sactSHa/zgQPg0k/t3XAQBgnuH/kwDWXa2sT25c39raSm74T/x/vzIlRXFxsZVt+25mJk9ztHNZdy6ycmyuLrAhsqTXbcy5GiK4dxCg9pprZwGCe/d1AACYj7x8B/Pu3btutzsxMRElk5OT0dsrjuPkv8lTq9Voj3RSSEgI2tqETE5OTuI4zvyGIC2TpznauXFxcawBy+XyFStWkKfbbLZ/1RAqGRERQXYtPDw8ODgYJWNjY8l/cs7V0CyFhoYePny4sLDw3Xfffe655x4+fOiTagEAwC9E+Z6/RCKhrQGTk5O+bUL4ZubzDuvu6wAAMB95WWNUKpVMJrt9+zb6lb+vr4/53RcfEt4c9T6JyuVyDQ4OojsMi8Xy1FNPzbIhLgIb+rf27NnT2Ni4a9cui8USFRXlkzoBAMBfvHzmv3jx4i1btpSUlAwODv72228VFRX5+flC6p1+0uPHj4WcJby5OAbyUGlp6Z07d9DpWq3Wt/2iYm1IqVS6XK6bN29KJBLaV2FYeTwe8h9kYRjmdDrNZnNtbS0sMACABcD735XV1dXFxMSkpqZmZWXl5OQUFRV5PQXtAUzV0NAgMKAZNEeF43haWlpqampmZubq1asPHjw4xw2FhoYePXpUo9FcvnwZw7CbN2/y12Mymaj3QF9//XV8fPy/igQAAAKW7/eS8aOBgYGUlBRymxa/N7Rv3z6z2fzjjz9yFZienk5OTj569OiOHTt8HSMAAPif3/b2/y+oqanh+twICQoKamxsfOmll+YsJAAAmEuwt7+IlixZ8sILL/CXgQUGALCAwRoDAABALAvq8xgAAAABBe5jAAAAiAXWGAAAAGKBNQYAAIBYYI0BAAAgFlhjAAAAiAXWGAAAAGKBNQYAAIBYYI0BAAAgFlhjAAAAiAXWGAAAAGKBNQYAAIBYYI0BAAAgFlhjAAAAiAXWGAAAAGKBNQYAAIBY/gdorRx1TCVHtQAAAABJRU5ErkJggg==) --- **Screenshot:** ![ijtrichology.com vulnerability](/twimages/screen-1281449.jpg) **Mirror:** [Click here to view the mirror](<http://1281449.openbounty.org/mirror/>) ### Coordinated Disclosure Timeline Vulnerability Reported:| 27 August, 2020 22:11 GMT ---|--- Vulnerability Verified:| 27 August, 2020 22:25 GMT Website Operator Notified:| 27 August, 2020 22:25 GMT a. Using the ISO 29147 guidelines| ![](/images/done.png) ---|--- b. Using publicly available security contacts| ![](/images/done.png) c. Using Open Bug Bounty notification framework| ![](/images/done.png) d. Using security contacts provided by the researcher| ![](/images/done.png) Public Report Published [without any technical details]:| 27 August, 2020 22:25 GMT Vulnerability Fixed:| 20 September, 2020 20:06 GMT ---|---