logo
DATABASE RESOURCES PRICING ABOUT US

jofs.in Cross Site Scripting vulnerability OBB-1313635

Description

Following coordinated and responsible vulnerability disclosure guidelines of the **[ISO 29147](<https://www.iso.org/standard/45170.html>)** standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence. Affected Website:| **[jofs.in](<http://www.jofs.in>) ** ---|--- Open Bug Bounty Program:| **Create your bounty program now**. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| **[XSS (Cross Site Scripting)](<https://www.owasp.org/index.php/Cross-site_Scripting_\(XSS\)>)** / CWE-79 CVSSv3 Score:| 6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N] Disclosure Standard:| Coordinated Disclosure based on **[ISO 29147](<https://www.iso.org/standard/45170.html>)** guidelines Discovered and Reported by:| **CoderYounes ** Remediation Guide:| **[OWASP XSS Prevention Cheat Sheet](<https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.md>)** Export Vulnerability Data:| Bugzilla Vulnerability Data JIRA Vulnerability Data [ Configuration ] Mantis Vulnerability Data Splunk Vulnerability Data XML Vulnerability Data [ XSD ] Vulnerable URL: ![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAAA3CAIAAABVZQ1/AAAACXBIWXMAAA7EAAAOxAGVKw4bAAAWd0lEQVR4nO2dfUxT5/fA77BiLQW0ltoVpoAMCSHYEUZwY4YpWRrGSN0UHesUX+IYMYwRZcgcY+gYQSQMDTEGDb4kM8YRQhbDTHWkYwwRu8o6hg1jpesqmwUrq6xi5f7+eL67ub/71ttCBfV8/urz3HPPc865L6f3ufee+wyO4xgAAAAA+IGA2TYAAAAAeGKBHAMAAAD4C8gxAAAAgL+AHAMAAAD4C8gxAAAAgL+AHAMAAAD4izmRY6Kiom7cuMHWfLJ5qpwFAOBpY/ZzzM8//zw1NbVq1SrG5pPNU+UsAABPIR5yzPDwcHBwMOOiu3fvfvHFF2xN/rS1tWVnZ7M1HwEcPpL58MMPFy5ceOrUqRnRhuBw1is9ftIwd7hz5862bdvCwsLCw8M/+uijBw8e+Ns7Qv/w8PDixYt9WxcAAAznxGw2i8ViPos4JLlJSUm5dOkSW/PR4HK5uAXsdntAQIDBYHC73dPXRsDtLH89/tMwR8jOzs7NzbVarQMDA2lpaaWlpbifvSP2Z7PZvGjRIm9Xf2IiDwDTZJbnym7dumUymdLT0xmbj4wFCxZwCzidTpFItGrVqnnz5k1fG8Kjszz1TN+SOc6///6r1+uPHz8eHh6+cuXKurq6CxcuYH72TiAQxMbGkn94xZMReQCYPrxyzJdffhkVFbVkyZJ333337