logo
DATABASE RESOURCES PRICING ABOUT US

safetynetwork.co.kr Cross Site Scripting vulnerability

Description

Open Bug Bounty ID: OBB-964433 Following coordinated and responsible vulnerability disclosure guidelines of the **[ISO 29147](<https://www.iso.org/standard/45170.html>)** standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence. Affected Website:| **[safetynetwork.co.kr](<http://www.safetynetwork.co.kr>) ** ---|--- Open Bug Bounty Program:| **Create your bounty program now**. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| **[XSS (Cross Site Scripting)](<https://www.owasp.org/index.php/Cross-site_Scripting_\(XSS\)>)** / CWE-79 CVSSv3 Score:| 6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N] Disclosure Standard:| Coordinated Disclosure based on **[ISO 29147](<https://www.iso.org/standard/45170.html>)** guidelines Discovered and Reported by:| **Renzi ** Remediation Guide:| **[OWASP XSS Prevention Cheat Sheet](<https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.md>)** Export Vulnerability Data:| Bugzilla Vulnerability Data JIRA Vulnerability Data [ Configuration ] Mantis Vulnerability Data Splunk Vulnerability Data XML Vulnerability Data [ XSD ] Vulnerable URL: ![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAAA3CAIAAABVZQ1/AAAACXBIWXMAAA7EAAAOxAGVKw4bAAATJElEQVR4nO2df0wT5xvAz1qhlIICpSIwBbYhMwzZZIxtzDlm1LGGVYbKGANUgkgUO4IOmXEMDRoFkzFmjEGjzjj/MMaQxTjD0CBj6pQVrFgbhlBL6bQguIoFqvf94933crt773pUCgyfz19933vveZ8fR5/e+949TCFJkgAAAAAAFyAabwUAAACASQvkGAAAAMBVQI4BAAAAXAXkGAAAAMBVQI4BAAAAXAXkGAAAAMBVTIgcExoa2tzczNUEnh8g9AAwyRj/HHPjxo2nT5/Onz8f2wSeHyD0ADD5cJBjOjs7vby8sIf6+/t37drF1RROTU1NUlISV3MC8sUXX3h4eBw9epRnjNPeGDOBBG9wx0W406EXEpExoLOz08fHx7lznYivw+mEyKTCxBUv/jg6ofaDBw9Wr17t7+8fFBT05ZdfDg8PM9Rw2ocMXHp5AyOA5KWjo0Mmkwk5xDOSn9jY2PPnz3M1JxoWi0UkEmk0GrvdzjPMaW+MmUAXyXwW4c6FXmBExoCOjo4ZM2Y4fe5I3eVwOoEybTYbz2B+IU6onZSUlJaWZjQadTpdfHx8UVERXc6z+JANMg0YX8Z5ray7u1uv1y9atAjbnIBYrVapVDp//vypU6eOty6TCqdDDxF5Rtzd3cdsrsePHzc1NR08eDAoKGju3Ln79u07deoUQRBisTg8PJz+YVQYS9MALgTlmG+//TY0NNTPz+/zzz/v7+8nCKK/vz8kJMRqtU6ZMuXo0aP05r59+7y8vPbu3Ttz5kwfH5/MzMzHjx9zSa6pqVmyZMm0adMYzeXLl+/duxd1Njc3u7u7o3kJgli3bt3LL7/Mc3Tz5s38p2/evJmuw++///