Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
openbugbountyDevl00pOBB:1288737
HistoryAug 31, 2020 - 7:06 a.m.

ywxx.com.cn Cross Site Scripting vulnerability OBB-1288737

2020-08-3107:06:00
devl00p
www.openbugbounty.org
5
JSON

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:

&nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence;
&nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence.

Affected Website: ywxx.com.cn
Open Bug Bounty Program: Create your bounty program now. It’s open and free.
Vulnerable Application: Custom Code
Vulnerability Type: XSS (Cross Site Scripting) / CWE-79
CVSSv3 Score: 6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N]
Disclosure Standard: Coordinated Disclosure based on ISO 29147 guidelines
Discovered and Reported by: devl00p
Remediation Guide: OWASP XSS Prevention Cheat Sheet
Export Vulnerability Data: Bugzilla Vulnerability Data
JIRA Vulnerability Data [ Configuration ]
Mantis Vulnerability Data
Splunk Vulnerability Data
XML Vulnerability Data [ XSD ]

Vulnerable URL:

![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAAA3CAIAAABVZQ1/AAAACXBIWXMAAA7EAAAOxAGVKw4bAAAXW0lEQVR4nO2df0wb5f/Az9pBKYVBabsyus9KXTpCCLJlVqaohMyJ2JCK+4GI23QEESebOHXDZSJDnMqMkknIxAUXomRZsCFkmQtOrQtuk80OcTLCaoe1q1vHCuuwg877/vHEJ/e9e+5auhU2fL/+6vPcc8/zfr/7PPe+53nu3ncXTdMUAAAAAIQB0XQLAAAAAMxYwMcAAAAA4QJ8DAAAABAuwMcAAAAA4QJ8DAAAABAuwMcAAAAA4eK28DHJycmnT5/mS/5nATsAQGjA2Ll9mH4f88svv/zzzz/33nsvMfmfBewAAKEBY+e2IoCPOX/+fExMDPHQyMjIu+++y5cMno6Ojvz8fL7kf5Yw2eH8+fPx8fEhnBjy/xskV65cee6555RKZVJS0htvvDExMUEJdr9bzvfff79o0aLo6OilS5f+8ssvU9OoMJcuXXrmmWcSEhKSkpJeeeWV69evUxR19uzZxx9/fPbs2XPmzFm/fv3IyAjzlKtXryYmJp49e5aZKaDaVFp4UgTsqFhybsnQxs7Vq1c3btw4f/78qKiohQsXvvfeezdu3BAW4C4G8+bN27p168TEBMukzGJ33313cnLyjh07UM3hHlO3C7QgdrtdJpMFc0igpDAGg+Hw4cN8yf8sYbKD3W6Pi4sL7cTQ/t8gyc/PLyoqcjgc/f39WVlZW7ZsQfk+ny98jTJRq9Vms3l4eLi6unrJkiVT06gwubm5zz//vNPpHBwczMnJ2bx5M03TOp2upKTE6XQ6HI6ioqLCwkLmKbW1tagYEwHVwv23hkzAjool55YMbeysWLHCZDL19/dfvHixq6srOzv7xIkTAQXw+Xw+n29sbKy3tzczM3Pbtm30/++0rGJWq9VgMNTU1NC3sfFvLdPsY5xOZ1xc3Pj4ODH5nyV8drg9fczY2JhGo/F6vSh54sSJBQsWhKktPhQKhcPhoGm6s7MzPT19ilvn4vV6JRIJyyY+n++jjz4aHR1Fmb29vRqNBp8yOjqalpaGj2IEVLttL3MBO6rD4Vi8eDH6YTAYcH5oY2dsbEwsFns8nklJyDLd0aNHU1JSgimWmppKPDQjCWo/5uOPP05OTk5ISHj22WfR3HxkZESr1Xq93rvuuuvzzz9nJj/88MOYmJgPPvhgzpw58fHxa9eu/fvvv/lq7ujoWL58+axZs1jJTz755LHHHsPF3nzzzbVr1z755JMffPAByjl9+nRkZCReKHjhhRdKS0ujo6N//vlniqIuX74cHx//7bff/v7779xMlgw3btzYunXrnDlzoqOjV65cefnyZYqirl279sILLyiVynnz5r399ttobotmwbt27UpOTo6Ojl69evXly5dfe+01pVKZkJDw3HPPXbt2jasjt35mPfHx8c888wxrxQPbAZXkGhPlv/vuu0qlMjEx8bPPPuOTmaKoP//887HHHouJiVm4cOEXX3yBMrkzerzgwBWY9XezFPzpp5+WLl0aFRWlVCpXrlz5559/4vyHHnooJiYmKSnpqaee+u233/jUiYqK+uOPP6Kjo9GJg4ODc+fOZQl54cKFJ554IiYmJjk5edeuXQILKXyq8bWOKC8vz8vLe+mll6qqqrCVmBUST+TTnU/a69evr1+/PiYmZv78+W+99ZbAakx0dPTff/+NbTI+Ph4REREZGblx40ak3cTERGtra05ODj5l9+7dmzdv5q59CajG5Ndff01ISPjhhx/4RA1hVL722msUqWcSOzCxo/KRlJR08uRJ9OP48eM4n3lJ+frrr4UrwQX++ecfiqLEYjG3DPH6QEQikfh8voDLjxKJxO/3c8dUQGnvVIRdkN1upyhq3bp1eMJeVlaGDvX396M5oN/vZyZtNhtFUStWrBgaGhocHExLS6uuruarPy8vr7W1lZt0OBwSiQTfkaWlpZnN5ubm5uXLl6Oc2tpasVjc1taGkjqd7siRI7W1tQ8//DBN0+Xl5UVFRbgkN5NJXV3dkiVLent7HQ5HRUWFxWKhafr55583Go1DQ0N9fX2LFy9uaGjA1iguLnY4HAMDA1lZWQqFAhlnYGAgOzu7oqIimPpRPWvWrEEnZmVllZeXE82CSnKNiWtwuVyHDh3q7+/nk5mmaZPJxKwB3R5yp6H4tpFoENbfzaSpqWnv3r0ej8flcm3atMlkMqF8lUrV3Nw8PDxss9k+/PBDm83Gpw6T/v7+uXPnomUKppAFBQUmk8nlcg0ODqanp2NpFRz4VBNu/f3335fJZFKp1Ol0skQSOJFPdz5pq6qqCgsLbTbbmTNnsrOzd+/eTVSB24tyc3N37tyJk+3t7WKxODs7Gy/LeL1ehUKh0+nmzp1bVVXF/JuEVUO28ng8er1+z549+BBX1NBGJU3qmcQOTOyoQdoHw7ykqNXqnJycnp4ebrETJ07k5OSo1Wqck5+fbzQajx49iueOCOJwoDkjyOPxGI3G8vJy4QWeixcv5ubmvv766zRnTAlIe0cTlI/Bvaq7u1un0+FDRFOiU4aGhlB+e3s7XgIeGhrSarX4FK/XK5PJhoeHicnMzMwDBw7QjAVNp9MplUrRoDIYDJWVlchn2O322NjY8fHx8fHxlJSU6upqhULhcrlQPcRMJiqV6tSpU8wcv98vk8lsNhtKdnR0ZGZmYtXwhPro0aMikWhsbAwbh7jCw62fZdWjR49iq7LswGdMlI9tJSCz3++XSCTMGgL6GK7A3PJ8DA4OonE7PDwsFotZuykCfQPhcDh0Oh2+SOFGkRZYO6wFOoWFsI8htt7c3Jyenu5yubKzs3Nzc5EiKpUqSLFZugtIq1Ao8CUMLc0TVWDVXF1dvWzZMqbbGBsbs1gsaWlpTU1NKKe+vt5kMrndbnSBxncYAVVDtsrLy2Pd6BBFDWFUEnsmsQMTO2ow9sFwLyl1dXVyuXzVqlUDAwMoc2BgYNWqVXK5vK6ujulORkdHt2zZotfrxWLxggULqqurkcGJw4H+t1dgtxcREVFUVOT1erndDxeTy+USiaSsrAyZi1WSKO0MYHL7McwrkYCPkUgkOP/MmTO4Q/v9fuadVHt7e05ODl9y586d69ato2l69+7dq1atQpkZGRlHjhxxuVwajcbj8ahUKr/f39zcXFBQgAp0dXVRFIUHmEAmwuPxiMVi1r250+mMiIjAyYGBAXTtELAGNylQv3A9TDvwGZN7xeeT2el0smoQ9jFEgYktYk6dOrVs2bK5c+eiUYR1KSwszMjIqKysrK+v/+677wTUwWRmZjL/JtwoSzusBREBH8PXOr6OOJ1OhUJRV1d37NixjIwMXAPfiUTd+aQdHh5mXpXkcjlLfSJms1mn07ndbu6hgwcPoj0Jmqb1ej2+QHd0dGAvGFA1mUxWVVUlEon27t2La+YTNYRRSeyZxA5M7KiTgnUNwbqYTCaxWIySYrHYZDIJbL34fL7u7m60gc83HGiattvtUqkU+byWlha1Wo1uN7ndDxdzOp3MqohjiiXtDICw/hg+7r777sTERJwUfmq5oKAgKyuLoqjOzs5169ahzLy8vK6uLpvNZjQaZ8+enZGRYbFYurq68vLyUAGXyyUSiVwuF7NdYiZLsFugHj+Tqv92eHp7UgKbTKaSkpKmpiaJROJwOHJzc1H+l19+efLkyb6+PqfTWVlZ+cADD2zevFmgngsXLvT29v7444+TElWpVLJyenp6JlXDpUuXhoeHFy1aRFFUYmJiS0uLyWTq6elB3U8YPt2J+Hw+kUjU09OD1/1FIhFRhUuXLqEfv/76a1lZ2aFDhxISEiiKmpiYsFqt9913Hzqq0+mcTidFUVeuXLHZbPPmzUP5er0e5Qej2tjYWHt7e1tb24YNGwoKCmbPni0gamij8iYRsA8L7tg5d+7c9u3bLRZLTU0Nyqmpqamvry8vL6+pqbnnnnu4lURGRi5durShoaG4uBj1WL7hIBKJkpKSKIpau3ZtfX19c3Pzyy+/LFAsIFxpZwLCLii0eQzFWFgwm83EhQW/369QKPAMmpVEpKWldXV1xcXFMRfrDAZDfn7+wYMHaZpubGysqKhQq9VoeuTxeNRqdVtbm1wuP3PmDDqFmMlEpVJZrVaWbHxrZZOdxxDrF6iHZQc+Y3LvgIJcKzObzait0dFRkUjEXK9jrpWxBCa2iLh48SLznstqtRKNYLVaNRqNcN/w+/2sDsBaK7Pb7ShfeCGFTzW+1lHlzNWJ0tJSiqL6+vqwGMQT+XQXkFYmk3EXXvjWgoaHhxcsWPDFF1/gkj6fTywW47Wgjo4OtISFXAK2ntlsZv77wqqJxWI0LoxG44YNG3BJoqj05Ecl31oZtwMTO6qAfVhwryFlZWUymayyspI1C3S73Zs2bZLJZHh3maZp1jaMxWJBK9jE4UBzRkRbW5tGo/H5fME/cMs6xCftnU7oPsbr9YrFYtx9cRJvkDocjr6+voyMDObOKl6gR6vJOJ+VRGzfvj09Pd1oNDIzVSqVSqVC9TgcjtjYWDzxLy8vR/P32tra7OxsgUzmPkFdXZ3BYEB7ehs2bEB7eiUlJfn5+dw9/yB9jHD9AvWw7MBnTGLHJcpM/7uVimvAbRkMhpKSEpfLhZ47YO75cw3C+ruZCqpUqsbGRo/HMzAwYDKZUD1nzpzJzc09cuSI2+0eGhoqKSkxGo3CfYPmvA3DVBO9vmC32/v6+pi76