t27GIbdvXs3MjLS6XQ+88wzp06dIjfr6uqCg4MPHTq0dOnSxYsXb9269d9//2XT3NbW9tprr82fP5/SXL9+/aFDh1DnjRs3FixYgMbFMOy99957/vnnOZbu3buXe/W9e/eSbSDPbNy7d++9994LCwt77rnnPvvss4cPH2IYNjo6Snb22rVrr7zySnBwcHh4+FtvvfXrr7+yaUO/Dx8+HBUVtXjx4nfeeYcwg+zspk2bPv/8c6J/9erVp06dIuu5f//+jh07goODly9f/umnnyKrPPpInu0hzAgKCtq0adPo6OjevXvDwsKWLFmybdu2e/fuoRWvXbu2evXqhQsXhoWFbdy48c8//0T9t27dev3114ODg6Oiog4fPkzMHTEaRoFRJ2MMkZ30PWfhwoV//PFHUFAQUjg4OKhQKHzwjs0LRsLDw69fv45+XL16FXV+++23HKsQAmz7wPTNo8cN6f/iiy/CwsKeffbZEydOYBj28OHDffv2LV26NCgoaOPGjaOjo2wG//7770FBQT/99BOGYaOjo4sXL/7uu++4fQQAr/CcY5xOp8Fg6Orq6unpsdlspaWlGIaFhoYODAyIxWKXy6XRaMjN9evXO53Onp6e3t7e3t5evV5fU1PDppztZkxWVpZWq0Wd33zzzdTUVHt7O2pqtVq1Ws2xNDMzk3v1zMxMNnsKCwttNpter29vb29ra2tsbMQwbMmSJWRns7Ky8vLyLBZLZ2dnWlqaUCjkjl5fXx+KnsViKSsrozubk5PT2tqKOm/dumUwGNRqNVlJZWXlxMREX19fe3u7Tqc7duyYxxBRfEQbsbOz02Aw2Gy2uLg4u93e19fX3d1tNpsJq/R6/a5du0ZGRoxGY0RExO7du1H/7t27AwMDBwcHtVrt6dOnuQ2jwKiTLYYe95ybN2/u2bOntrbWB+/YvAijwbAhMQzDsLy8vHXr1qHcQ+HatWvr1q3Ly8ujL5qmeWQY4+Z0OgcGBoxGY3Nzc1paGoZhNTU1Wq1Wq9WaTCaFQtHf38/mZlRUVFlZWVFREYZh5eXlmZmZr776Kpv7AOAL3FNpZrMZw7Dx8XHU7Orqio6OJhYx3o9Bq1gsFtTf0tKSnJyMflsslsjISGIVp9MpFovHxsboTZvNJhKJ0KR2SkpKcXFxbm4uUh4SEmKxWDiWTk5Ocq8+OTlJ8RFZ7na7xWLx0NAQ6m9ra0tNTaXIjI2NCQQCjtl2clgo0evs7CSiR3Z2YmICOYXjeGNjY3Z2NkWPVCp1Op3ot8FgSElJ8RiiyclJyhZxOByEGQEBARMTE8Q2jYmJoTsyODgol8tRWIRCIRGWlpYW4v4Eo2EcIJ1sMeTYcxBWqzU6OvrcuXM4bX/z6B2HF1YabPY7nc6qqiqJRJKTk2MymVCnyWTKycmRSCRVVVUoGvR9YDrmETDGDeknDiKETCbT6/WU1dncnJycjIuLq6iokEqlIyMjbL4DgG94d8+ffP+TI8cIhUKiv7+/XyaTod9ut9tmsxGLWlpa1q5dy9ZUKpVXrlwZGRmJiIhwOBwymcztdjc1Nb355psel/IRoFtus9kCAwOJfpPJhE6yFGc3b96sVCqLi4tra2s7Ojo4IsYRPYqzmzdvbmhowHE8IyPj7Nmz+P/PahiGSf9DIpEQ8eT2kbxF2MygNPV6fUZGhkKhQAOhfkpY+vv7UT+HYWQYdTLGkGPPQaSmpqIo+eAdmxc+MDY2plarBQIBagoEArVaTWQRnPc+4IN59LjRn7VxOBwCgYDPwykE6IKYiC0AzCCCR3nNNG/evGeffZZocj+1nJmZqdVqh4aGsrKyQkNDlUqlTqcjZoG4l/IR8Jmvvvrq+vXrRqPRZrMVFxe/9NJLR44c8VYJxdmcnJyjR49qNJqenp6WlhaypMvlCggI6O3tFQj+t7ECAv43wznjPqrV6p07dx47dkwoFFqtVpVKxSHMYZhHnT7E8NatW319fT/++KNvrnFAnxy7ffs2m/Bvv/1WXl6u0+kqKytRT2VlZW1tbUFBQWVl5YoVK2bcPDL0uO3Zs4dRkv5wCoebIyMjAQEBIyMjM24wAPjlOgYjzXi0trZSZjwQbrdbKpUSkwOUJo7jXV1dKSkp2dnZFy9exHG8sbGxsLBQLpejKyHupXwE6JbzmSujYDAYIiIi2CLGFj26sy6XSyKR1NfXE5dZ5HXFYjF96sOjj97+0//777+J/+bINcJaoVBoNptRP3kah80wAjadZIgYcu85brebHDFvvePwgv9cWX5+vlgsLi4uttvt5H673V5UVCQWi/Pz83GfrmM4zGMDxY1xz5TJZAaDgdLJ5qbD4ZDL5efOnZNIJP39/dyDAoC3+J5jnE6nQCAgZqWJJjpTbNiwwWq1Go1GpVJZUVFBaCBmk3U6XUJCAtFPaSJkMplMJkOrWK3WkJAQpVLJc6lHAcISso87d+7Mzs62WCxGozEpKYk+M9Pf369Sqa5cuWK32y0Wy86dO7Oysti0sUWP0dnc3NyQkJDz58/T183Pz09NTUX/XmtqaiorK/n46MNcmUwma2xsdDgcJpNJrVYT/Rs2bFCr1Waz2Wg0JiYmEv1shpHvGdB1ssWQe8+hqPXBOzYv+KPRaIg0QMdsNms0GtynHMPHPMa4MeaYqqqqlJSUvr4+q9W6e/dunU7H4VRBQUFOTg6O4wcPHkxPT/cYBADwCt/fjwkKCtq/f79SqUSvvhPNr7/+WiwWJycnJyUlpaWlJSYmlpSUoFWGh4elUin6zef1/oyMjDVr1qBXDcLDw2NjY8mzQNxLuQXIlpCpr6+Xy+VJSUkqlSo7O7ugoIAiEBMTk5qamp+fr1AokpOTXS5XU1MTmzY2GJ3NycmZmprKyspitCo1NVWlUsXExHR0dGg0Gv5B8IoLFy6cPHlSLpevWbMmOjqa6D969Kjb7U5ISMjKysrNzeU2jBINuk7GGCJhtj0HqZXL5T67xuEFf86cObN8+XK2pcuXLz9z5oz/zOOIG4WSkpL09PS1a9fGxMRYrdb4+Hi2Qa9fv3769Gn0nN6ePXvMZvN0XAAABmY8a/F84T82Nra7u5ut+SjxuUKBz8yis9NnYGCA8d7+9HmUG8J/XswIc9w8AODPI73nT+bmzZsczSebx9pZg8FAvsR5TJnjXsxx8wCAP7Nfd3l2efDgQVdXV0REhD+U37hx4/333+ce/e233/7rr7/8MfoMcuDAgRMnTty+ffvq1atlZWX5+fmzbZEvzHEv5rh5AOAjM35l9OinnqZDXl6eRCJpaWnxh3KlUlldXc0ts2XLFnSjeC6j0+mSkpICAwNjYmLq6+v9NIq/95xH44XPzHHzAMA3/JJj6Jns6TlmHA5HVVUV/l+pZspb2S6Xa/PmzeQzqV6vJ9709AjlLNzQ0BAdHR0YGKhUKtHjy75RVFQkFAqbm5u9Wmt8fLywsHDZsmVCoTA2Nra6uprjvT+e+ePvv//Ozc2VSCQKhaKoqIiInt1u12g0UqlUoVCUlpYSlRro8aTvfiqVimNEujy5FAV/C71VTrecGzb58fFxuVw+MDBA9IyNjWk0GmRhSUkJipVHN1Uq1bFjx9jM5o6hb5YTYz1Gf0kBH/DLXBkq7UWGqHz1xINyDPZfqWZy/d379++rVCq3202Wl0gkTqfTh4GOHDlSV1d3/Phxq9VaUlKi0Wi+//57H/SMjo42NDR0d3eTH1fjw/bt2y0Wy6VLlywWS2NjY3t7u16vZxNevny53W73qHPLli1CodBoNOp0ur6+vv379xP9U1NTBoPhypUrHR0d6P1HxnhitN2vra2Ne1Cy/MGDBxMTE32w0CvlbJazwSHf0NCg0WhWrlxJ9Gzfvn1qaqqvr0+r1ep0OrQ3crt58+ZNvV6/ZcsWRrP5xNAHyxE8dwzgMWbGs9ZT/seE7b0N1HPw4EG2d1e9Uo7juEKhuHLlCrGovr4evWXis8FeMTExIRAIyAVUpo/T6RQKhUQBtJ6eHlTLy+l0BgQEkEt+xcbG4jMRTxzHR0ZGyH/S4+PjOSZO2Sz0Vjmj5RywyY+PjyckJBAF8XAcd7lc5O3S2dkZHx/v0c2CgoL9+/eTh5upQ9hbT4EnD885xul07tq1SyqVRkREVFRUuN1utMfU1tZGRkYuWrQoNzeXrVgTpbOqqkoqlcrl8qamJrZOtuEoYowgyZqaGplMtmjRoi1btqDigzwHIiSRayKRKCcnx26379mzB9XaysvLIxc9pA/kcDiI5H348GHG44r7nNje3s6xLQhhNBC5uKder6eUK+XjL/kvZHNzc09PT2pqqlAolEql6F1IpNDtdpeWlspkMpFItGHDBrvdjl65Jc62FOjyPpxliPOjx9cYKUtFIlFhYSF6O7WoqIh/5a6enh6pVEopmcrHQt+UexsTunxVVRVlhtPhcJBrbvb29tKn/iiWOBwOiURCrobpVQy5tw6b5fRFbMcUjuM2my0zM1MsFkdGRtbW1vpcaA6YFTzPlTGWu+coWc8GvQI5YyfbcBQxtnrsbMXheQ6E8a7EzjgQ5RsHHmNCh6N6PCWYQqGQ+O4OhmEhISHj4+Mc0ebz2QK22v70WvFBQUGZmZmbN2/+4YcfiC+gEDDWlveWgwcPkmdv+DMxMSEWi41GY1dXl1arra+v57lic3Nzbm4uOaozaKG3yj1y7969urq6ysrK8PDwjz/+GH28JzQ0NCkpqays7MGDB//8809FRUVycjK3JU1NTVlZWUuXLiXL+BzD6cB28PL56gEwd+FOQYwlvMzsJevx/24YSkns3r3bzFSBnN7JMRxlXcbiS2aW4vA8ByIkPVZiZxsI55wrowgwNhmrx9OF6cqHhobIpeR4+sthJ1HbH2epFT8+Pl5aWhobGysQCGJiYohrI0Z5b/+zV1RUZGRkkC8uyao4rmNcLhf5/dbW1laPXxwgVly0aBF3+TU2C31TPs3rmNraWrVabbfbBwcHExISiLpH/f39SqUyMDBQJBJhGEb5mDfdkujoaIPBQI6qVzGcwesYxmOKz1cPgLmMhxzDWO7e4zEvEonIZ/+xsTGOCTRvh+PAzFIcnudAdEm26lJsA+HTzjEISvV4urDVaiUbgOP44OCgVCpl08nzswWMdfg91op3uVxdXV2pqaloTp9R3qvzaWtra3R0NFF30qscQ2FgYIDnY3vnzp1LTEz0zULflE8zx8TGxhJn5La2NkrlWYfDUVdXRy9HS7GE+MYEY25AcMdwBnMM4zE1gx9lAGYFvzxXFhAQEE6C+6O2vsH/24WPHb/99huqY0hUjyeYnJxEhfTR7NaDBw+IRePj4yEhIdMcWq1Wr1mzRqfTGQyGixcvkhfRa8UTLFiwYPXq1Q0NDefPn+cjz80vv/ySn5/f0tKyZMkS3zRQmJqa4iPW3Ny8fft2PpI+WMhfOU/u3LkzNDT03HPPoWZsbKzNZiMLiESi+vr68vJybksaGhrQRzC54RlDAKDjIcfIZLLAwMDff/8dNQcGBiIjI/1nDf/hDDRQv8vl+uOPP9Bvk8m0bNmyaQ7EBs+BvOX9999XKpVyudxkMu3bt4+ytL+/H5UYCQ0NVSgUnZ2dxCJ0/5lNLR9/b9++bbPZPvnkkxUrVoSHhxPfPw4NDZVIJDdu3KDIU27DuFwu9Igqmzwf7ty5o1ar6+rqVq1aRXRKpdKJiYm7d++iptVqlclkbBouX778wgsvEM3+/n4+W/bPP//s6OjgUyiT0cKZUs4fkUg0NTVF3qCUPbC5uVkqlb7xxhvclnR0dOTl5YWFhSUlJY2Pj6O/a17FUCKRTExM/PPPP6hptVp9dorxmJLJZAEBAcPDw4SnPusHZgePVzr0cvd85