7uu+96eXkFBQV98sknt27dovrfeustDw8Pf3//FStWdHV19fT00K0mCGJwcHDt2rVeXl5z5sz5+uuvnzx5wnBORkbG0qVLqbm++uqrzMxMdBdfUVERGhrq4+Pz2WefUeo5FHj06FGH1j169GjdunX+/v4vvPDCN998g4SgSXft2uXv7z9r1qxDhw7RnXDz5k0/P79Lly6xY/TkyZOtW7fOnDnT09NzxYoVPT09BEFgp+CCLpxLDfqVgI0IOxwEQQiMCBakCftCxWrIZW9XV9fSpUu9vLzmzp174sQJumT6RNT6D9aZjPjyeBI7HdZqtkysAwUuKLG/ARhqo796dEl7enquWrWqp6dn8+bN/v7+fn5+q1evfvToEUEQHh4ed+/e9fT0RBLa2toCAwMJgggKCrp+/Tr6cOXKFXT0559/ZmuC7cQOYCwDOtSNIIju7u6PPvrIy8srNDS0oqJitFbtnnf4b3M6OjoIgsjKyjKZTG1tbQkJCbm5ueiQTqeTyWQ2mw2tUVDN9vZ2giBSUlIMBkNbW1tkZGRJSQmX/MTExOPHj7Ob1dXVS5YsQZ07d+4Ui8UnT55EzbCwsMLCQp6jdXV1/KfX1dXRdVAoFNXV1b29ve3t7fv27Wtvb0f9Bw4cOHz4cF9fn9lsVqvVKpWKbXVxcXFqamp7e3tra+uiRYuqqqoYzjEYDBKJ5OHDh6g/MjLyzJkzyKsZGRkmk0mv18fHx+fl5aEBDgXa7XaH1q1Zs0apVBoMBq1W+/rrr1dWVlKhzMjIMJvN586d0+l01AJFX19feHj4wYMHsTEqKyuLiYlpaWkxGo35+fn19fUkSWKnoMMlnK0G+0rARgQbDuERYYM0YV+oWA257FWpVHQJaJ2HvYxMrf9gncm2ggvsdFxWM2RiHUhfpOJaK+P6BiBZf/Xp6elGoxFd0nK5HJ2Fbk/z8/MZknU6XWBg4NWrV7mMDQgISEhIuHbtmsNOxNWrVxMSEgICAijNKdME6pacnKxSqcxmc1tbW1RU1Ciu2j3PCMox1FdkY2NjWFgYdQi7H4NOMRgMqP/06dMxMTHos8FgCAkJoU6xWq0ymay3t5fdNJlMUqkULafGxsYWFBSkpaUh4d7e3gaDgefo0NAQ/+lDQ0OUDr29vWKx2OG6bVtbG7p2GVbL5XKr1Yo+azSa2NhYtnPi4uJOnTpFddpsNoZXGxoaKK8KEchvnc1mk8lkVKasqamJi4uj4kJ5my4zMTGRSnJsFApFU1MTvcdut2OnoMMlnK0G+e/QC4kIFQ5ScETYcF2obA257LXb7RKJhC7BYY5hOxNrBRau6bis5pHJvp75cwz2G4Bk/dX39fWh/oaGBpFINDAwQJ310ksv0cUajcawsDDqtxEWq9VaVlbm6+u7cuVKvV7P06nX61euXOnr61tWVkb5YaS6IfdSUaa7F3gWRrbnT/9r4ckxEomE6m9tbVUoFOiz3W43mUzUodOnTyckJHA1o6Oj6+rqzGZzcHBwX1+fQqFAP+GTk5MdHhUygCI1NTU6OrqgoKC8vPzixYtUf1NT0+LFiwMDA+Vyua+vL/vro7e3lyAI+f/x9fWlLKUP2717d1ZWFkmSVVVVK1eu5PGqQIH81plMJjc3N2qkXq/HZkeqp7i4WCQSHT58mMTR19cnFosZP665phAiHPtdxgg9NiLYcJCCI8KG60Jla8hlr8lkYkjgzzFYZ/K4hQHXdFxWM2TyX88C9/wZe/Jcp7OHMb6v4+Li2Pe+WHp7e1UqlVgs5ukUi8UqlYrKIs7pxogy5V7gGRG7ag0Ox9SpU2fNmkU1+Z9aTkxMrK2tbW9vVyqV06dPj46Orq+vr62tTUxMdHhUyACKH3/88fr161qt1mQyFRQUvP3229999x1BECqVKjs7+8CBAxKJxGg0Llu2jHGizWYTiUTXrl0Ti/9xo0iE2d9KTk6Oj48nCOKnn37Kysri8Y9AgSOyjp+BgYHTp0+fPHlyw4YNycnJ06dPxw5zbjtdoHCCFXpsRByGgxiJA8eRUX82QaDVQhw4NnR3d7e0tPz2228OR/7555/bt2+vr68vLS3l6SwtLS0vL8/LyystLX3xxRddpTfgHPwpyLn7GIK2BHHmzBlqrYyO3W6Xy+XUnSmjSZJkY2NjbGxsUlLS2bNnSZLcv39