ESIqgm0Xl5e/sADD/T19bnd7paWFoVCoVar0bsOwicSdReQtqysLDMzE83t3n//ffSeBBG/379s2bKKigofA5qmjUZjYWGhw+GwWq2pqamNjY34X87NzbXb7b29vampqXjhK6Bq2ML9/f0SiaS3t1dY1MmOSprUM4kdmK+jBgn3GlJcXIw9PRe73V5cXIx1V6lUe/bscTqdHo8HVVVXV0fzDAeaNAZTU1ObmpqC9zGsMSUs7Z1L6D6Gpunq6mqpVNrS0sJM7tq1SyaT7dy5U6VSxcXFrVmzBu+KM2vbvHlzVVUVroqVRFitVoqicP2IoqKiFStW4OSSJUvQiT09PTKZDN0H+Xw+rVa7b98+YiZLKb/f//rrrysUColEgnZNaZr2er2lpaUKhUKj0eDdvyB9TMD6Beph2QGV5BqT2HGJMtM07XA4li9fLpPJ9Hp9fX09bgs9KCiTyVJTUxsaGphzKa5BaMbfzWrdYrEsWbJEIpGo1erKykpUz/j4eHV1tV6vj4iIUKlUxcXFLpeLTx2iPVlqulwuo9Eok8m0Wu3OnTuFL0BE1QRa9/l8W7Zs0Wq1Eolk8eLFra2tNptNKpWiC4rAiUTdBaT1+XybNm3SaDRSqTQvL481b2PpzlpyQJVcvHixsLAwLi5Oo9HU1tbi8m63u6ioSC6X/+9//2M+gRaMarhwRUUFeghTQNRJjUoEt2cSOzBfRw0S4jUkeA4ePJidnR0bGyuVStPT0/EjdnzDgatCa2urVqsdHBwM/sVB1iV0RhLAx4RAkA8g6fX6Y8eO8SUR6DU05sMnMx6WHYI05p3CZNXhK4/uOsPd+s2fiAhN2tuW23ZUEq8hwLQzpXv+TFghlVhJxOHDh7OyskKLr3WHQrQDwMJqtep0uumWIljuLGkDctuOShg7tyfTGXf59OnTL774It/RkZER9HzkVIp0y5mYmHj66af/+uuvIMtDTHLMxMREd3e3RqNByR07dnz22WeXLl06fvx4VVVVWVnZ9IonzJ0lbfDMjFEJTCXT6WPWrVun1Wr5juK17ymU6NYza9asiIgI4Wd2MRCTnElpaemGDRvq6upQMjs7u7GxUaPRFBcXV1RUrF27dnrFE+bOkjZ4ZsaoBKaUENbXQl6e9ng86FENmqbdbrdIJCK+7zopSYjb7IjR0VG1Wo3CVLBav4Xk5uaid62ZMjB/nzp1ihmyQoDa2lrmw6NEWlpaUlJSJBJJSkoK8a1STDBWvVVdAgAAgMiUzmPQVR799nq9Uqk0MjLyltQ8f/58t9vNykRvUS1cuJDb+q3i7Nmzp06dQrd1RBkoipLL5V6vN5jaAr59+emnn27btq2+vt7hcDQ1NTU0NOzYsSM0yRHoidj+/v64uDj8gOzNVAgAAMBk2vb8mYjFYr1ef5OVsNzV1atX29rauru7b7JaYRoaGkpLS6OiolgyhKDRhQsXUGBNgTI1NTV79+599NFHKYp65JFH9u/fn5WVVVlZiaPzThYksEQioTgGBAAAuHkCz2P4opdjiOHKubG7BeLD4zDdFEUFDBUeTKR6ihPnnNU6MUo58UMAq1evfuedd3DJpUuXYuFHRkZQBA6uDEyNBGBG82bGJOdGxUfNORwOphNatGjRd999R7Q2sxXhmPYBBQMAAAidgKtp3OjlrIV+YrhyOyl2NzOWNd9uQcBQ4cFEqifGOWe2ToxSTpM+BHDgwAEc7wSF7cPR9Orr69esWYMb5dOImM8NLc6MSc6Nik//+70D4n9EtDYruo9ARH3uy48zNcw4AABTzOQ2eFH0ctZFkxgD3M6J3U3z74ozEQ4V7vP5golUT4xzzirDjVJOkz4EMDY2Fhsbi1psbGzMz8/HNeh0OqvVKvzcATefGFqcGZOcGBVfoP6A1rYHCk3P9TEzNcw4AABTTOC1sp9//vnRRx9NSkpSKpUGg4