i4o78cMDQ3xmSvjMxwHZpbi8DwHoktyzJUxDoSTvnFgsVgo01mMXg8ODpKHoFePv3TpUlNTk91u7+npiYuLI16Ua2hoiIyM1Gq1drsdffyDKOHO31+KMFttf3qteFS08fjx4zabzeFwoK8VoJdPGeX5bES3252RkVFYWEjec9AilUql0WhsNpvJZEpLS+N40NbhcEil0vLycrvdrtfryTcqOKiurlar1R7FOCz0Qfk058rUarVKpTKbzX19ffHx8SdPniTbGR0d3dbW5tESYkK7u7s7JCQE/fY2hikpKTt37hwZGUFbx+NcGds3GtiOqel/lAGYRXx/dpkQoJ+I6ZmsvLycZ47xOBwHSLK6uprx2WWPA9ElOXIM40CIiooKkUjU1NQkFAo57tsjLly4wH0boLu7Oy0tTSwWx8TE1NXVkRexvefP31+KsE6nS05OFgqFcrm8uLiY8N3tdpeUlEilUqFQiO4z4zh+8eLF9PT0kJAQkUiUmJh4/PhxYiy6PJ+NSN9zCAPIb9eT3/NndLa3txdFLDo6uqamhntQRFxcXGtrq0cxDgt9UD7NHGO321FMli1bRilZdPr06aSkJP6W4LRd3asYDg4Orl27ViwWx8fHNzQ0cOcYtvuRHMfUyMhIVlYWena5uroacszjxTM4js/wldHsMTw8nJCQQFy2z/pAH3zwgdFovHz5MpvA/fv34+Li9u/fv2PHjpm2EQAeA4hDiecxdfPmzTVr1sz9MrIAwazV9n8aqK2tJW4UMbJgwYKzZ8++/PLLj8wkAHisga8ePHZAjvEj8+fPf/HFF7llnsIEw/YQ4NDQUHBw8FwY1FsLZ8SjWQkLf/xhHs8vaxw4cEChUGRnZw8NDZWVldEflgPmMpBjgEcN27WdX8+kXg3qrYUz4tGshIU//jBv165dbW1tbF+MJkhPTy8qKiooKFi2bFlhYeHWrVt9HhF49DxR92MAAACAOcXT/h1MAAAAwH9AjgEAAAD8BeQYAAAAwF9AjgEAAAD8BeQYAAAAwF9AjgEAAAD8BeQYAAAAwF9AjgEAAAD8BeQYAAAAwF9AjgEAAAD8BeQYAAAAwF9AjgEAAAD8BeQYAAAAwF9AjgEAAAD8BeQYAAAAwF/8H2C+6lDm+HxxAAAAAElFTkSuQmCC) --- **Screenshot:** ![jofs.in vulnerability](/twimages/screen-1313635.jpg) **Mirror:** [Click here to view the mirror](<http://1313635.openbounty.org/mirror/>) ### Coordinated Disclosure Timeline Vulnerability Reported:| 8 September, 2020 05:41 GMT ---|--- Vulnerability Verified:| 8 September, 2020 05:55 GMT Website Operator Notified:| 8 September, 2020 05:55 GMT a. Using the ISO 29147 guidelines| ![](/images/done.png) ---|--- b. Using publicly available security contacts| ![](/images/done.png) c. Using Open Bug Bounty notification framework| ![](/images/done.png) d. Using security contacts provided by the researcher| ![](/images/done.png) Public Report Published [without any technical details]:| 8 September, 2020 05:55 GMT Vulnerability Fixed:| 23 October, 2020 21:20 GMT ---|---