/fn5+QEAAuhPiPypkABaNRhMcHEyS5L179+g/nTQaDfYnqkwmE7L0ERkZWVtbO2PGDLTmwONVgQJ5rONa2MHex4jF4tbWVpIklUrlhg0bsD5RKBQajYbeI3CtDCucrQY79HRQRLjCwRbI5UA2XBcqVkMha2VnzpxBWj18+FAkEtHXQulrZQxnYq3AwjUdl9V0mQ6v57G8j7Hb7VzhppObmyuTyQoKCiwWC38nSZIWi0WtVstkMmq7aKS6Ifd2dHSgflgrGy2czzFWq1UsFtPXSVGT2ko1Go1arTY6Opq+50+ts9fX10dGRlL9jCZCoVAoFAp0itFo9Pb2jo6OFnjU4QDU39raumzZsrq6OovFYjAYsrOzlUoldfr+/fv7+vr0er1KpcLmmNzc3Li4OPSLe8+ePaWlpVjnbN++PSoqipLM41WBAvmty87OTkpKYu/5Y9fK0GedTieRSFpaWhhhIkmyrKwsNjYWbVNv2LABbVNjp6CfyCWcrQYj9FwRwYZDeETYcF2o2G9bLnvRJjwlgdIqNjY2OzvbbDajTWb6nj/bmSQuvli4psNazZDJfz0/fPhQLBbrdDq0lIeNI8n6gqb/1Y9orUzImyvp6enUNz5/J32i9PR0hubCdUtJSVGpVB0dHVqtFvb8RwvncwxJkiUlJVKp9MiRI/RmRUWFTCbbvXu3QqGYMWNGRkYGtb1Gl1ZYWFhcXEyJYjQRaWlpKSkpVDMmJoY+hv8o/wBKk6GhoZKSkvDwcDc3N4VCkZ6ebjab0Zj6+vqYmBiJRBIQEFBQUIDNMTabTa1WBwcHS6XSxMRE+q8zunM0Gg1BEJSjeLwqUCC/dVarNScnRy6XBwcHl5SUoG8N/hxDkmR+fv7ChQvZ/Xa7fcuWLXK5XCKRqFQq9PvR4RQChZOs0HNFBBuOEUWEATqRfaFicwzWXpIkjUbjkiVLZDJZeHh4eXk5pRV6BEsmk82bN6+yspLqxzoTwYgvFq7puKymy3R4PRcVFaHBPHFkZwv6Xz3XMIcpxxU4kWPMZrNSqZTJZCEhIbt374YcMypMIUlydBffOjs7IyMj//77b/5hc+fOPXbs2JtvvoltTjIePXokl8tNJhM8cc9mvEIv8EIFnk9u3769cOHCv/76a7wV+c8zpnv+dG7fvs3TnGScP38+Pj4eEgyWyR164D+KRqMJCwsbby0mAxPuqZvJR39/P3pqeSwnbW5uXr9+/VjOKJDh4eFPP/10LH8e+nNAvd090eBSGG65XM2OHTsOHTp0//79K1euFBcX5+bmjrdGk4Fxu495flAoFEqlMiMjYywnzcrKSk1NHcsZBTJt2jQ3N7fCwsIffvhhbGZEm2Fs7Hb72CgwUrgUhirCrmbRokVqtTovL2/27Nn5+fmZmZnjrdGkYLw3hIB/UKvVEomEsXfqHKgUMaOeLuO5c/o1EBwcXFRURC9/8Cxgd4zpszc1NbHf2QQAYFICa2UTgp6ensrKysuXL2/atMlisTyjNFSKmL/oLKpqY7PZBgYGzp49e/HiRfprbs/CnDlz+E3w9fW1Wq2jMhcAABMcyDETAnqB+tEtSM5TNd3d3d3d3d3Dw+PVV18tLy9HVdZHBcoEF9VsBwDgv4LjHMMutI4tfo4tWo7lzp07np6ef/zxB0EQPT09Pj4+Fy5coA/gKU0vvB4+W0nhNdv5y+DT4bKaLZZHf3qBelQjHfVzmSCkSjkFtmo6G4lEYrPZuPzJozxBEFP+Db1cvMPZHZZqBwDgP43jHKNUKrOysgwGQ0NDQ3x8vEQiIQjCarXqdDqtVnvkyBFUjGvPnj21tbW1tbV6vT4wMLC1tZXAPSFDEERoaGhxcbFarSYIYvv27YmJie+//z59xvz8fJPJ1NTUdO7cuZqamv3796N+q9Xa0tLS2Nh49epVg8FQXFyM+ktLSwcGBlpaWs6dO1dfX3/gwAFqPENJdg/PXIyRWFuwVnOJ5dLfz8+PqpG+fPlyuiuwJmg0moaGBo1GYzKZIiIiLBZLS0vL5cuXOzo6KJkjor+/v6SkhKp1hvUnl/IEQdj+z5YtW0b6oEFWVtYHH3yA8hAAAJMQ/u0abKH1Dlx5dmzRciML1D80NBQREVFSUiKXy6n36hE85baIkdTDZyvJ7uGfi2Eg1has1VixPPqTHO8kc5ngsEq5w+JXSA5VqdfNzS0tLY3yIduf/MojtFrt7NmzLRaLkNmpAdhS7QAATBocPLvs4+OTkpISFxeXkJAQGBgYExPz3nvvEQQhk8nobxT29/f39vZGRUUxTg8KCsKKnTZtWlVV1eLFiysrK2fOnEk/dO/evaGhodDQUNSMiIigHoKSyWTUIkxwcDAqaf7gwQOLxRISEoL6nz59SlWfZSjJ7uGfi3Eu2xYuq7nEYvXnB2sCVcA4ODjY29vbw8MDNQMDA4U/LyCVStEzsrW1tUVFRdXV1UgOlz8dKp+Tk1NZWenn5zei/XxPT8+tW7fm5uauWbNm3rx5w8PDws8FAGDi4/j9GHah9cLCQuxIdtFytKBE5/79++iD2WwWiURms3nkOv+LMSvnzralra2NcEGp9rFBJBKhrJmZmVleXl5dXb1x40aCw59DQ0P80r7//vuwsLCPP/7YCU2w9dsBAJgcCHoHc8GCBQsWLCAIIjExUalUsnPM9OnTfX19m5ub58+fT+/nepusv7+/sLDwxIkTeXl56enpr7zyCnVIoVC4ubnduXMH3QfodDrqNzWWWbNmSaXS3t7e1157TYgtdEY0F9sWLqtHasK4s23btsLCwpycHHd3d6w/Ozs7eU7v6uqqqqpqbGx0Yur169cfP348JydHr9f7+fk5IQEAgImMg5/8t27d+vDDDy9cuNDT03P37t2qqqro6GjsSLVanZOTc+PGja6uro0bN166dIkgiCAWaHBxcfHChQtXrVpVUFCQl5dHlzN16tTU1FS1Wn337t2bN2+WlJSkpaXxK5menp6Xl3fz5s3u7u69e/fu2LFDoPEjmgtrC9ZqJ0wYXUQi0YheYl+1apW3t/eRI0dQc6T+zM/P37lzp1QqHRwcHBwcdDid3W6nbpKsVqtWq62oqIAEAwCTE/7tGmyhdeymLk/RcgbXrl2TyWToXy3ZbLaQkJBjx47RBwgpTe+wHr7DUvbC5+KBy2q2WCf+15NDE7iqlNtsNolEwrOFzpZ8/PjxkJAQ9Ko/25/88zKuKIfeO3XqVFRUFM8AAAAmDaNf2x+YCGzatEmr1f7yyy/jrQiTwcHBiIiIbdu2rV27drx1AQDA5UCOmZwMDw9rNJo33nhjvBXB8Ouvv77zzjvjrQUAAGMB5BgAAADAVUC9MgAAAMBVQI4BAAAAXAXkGAAAAMBVQI4BAAAAXAXkGAAAAMBVQI4BAAAAXAXkGAAAAMBVQI4BAAAAXAXkGAAAAMBVQI4BAAAAXAXkGAAAAMBVQI4BAAAAXAXkGAAAAMBVQI4BAAAAXAXkGAAAAMBVQI4BAAAAXAXkGAAAAMBV/A8kjkZGUYUQcQAAAABJRU5ErkJggg==) --- **Screenshot:** ![safetynetwork.co.kr vulnerability](/twimages/screen-964433.jpg) **Mirror:** [Click here to view the mirror](<http://964433.openbounty.org/mirror/>) ### Coordinated Disclosure Timeline Vulnerability Reported:| 10 September, 2019 10:43 GMT ---|--- Vulnerability Verified:| 10 September, 2019 12:21 GMT Website Operator Notified:| 10 September, 2019 12:21 GMT a. Using the ISO 29147 guidelines| ![](/images/done.png) ---|--- b. Using publicly available security contacts| ![](/images/done.png) c. Using Open Bug Bounty notification framework| ![](/images/done.png) d. Using security contacts provided by the researcher| ![](/images/done.png) Public Report Published [without any technical details]:| 10 September, 2019 12:21 GMT Vulnerability Fixed:| 20 October, 2019 15:32 GMT ---|---