G1J3zlyhW3263VapVKpVKpzMnJwTEwZDJZCC9qJSYm6vX67u7uv/76y+l0bt++vaur68aNG11dXcuWLUMhx3F82ZSUFGIle/bsaWhoSEhIuOeee+rq6vbt28ctYzKZOjs7KYrq7OzMy8tDuxGzZs3avXt3dXX19u3b58yZQ1FUVFRUXl6e2WymKKq9vR2/GfDVV19ptdoQnjNOTU0dHx+32Wxbt27F+yiHDx82GAzIXPHx8StWrMjMzHz11Vd37dr1/fffozIoxjhftcLWlkgkTKMNDQ0JCxkdHb1169bBwcHx8fHU1NRJKQgAAIAJ7GNMJtPDDz9ssVisVuvBgwdZR3EMcKvVarVae3t7UTijmwGFCu/s7AwtVDhfnHMWBQUFSJ3Ozs6CggKcz/0QwKpVq8xm85UrV06cOIGf+2poaNi0aVMI2tXU1FgslvLy8nPnzuFM1hNlX375Jfq01Pj4eGVlJQoYjiZbExMTzNpOnjxJ/MDzzXPu3DkUAXBGhRkHAGCKEZ7mEKOXsxZtiDHAiQs7wayV0YKhwvkCgDNr44tzzm2RG6Wc+CEAn88nl8s/+ugj/CU0mqYpipLL5ejzTSKRSKFQxMfHB7kfwwotTvyuAQZFxUe/NRpNV1cXPtTX1yeVSrmf3mO1G/BrC9y1spkaZhwAgCkm8H4MN3r56OioWCzu7+9He+nEGOB8gYFxLOuhoSG+HWxaMFQ4MQA4qzlinHNWJG2aFKWc+CEAmqaLiopiY2P379+Pc/CnLI4dOxYbG+twOI4fP070MYODg8QIsji0OCsmOTEqPjq0Z88ejUbT2dnpdrstFktqaiqKvBuMjxGIqM/1MTM1zDgAAFNMYB9DjF6+ZcsWHJKaGAOcb5qCY1mj3Xu+/WSBUOHEAOCs5vjinLMiabOilBM/BIAOmc1mmUzGDESPCbjnf+DAgfT0dKKaCFZMcmJUfHwUv+ev1+vxe/4BfYxARH2a5GMAAABuCXfRPAFFpoCNGzf29fV988030yXAtWvXFAqF0+kMXxDZ69evp6SkbNu2bf369XxlFi5cuG/fvvvvvz9MMpw/fz4tLe3q1athqh8AAICP6XzPv76+/uYfELgZpiBKeWRkZGtr64MPPihQBmKSAwAwU5nOuMuzZs267777pqv1KYtSLuxgAAAAZjDT6WOmF4hSDgAAEG6mcz8GAAAAmNn8d+cxAAAAQLgBHwMAAACEC/AxAAAAQLgAHwMAAACEC/AxAAAAQLgAHwMAAACEC/AxAAAAQLgAHwMAAACEC/AxAAAAQLgAHwMAAACEC/AxAAAAQLgAHwMAAACEC/AxAAAAQLgAHwMAAACEC/AxAAAAQLj4P/ZSSCYF1f0nAAAAAElFTkSuQmCC)

Research’s Comment:

![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAAA3CAIAAABVZQ1/AAAACXBIWXMAAA7EAAAOxAGVKw4bAAAQpUlEQVR4nO2dfUxT1/vAr1CgQCkgUBGrvIQAGoI4GYMFGXGbuq5hDSIaxibLCC4EGSNoGCaMaSYIM9kYI8a9BPxjW5aNEMIIMc1mCiOGIRYELB1hvBbGCqNYsLBCf3+c/G7ut/fclyIFlOfz13055znP85xz+vSce/t0h8ViIQAAAADADjhstgIAAADAMwvEGAAAAMBeQIwBAAAA7AXEGAAAAMBeQIwBAAAA7AXEGAAAAMBeQIwBth3BwcHd3d2brQUAbAsgxgDbiwcPHqyurh48eHCzFQGAbQF3jNmBw8PDYwOU20gMBkNZWdmaq4+MjGxZn4yMjHh7e/Mv/8EHH7i6utbV1VEvUv2zWcbybJe9KxsbG5OTk9dVL4Kw3ckkTzjw+GOnXtuYwcDUiq2tb5i3ARLuGGMymUwmk0aj8fLyQsdarXYDNNtg5ubmrl69utlabD4zMzNVVVV3797NyMigXt8K/gkMDNTr9ZzF2FW1U4xZMxvmWJ7ee7bZCsN4uyHgLOHi4kIQhFAoJI+dnZ3trRawWRiNRjc3ty27lYRG4JqZnJzUarVJSUnrpM5TxhN6DwDWwNqfx3z++efBwcE+Pj5vvfWWwWAgry8tLb377rseHh6BgYEfffTRysoKtRZa21ZWVu7atcvb2/vs2bOPHz9Gt/7444/4+HhXV1c/P79Tp05NTEygwmVlZX5+frt37/7mm2+wxUix169fDw4Odnd3P3369MzMzIULF/z8/Hx8fN55552FhQUW9QwGQ1BQkNFo3LFjB9ojohfDKoOlr6/Px8entbWVpcUvv/zy+PHjZJVLly7t27evsrISnXZ3d7u4uJBePXfu3IULFwiCWFhYOHfunJ+f3969ez/++GMkCqvYxMTE8ePHPTw8wsPDv/vuO7qSWFEzMzNWfkDQ/cM0ANh7H3XfkSNHPDw89uzZc/LkyYcPH6LrKysrH3744a5du9zd3U+dOjUzM0O3i7oxwjSQsKqSNDY2Hjt2zMnJiak61plYXzE52Wr3hrqHRreRXVvsUMf6kGVaUTUhFWPqBcTp06c/+eQT8jQ+Pr6uro7FLqsm0DT09vZ+88032T8Z+E9wxLVr11gMxDZBvUv3NlPPAuvIGmOM0WhUq9Xt7e0dHR06na6oqIi8dfny5cXFxZ6enpaWFpVKdePGDXrdjo6Ozs7Ozs7Orq6uiooKdL2rqys7O3tqaqq3t1cqlebm5qLCGo2mt7e3trY2ISGBqRipUltbm1qt1ul0ERERer2+p6fn7t27w8PDxcXFLOp5enpqNBqRSGQymdAeEbYYXRk6BoMhJSWlvLz8yJEjLC0qFAqVSvXo0SNUprGx8Y033lAqlei0qalpdXW1paUFnSqVSplMRhBEXl6eTqfr6upqaWlpbGysqakhbbdSLDc3VywW9/f3Nzc3Y2MMVpSPj4+VHxB0/zANAM7el8vlmZmZo6OjbW1tCQkJaH1MEERFRYVSqVQqlVqtNiAgoL+/n9Ph2IFEV5UKdaOMaRzSG2VyO6eTraDbyK4t01DH+pDJHCxMvYBIS0traGhAx5OTk2q1WqFQcFqHMBqNPT09aGCMjo6S847gPadYJnjn/8NkIPvwo3ubqWeB9cTCj+HhYS8vL/KYIIj5+Xl02t7eHhISQpb09fU1Go3oWK1Wx8bGWskhCGJ0dBSd1tfXx8TE0JsbHBz09/dHhWdnZ5m0QsVIsXNzc+h6W1ubg4PD4uIiqWFoaCi7esPDwyKRiMUKdmXI6jKZLCcnh3qLqcW4uLiffvqJrDs8POzm5mYymSwWS2xsbEFBQXp6OrorFouXl5fNZrNIJBoaGkLVGxsb4+LiSNupipnNZqFQSHUy2XdkAawouh/oBlpYBwB778/OzgoEAmSjFRKJpKury6pFK7voOmAHEpMJRqNRJBIhgUzVsc7E+orJyVatUycO3UYWba0ghzrWh3ymFdkQSy8gFhcXxWIxklZTU5OcnMxiF8vAaGtrY/9ksHWCY/uLfdoyOcHCOguAdYT7eQwWkUhELpwDAgJmZ2fR8b///qvX64OCgtDp6uqqQGDdhFAo3Lt3LzqOiIgYHR1Fx/fv37948WJ/f//y8vLq6urq6ipqyGpJji2GSnp6eqJjqVQqFotdXV1JDdHTTj7qsRSjK2PFpUuXWlpavv76a05RBEEoFIqmpqaTJ082NTXJZLLAwMCwsLD29vYDBw7odLqSkpKwsLCVlRWlUvnKK684OTlNTk4uLy8HBweTrkMTj67Y9PQ0QRBUJ1vpOT09zSSKJ9gBwOleb2/v1NTUuLi4o0ePBgQExMTEvPTSSwRBGAyG2dnZqKgoeissDmcaSEzcvn07NjaWFMhUne5MrK84nWwFk40