logo
DATABASE RESOURCES PRICING ABOUT US

dunkirk5.com Cross Site Scripting vulnerability OBB-1347929

Description

Following coordinated and responsible vulnerability disclosure guidelines of the **[ISO 29147](<https://www.iso.org/standard/45170.html>)** standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence. Affected Website:| **[dunkirk5.com](<http://www.dunkirk5.com>) ** ---|--- Open Bug Bounty Program:| **Create your bounty program now**. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| **[XSS (Cross Site Scripting)](<https://www.owasp.org/index.php/Cross-site_Scripting_\(XSS\)>)** / CWE-79 CVSSv3 Score:| 6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N] Disclosure Standard:| Coordinated Disclosure based on **[ISO 29147](<https://www.iso.org/standard/45170.html>)** guidelines Discovered and Reported by:| **pudsec ** Remediation Guide:| **[OWASP XSS Prevention Cheat Sheet](<https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.md>)** Export Vulnerability Data:| Bugzilla Vulnerability Data JIRA Vulnerability Data [ Configuration ] Mantis Vulnerability Data Splunk Vulnerability Data XML Vulnerability Data [ XSD ] Vulnerable URL: ![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAAA3CAIAAABVZQ1/AAAACXBIWXMAAA7EAAAOxAGVKw4bAAAUH0lEQVR4nO2dbUxTVx/Ar6VggQtIKUWhPgKbjDmnDAlhGzqnxiFrSGW+jTHFSdCRTrFB54hjDBNUxGVjxvFhW9QZx5KFNMQZzTpd0DBfEAtWhMqQl1IrFgSsrGLtfT7cZzf3uW+9LX1B/f8+9Zx7zvm/nXtP77nt/07BMAwBAAAAAA8g8LUCAAAAwDMLrDEAAACAp4A1BgAAAPAUsMYAAAAAngLWGAAAAMBTwBoDAAAAeIpJscbExcW1tLSwFQGf4M0oTJKI+0SNSWI7AHgI368x169ft9vt8+fPZywCPsGbUZgkEfeJGpPEdgDwHA7WmJ6enpCQEMZDIyMje/fuZSvyp76+Pisri63oZXp6esLDw13uy+grDh9y95ry/6xYscI1xVzAm1FwWRYfh3M73y1qTARvCl2xYsX+/fvJNWfOnImJieHvogmyffv2wMDAo0eP8u9y//79jRs3RkZGxsTEfPrpp48fP0YQpKenx8/P7/z58+SWEzlzXYAyx4iT1N/f/9VXX/3ll194dvey2j7B9fuY4eHhiooKtiJ/JtUa4wlmzZplNptd6IiiqJVEfX2923Vj46lYY/jA3/nP/BqTnZ2tVqvJNWq1WqFQuDw/nWJwcLC6uvrixYu5ubn8e+Xl5Y2Pj2u12rNnzzY2NpaWluL1drs9Ly/v4cOHnlHWaYhT1Wg07t69W6lU/vbbb75WatKAcdLd3Y2iKJ9DHC05MBqN06ZNGx8fZyx6n+7u7mnTprnc1wUPsPVybTS34M0oTESWG13nk4nnZaEmk0koFJpMJqImOjpao9F4R7oLQRkbG5PJZBaLBS9evnz5xRdfxIcKCgpKTk7esmULeXyXz1wXIJtDN62mpiYzM5Oju8FgSE5Oxj+kpqZ6Ts/JAK/7mG+++SYuLi4iIuLDDz8cGRlBEGRkZCQ2NtZisUyZMuXo0aPk4ldffRUSEnLgwIGoqKjw8PANGzb8888/bCPX19cvX77c39+fUly5cuWBAwfwypaWlqlTp+JyEQTZvHnz7NmzOY7u2LGDu/uOHTvIOvT397/zzjshISEvvfTSiRMn8ErKBgL5lhY/dPDgwbi4uPDw8A8++IAYnODGjRsRERH47Tx962bv3r2RkZEzZsz44Ycf2HohCGK327dt2xYVFRUVFbV9+/YnT55QpDx58uSzzz6LiooKDg5evXr14OAggiAPHz7cvHlzZGTkzJkzv/zyS7wXWefg4OC1a9cODg7u2LEjMjIyIiJi48aN5K+E5KBcuXLl9ddfDwwMjIyMXL16dX9/PzEaPcRs9fg4CxcuDAkJiYmJee+9927evEmXxT0sYywQBNm/fz/HTKP0ZfQYWQ2O4D569GjTpk0hISGzZs364osvcMfymWkObfeO0KioqLS0NOJW5tKlS1ardfHixRQX0SU6dTYxOnlwcJByfeAzFQMDA/v6+oKDg/FiZ2dndHQ0/lkgEBw7duzIkSO///47Rbrbw+QCqampOp2Oo0FMTMzVq1fxD5cuXcIrz5w5wz2swwaTE8drjMVi0Wq1jY2Nly9fNhqNu3btQhAkLCysvb0dv0PMzc0lF1euXGmxWC5fvtzU1NTU1NTc3FxZWck2ONtGmVwu12g0eOXJkyftdvvp06fxokajUSgUHEczMzO5u2dmZpJ1UCqVoaGhbW1tp06dItYYhz5pbW3FfdLb21tSUkI+OjIykp2dvW/fvoULFzL2bW9v1+l0R44cSU9P5+g1NjaGoqhOp2tsbNRoNF9//TVlqMrKSo1Go9Fo9Hp9dHR0W1sbgiBbt241Go3Nzc2nT5+ur68/fPgwIVer1V64cEGr1RqNxsTERLPZ3NraevHixe7ubrIJ5KA0NzcXFBSYTCadTieTyZRKJTEaY4jZ6uVyeV5eXm9v74ULF9LT00UiEV0WR3eOQDT9C5/2jB6jqMEW3PLy8rGxsdbW1tOnTzc0NNTU1CCOJio+0/jY7h2h5O0ytVotl8v9/PwoLqJLdOpsYnRyREQE5frAcyoSdHR0FBcXV1VVETWvvPJKWVnZRx99RPmG5/YwuYBYLB4dHcU/R9Jg65WXl7d06VJ87aFw5cqVpUuX5uXluaySL+G+zenu7kYQZHR0FC82NjbGx8cThxj3yvAuvb29eH1dXV1KSgr+ube3NzY2luhisVhQFB0aGqIXjUZjUFCQ1WrFMCw1NVWlUuXk5OCDh4aG9vb2chwdHx/n7k7enbDZbCKRiKwtfsdNt464E6f45MKFC7hPiC6ZmZmFhYV0zxB9CZM5elmt1osXLxJFtVpNv6eWSqXNzc3kGpvNhqJoV1cXXqyvr09LSyPkDg8PEzoLBIKxsTG82NjYiO9C0INCprOzc/r06Rh7iNnqh4aGhEIhHg4yFFkcwzLGgk97Sl+6xyhqsAUXwzCJRELs22i1WjwcDmcaH9u9JrS7u1skEuGCEhMT1Wo13UV0ifzPJg4nU64PfKYigcFgiI+Pr62tpQxls9nS0tLWr1+PkWaFez3GBvdeGflyYaDBNqbFYqmoqBCLxWvWrNHr9XilXq9fs2aNWCyuqKgg7Hq6cO55DOVSy7bGiEQior6trU0qleKfbTab0WgkDtXV1S1ZsoStmJSUdPbsWZPJJJPJhoeHpVKpzWb7/vvvs7OzHR7l0wDHaDRStOWzxrBd8lAULSkpEQgEP/74I6MPGacjYy8K7e3t+PWdYHh4WCgU2mw2ijkBAQFEUa/XE6sCmzmUIiUKzc3Ny5Yti46OlkgkYrGYsJQxxByhX7duXVJSkkqlqqqq+vPPPxllcQzL5nCH7cmfGT1GUYNN1tDQEIIgkn8Ri8WEaQ5nmkPbvSYU71hbW4vfVeBXdrJ0Nok8zyYOJ5OvDzynIkFaWlp1dTV9KAzD9Hp9UFCQWq3GO3rCY4zwX2OcZWhoSKFQCIVCvCgUChUKBbEkP40IvXO3hOPn5zdjxgyiyP2LsszMTI1G09XVJZfLw8LCkpKSGhoaiBtb7qN8GniCsbGxurq62tpapVKZnZ0dFhbmxl52u51eSd/rmCCUKCgUivz8/JqaGpFIZDAYMjIyXBv2559/vnr1qk6nMxqNKpXqjTfe+Pbbb33yUy66x/ioYbVaBQJBU1OTUPi/U0Yg+N8+s8OZ5rLtbheK/Ltd1t3dnZGRERgYyFOis2eTG6flnTt3Wltb//rrL8ajs2fPrqioKCgoOHXqFIf+fExg85gLDA0NhYaG4p/pm2P37t1j6/j333+XlpY2NDSUl5fjNeXl5VVVVYWFheXl5S+88IJr+vgY7iXItfsYhLSDoVarib0yMjabTSKRELs6lCKGYY2NjampqVlZWadOncIw7PDhw1u3bp0+fTp+J8R9lE8DQi55r0ytVuMGjo6OCgQC8vYFn/sYoVDY1taGYZhcLlcqlfT2jF95GHtpNJqkpCSiWV1dHeNemVarpZjDtlfG58sjJQoDAwPE9ykMw7RaLeMmFRFinqHXarUymYwecbbubLHgUINjr4zuMbIaHI5CUZS+BYTxnmkctntHKP5Zp9OFhoYmJycfP36cUTqjRKfE0Z2M/f/1wan7GJvNRp4k9BEwDFu8eHFaWhre0e0eY4T/78r475Vt2bIFRVGVSmU2m8n1ZrO5qKgIRVHy7+ieIlxfYywWi1AoJPYNiSJ+5q9atcpgMOh0uqSkpLKyMmIEYsezoaFh7ty5RD2liCOVSqVSKd7FYDCEhoaSL7vcRx02IDRRKBRkbQkDU1NT8/PzTSaTXq9PT0/nuVeGV7a3t4tEotbWVozHGsPYa3h4WCKRlJaWms3m5ubmuXPn4tsF5C3jioqK1NTU1tZWg8GgVCobGhowDMvPz8/Kyurt7dXpdMnJyXgvnic2PQpSqfTw4cPDw8N6vV6hUJAv7vQQs9W3tbVlZGScPXvWbDb39vbm5+fL5XK6LI6ZwxgLtvajo6NCobC9vd1ms1EMp3uMogaHo7Zs2ZKWloZ/z62srCwvLyd7iW2m8bHdO0KJjgkJCQEBAcT2C0U6m0SeZxOjk7EJrDGUwekjYBjW1dWFoije0RMeo0M/qfH/x5jN5traWolEcvLkSY7ujOTm5nZ3d3NIzM3NdXbMyYDrawyGYWVlZUFBQUeOHCEXDx48iKLovn37pFLptGnT1q9fTzzQI49WXFxcUlJCDEUp4uTk5KxatYoopqSkkNtwH+VuQNbEYDAsX74cRdGEhISqqirCwM7OziVLlqAoOmfOnOrqaqfWGAzDtm7dumjRIsyZNYbcC8Owpqam9PR0FEXj4+MrKyvpjW02286dOyUSiUgkUigU+Ncfi8VSUFAgkUhkMllZWRm+M87zxKZHoaGhISUlRSQSTZ8+XaVSkS2lh5itfnx8vKysDL+0SaXS3Nxck8lEl8XWnS0WePvKykp6+127duEz06HHKGpwOMpqtRYVFclksqCgoMzMTPKXa46Zxsd27wglWu7cuTMjI4NNOptEnmcTo5OxCawxjDX0v9rU1NTgzTzhMTqUk5rYFhIKhXPmzCF+ngBgDtcYF2CcAXQSEhLIv5uiFAGfwDMKbCHmGXo2WU51dxc+mXgw24HnB68+8yfT0dHBUQR8gjejMEki7hM1JontAOAFfJ93GfAtLS0tH3/8sa+1ePZ5/Pjx+++/f/fuXV8rAvCF/vdJnAcPHvhatacJn93HAJOEvLy8devW+VqLZx9/f/+AgIDi4uKffvrJ17oAvNBqtYz13klT/ezAvZXmky3y5xnyo1Huv3G5HBo8Qzb+2Ww2CwQCxr83T+R/ZN6EbA4HnjaHTziam5spf6QFgGceB3tl3sn7DXgT8lsYLBZLUFDQ1KlTfavSRHD5pRLuhc+ZIhaLLRaLd/QBgEmC4+cxT/UF6KlDKBQmJCSQPwBPC3CmAAAdvu/B5J8c/s6dO++++25ISEhcXNzBgwcZ3/JGT6PNmPSeLRM7ndu3bwcHB1+7dg1BkMHBwfDw8HPnzpEbOMx4zyenOl1JRrU5ZLFl9SdgTPrNmGCfAk+FKS9loAzC+JoDNosYA8SWh5///OEwhB4pN5rDX0OO9x1wTyoAeA5x4ndlPDNyK5XKgICAzs5OjUZz7NgxxqEY02jTk94zZmJnzJUdFxdXUlJSVFSEIEhpaWlmZubbb79NlsiR8Z5/TnVGJek1HLIoLXnm/WZLsE+Gp8KUlzJQBmF7zQGbRWyp8hnhOX84DKFHyr3m8NTQYTi4X/0AAM8X3I9rKFnIHGbkxtN/Ef+tJVLlk2FMo91NS3qPsSQJZ8v/Mz4+npiYWFZWJpFIKP/R5c54zz+nOl1Jeg23LIqB/HMZEZAT7HOnZGcTypZ3gO01B2wWYUwB4kiCwGf+cBvCGCm2h+3OmsNfQzL0cLigKgA8wzjx22UURYmUwDKZLDQ0lMjbGh0djT/wHBgYsNvtcXFxeH1iYiJ9nPDw8FWrVqWlpS1ZsiQ6OjolJeWtt97CxydvrI2MjAwNDc2bN4/SPSYmhlE9f3//Q4cOLVu2rLq6OioqinxoYGBgfHycrBWR/gFFUWJvRyaT4bnB79+/bzabY2Nj8Xq73U6kcaUoSa/hlkXpy2YLhWvXru3cubOtrW18fNxut9MTMDulMBsDAwMIgsycOZPQnNsitgCxwWf+cBtCj5QbzeGpIcIjHM6qCgDPML75fww9jXZxcTFjS3qScI5c2SaTSSAQmEymCarHkSHcvfDM++0wwb7XFKbj3pcL+NAQ/rjrfQcA8Dzg5jVGKpUKBIKenp5Zs2YhCNLe3s7WcsGCBQsWLEAQBH81Mn2NCQsLE4vFLS0t8+fPJ9ez/TFqZGSkuLj4xIkThYWFubm5L7/8MlmrgICA27dv499e29vbiW/KjMyYMSMoKGhoaOi1117jtpeOU7LYbCFz7949o9H4+eef40XGH8hORGECqVSKIEhfXx/+3V+v1xP1jBYxBkgsFo+NjT148AD/Im8wGJzSwS2GuGYOT/iEAwAAAjd/SfTz85PL5UVFRT09PTdu3CgrK6O3uXnz5ooVK86dOzc4ONjX13fo0KGkpCTG0YqKigoKCq5fv97f3//JJ5+cP38eQZAYGnjjkpKSRYsWrV27VqVSFRYWUrRat25dUVFRX18frlVOTg63Ibm5uYWFhTdu3Lhz586BAwf27NnD3wP8ZbHZQiYyMlIsFn/33XcjIyO3bt0iXCoWi61Wa0dHB/6zKP4KSyQSq9V669YtBEEEAoHNZiM0z8jIUKlU/f395NhxWEQPUEhISEpKikqlunv37q1bt3bt2sXTbwTOep5sDoIgjx49ctkcPrCFgw82m424PwOA5wXuxzUuZOQ2mUxyuRxF0djY2H379tGf+TOm0WZ8HMqYJJyRpqYmFEXxB7xWqzU2NvbYsWPkBs5mvGfMEO4wMz9/WU7BmGAfI2Ww568wDvFSBqvVKhKJiJcAsb3mgNEijCVAHHn4GV2NOe95tndMUJo5ZQ5/DTned8A9zq+//jpv3jx6OADgGWYKhmGeW8A6OjoWLVoEeQAnM9u2bdPpdH/88YevFXnGefToUWJi4u7duzdt2uRrXQDAe3j2zl2r1cbHx3tUBDBBqqqq+DwWAibI1KlTjx8//uabb/paEQDwKu6/j9mzZ090dHRWVlZXV1dOTk5paemGDRvcKwIAAAB4KnD/GnP+/PmioiKdTvef//xHqVRu27bNveMDAAAATwuefR4DAAAAPM9Muj+4AQAAAM8MsMYAAAAAngLWGAAAAMBTwBoDAAAAeApYYwAAAABPAWsMAAAA4ClgjQEAAAA8BawxAAAAgKeANQYAAADwFLDGAAAAAJ4C1hgAAADAU8AaAwAAAHgKWGMAAAAATwFrDAAAAOApYI0BAAAAPMV/AXc89C0VVP7SAAAAAElFTkSuQmCC) --- **Screenshot:** ![dunkirk5.com vulnerability](/twimages/screen-1347929.jpg) **Mirror:** [Click here to view the mirror](<http://1347929.openbounty.org/mirror/>) ### Coordinated Disclosure Timeline Vulnerability Reported:| 19 September, 2020 06:19 GMT ---|--- Vulnerability Verified:| 19 September, 2020 06:34 GMT Website Operator Notified:| 19 September, 2020 06:34 GMT a. Using the ISO 29147 guidelines| ![](/images/done.png) ---|--- b. Using publicly available security contacts| ![](/images/done.png) c. Using Open Bug Bounty notification framework| ![](/images/done.png) d. Using security contacts provided by the researcher| ![](/images/done.png) Public Report Published [without any technical details]:| 19 September, 2020 06:34 GMT Vulnerability Fixed:| 17 October, 2020 21:47 GMT ---|---