All Vulnerabilities for brandwatch.com Patched via Open Bug Bounty

2021-10-05T01:11:00

Description

Following the coordinated and responsible vulnerability disclosure guidelines of the **[ISO 29147](<https://www.iso.org/standard/45170.html>)** standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Affected Website:| **[brandwatch.com](<https://www.brandwatch.com>) ** ---|--- Open Bug Bounty Program:| **Create your bounty program now**. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| **[XSS (Cross Site Scripting)](<https://owasp.org/www-community/attacks/xss/>)** / CWE-79 CVSSv3 Score:| 6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N] Disclosure Standard:| Coordinated Disclosure based on **[ISO 29147](<https://www.iso.org/standard/45170.html>)** guidelines Discovered and Reported by:| **7securitas ** Remediation Guide:| **[OWASP XSS Prevention Cheat Sheet](<https://cheatsheetseries.owasp.org/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.html>)** Export Vulnerability Data:| Bugzilla Vulnerability Data JIRA Vulnerability Data [ Configuration ] Mantis Vulnerability Data Splunk Vulnerability Data XML Vulnerability Data [ XSD ] Vulnerable URL: https: //www. brandwatch .com/de/de/wp-content/themes/brandwatc --- **Screenshot:** ![brandwatch.com vulnerability](/twimages/screen-2157460.jpg) **Mirror:** [Click here to view the mirror](<http://2157460.openbounty.org/mirror/>) ### Coordinated Disclosure Timeline Vulnerability Reported:| 5 October, 2021 01:11 GMT ---|--- Vulnerability Verified:| 5 October, 2021 01:23 GMT Website Operator Notified:| 5 October, 2021 01:23 GMT a. Using the ISO 29147 guidelines| ![](/images/done.png) ---|--- b. Using publicly available security contacts| ![](/images/done.png) c. Using Open Bug Bounty notification framework| ![](/images/done.png) d. Using security contacts provided by the researcher| ![](/images/done.png) x. Using Twitter notification| ![](/images/done.png) Public Report Published [without technical details]:| 5 October, 2021 01:23 GMT Vulnerability Fixed:| 3 January, 2022 15:38 GMT ---|---

{"id": "OBB:2157460", "vendorId": null, "type": "openbugbounty", "bulletinFamily": "bugbounty", "title": "All Vulnerabilities for brandwatch.com Patched via Open Bug Bounty", "description": "Following the coordinated and responsible vulnerability disclosure guidelines of the **[ISO 29147](<https://www.iso.org/standard/45170.html>)** standard, Open Bug Bounty has: \n\na. verified the vulnerability and confirmed its existence; \nb. notified the website operator about its existence.\n\nAffected Website:| **[brandwatch.com](<https://www.brandwatch.com>) ** \n---|--- \nOpen Bug Bounty Program:| **Create your bounty program now**. It's open and free. \nVulnerable Application:| Custom Code \nVulnerability Type:| **[XSS (Cross Site Scripting)](<https://owasp.org/www-community/attacks/xss/>)** / CWE-79 \nCVSSv3 Score:| 6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N] \nDisclosure Standard:| Coordinated Disclosure based on **[ISO 29147](<https://www.iso.org/standard/45170.html>)** guidelines \nDiscovered and Reported by:| **7securitas ** \nRemediation Guide:| **[OWASP XSS Prevention Cheat Sheet](<https://cheatsheetseries.owasp.org/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.html>)** \nExport Vulnerability Data:| Bugzilla Vulnerability Data \nJIRA Vulnerability Data [ Configuration ] \nMantis Vulnerability Data \nSplunk Vulnerability Data \nXML Vulnerability Data [ XSD ] \n \nVulnerable URL:\n\nhttps: //www. brandwatch .com/de/de/wp-content/themes/brandwatc \n--- \n \n**Screenshot:** ![brandwatch.com vulnerability](/twimages/screen-2157460.jpg)\n\n**Mirror:** [Click here to view the mirror](<http://2157460.openbounty.org/mirror/>)\n\n### Coordinated Disclosure Timeline\n\nVulnerability Reported:| 5 October, 2021 01:11 GMT \n---|--- \nVulnerability Verified:| 5 October, 2021 01:23 GMT \nWebsite Operator Notified:| 5 October, 2021 01:23 GMT \na. Using the ISO 29147 guidelines| ![](/images/done.png) \n---|--- \nb. Using publicly available security contacts| ![](/images/done.png) \nc. Using Open Bug Bounty notification framework| ![](/images/done.png) \nd. Using security contacts provided by the researcher| ![](/images/done.png) \nx. Using Twitter notification| ![](/images/done.png) \nPublic Report Published [without technical details]:| 5 October, 2021 01:23 GMT \nVulnerability Fixed:| 3 January, 2022 15:38 GMT \n---|---\n", "published": "2021-10-05T01:11:00", "modified": "2021-11-04T01:11:00", "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "href": "https://www.openbugbounty.org/reports/2157460/", "reporter": "7securitas", "references": [], "cvelist": [], "immutableFields": [], "lastseen": "2022-01-04T07:11:39", "viewCount": 22, "enchantments": {"dependencies": {}, "score": {"value": -0.1, "vector": "NONE"}, "backreferences": {}, "exploitation": null, "vulnersScore": -0.1}, "openbugbounty": {"patchStatus": "patched", "mirror": "http://2157460.openbounty.org/mirror/"}, "_state": {"dependencies": 1646083841, "score": 1684009192, "epss": 1679134186}, "_internal": {"score_hash": "1712980f0af4795ca580e9c03385106b"}}