sYIc6kw/5e4NJAomrq6tMJmtoaDh//nx9fX1mZiZ/nakDQyqVcn4y8J/gnAbynN0kTz4LAD6sMcYwYTKZHBwcOjs7yd51cOC7HadQKLKysm7cuCEUCsfHx0+cOPEkxZ5EPWyx5eVlduGLi4v19fU//PBDbm5uSkoKCngsLaakpKDNgaamJjSNZTKZUqkcGhqSy+Wenp7R0dEqlYrcKNv68HHv999/f+/evd7eXp1OV1BQ8OKLL37xxRfolqOjo13V2wpvlNlkI9NQp/uwsLDQJjVYegGRlpZWXV2dkZHR0dFRX19vk3As/OfUmif4k3z4AHaE53rHaq+MaTfAYrGIRCL6hgC1MEFZ8zY0NKA17/T0tEAgIIup1WovLy/6NgK2GKdK1FMm9awk0Iux72kMDw8LBIL+/n6LxSKXy3Nzc1lEkURGRiqVSi8vL7S90N7eHhsbm5yc3NzcbLFYampq8vLy/P39dTqdhXlpT1fMahunoaFh3ffKmLzN3vtWqNVqqVSKjiUSiVqtZmoRqwN2IDGZYDabfX19SZOZqmOdyWevjHTy/Py8g4MDdb+IuldmZSOTthbmoW4F8iGLNzgbovYCiclk2rlz52effZaSkoKuMNnFc2BY+M0plgnOp784hx/slW086x9j3nvvvbi4OPQVqaKi4vLly1ZyCIJITU0dHx/v7e2Njo4uLS1FtyQSSU1NzdzcnFarVSgU2BiDLcapEvWUST2j0SgQCLRaLVMxzhhD3tVoNEKhsKenh9MhJSUlUVFRcrmcap1EIkF75ePj42KxODo6mryblZWVnJw8Ojra29v73HPPVVVV0W1HKBQKqpPpH09YUUzSrPzD4m323u/v7z9x4sSvv/6q1+tHR0ezsrJI269evRobG9vT0zM+Pp6bm6tSqfjEGOxAsupKhEqlioyMpIrCVseaz+QrJifHxsZmZWVNTU1ptdqEhATyOt1GurbUxyTYoY71IYs36N5j6QUq6enpYrH4xx9/JK9g7ZqfnxcIBBqNxmw22/rJYNMExxpIbR3bhJVwK28z9Sywjqx/jDGZTPn5+VKp1M3NTSaTkV8TqHXLy8slEomXl9fbb79NPplXqVQxMTFCodDf37+goIApxtCLcapEPWVRr7S01M3Nrba2FluMf4yxWCx5eXmJiYmcLarVaoIgUIuI9PT01NRU8jQmJqa4uJg8NRqN2dnZvr6+Uqm0tLQUzSusYuPj48eOHROJRGFhYZ9++ik9xmBFMUmz8g+Lt9l7f3l5ubS0NCwszNnZWSKRZGRkTE1NoVtms/nixYu+vr5CoVChUOj1es4YwzSQLP/blYjCwkKqJ5mqY81n8hWTkwcHB48ePSoSiQ4cOFBVVUVep9vI7ljsUMf6kN0bVt5j6QUqDQ0NIpGIKofJrqKiIs6BYeE9p1gmeEVFBd1AsnVsE3S7qGODqWeBdWSHxWLZyK25kZGRyMhI8p3dbc7CwoKvr69Op1tbGpLtjK0DKTw8/NatWy+88MLaqm9xnjFzgGeJdX7mD9jE7du3ExISIMBsAAMDA5utAgBsR+C9i03DYDBUV1enpaVttiIAAAD2AmLMpkHuLG+2IgAAAPaCV4ypq6vbv3+/q6vr/v37rd6jt5XAwMA17Bo/evTo/fffDwwMdHV1DQ8Pv3btGpnsiCxja9ZurEz+1fkkFWfPh7+0tPTzzz9DmsK1sbaBtF7VtxrPmDnAMwXnWwE3b96USqVNTU16vf7OnTuhoaH0NwLtTWpqqkKh0Gg009PTSqUyKSmpo6PD8r8vevLMycEpkz8s2TiwKnGWBwAAeMbgfq9s796933777auvvopO79+/n5CQMD097e7ubv8ISBAE8fjxY7FYrNfryVQxWGx6tYanzCcE3vYBAGCbw7FXZjAYxsfHqf+3cejQoTt37hA2ZkHH5hJnTzBOghIW0VMPUXef+CTn5yOTwCVgxxpLts4zyTw9Lz02Bfrk5OTrr7/u4eERHBx8/fp1eOUMAICnGo4YYzQahUKhk5MT9eLzzz+PFjH8s6Bjc4mzJxgncXd3l8lkZ86c+f3338m/gbGCZ3J+PjKxSeaxxlK9ZGuSeaYU6Lm5uc7OzoODg0ql8tatW/heAQAAeFpg30pjecjBPws6Npc4Z4JxKvPz80VFRWFhYQKBIDQ0FP0il/6jYpuyfGNlWpgTsBMMeeZ5JpnnkwIdpcAiHUjPyQ8AAPB0wfEbTIFAYDabme7yzIKOzSXOlGDcz8+PFPjPP/+gA7RPVVZWtrS01NXVVVBQYDabs7KymBTjk+UbK7OwsJApATtLnnlbk8wTDCnQp6enV1dXqQ7klAMAALCV4YgxaKvnv//+o26X3bt3z9aPP2wucexFlMKLCRcXl/j4+KqqqoyMDJYYY1OWb6pMlCPd3knmAQAAtgkcMcbT01MqlapUqpdffhld6evrS0xMRH/QZIVEInF2dv7rr7/QN3GNRkOuJAiCOHz48OHDhwmCkMlkcrkc/c6GfnHPnj10yQsLC9TX2EwmE8vqiiCI3bt3u7m5zc7OHjp0iKkMVqanp+fOnTu7u7sPHjzIIt8Kk8k0NjaGljJarXbfvn3861KRSCQODg4jIyOBgYEEQWg0mrXJAQAA2CJw/wazpKQkMzPzl19+mZmZaW1tTUtLKy4uxr647OjoeObMmfz8/LGxsb6+vtLS0vT0dIIgHj58+Nprr/32228zMzNjY2PV1dXR0dHYi1gFBgYGQkJCvvrqq8nJSYPB0NrampOTQ1/E+Pr6mkymP//8E51mZGTk5OT09fVNTk5WVlZeuXKFp8z8/Pzs7OwHDx5MTEycP3++tbWVhxuJgoKCiYkJZLVcLseqxImjo6NcLs/Pzx8ZGUGieFYEAADYovB5aFNbWxsRESEUCsPCwtj/aASbKxubS5xngnFEc3NzUlKSWCx2c3OLioq6efMmVgH25Px8ZFoYErCz5JnnmWSe5185TU1NyeVykUgUFBRUXl4Oz/wBAHiq2ejc/s8e9vuh5cDAQGJi4t9//73ukgEAADYGyIm5dVGr1SEhIZutBQAAwNqB/4/ZWly5ciUgICA5OXloaKi4uLikpGSzNQIAAFg7sI7ZWiQlJdXU1Eil0oyMjLy8vLNnz262RgAAAGsHnscAAAAA9gLWMQAAAIC9gBgDAAAA2AuIMQAAAIC9gBgDAAAA2AuIMQAAAIC9gBgDAAAA2AuIMQAAAIC9gBgDAAAA2AuIMQAAAIC9gBgDAAAA2AuIMQAAAIC9gBgDAAAA2AuIMQAAAIC9gBgDAAAA2AuIMQAAAIC9+D8dxc8R7+qY0QAAAABJRU5ErkJggg==)

Mirror: Click here to view the mirror

Coordinated Disclosure Timeline

Vulnerability Reported: 31 August, 2020 07:06 GMT
Vulnerability Verified: 31 August, 2020 07:57 GMT
Website Operator Notified: 31 August, 2020 07:57 GMT
a. Using the ISO 29147 guidelines
b. Using publicly available security contacts
c. Using Open Bug Bounty notification framework
d. Using security contacts provided by the researcher
Public Report Published
[without any technical details]: 31 August, 2020 07:57 GMT
Vulnerability Fixed: 2 September, 2020 16:35 GMT
JSON