logo
DATABASE RESOURCES PRICING ABOUT US

sacred_music.enacademic.com Cross Site Scripting vulnerability

Description

Open Bug Bounty ID: OBB-973955 Following coordinated and responsible vulnerability disclosure guidelines of the **[ISO 29147](<https://www.iso.org/standard/45170.html>)** standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence. Affected Website:| **[sacred_music.enacademic.com](<https://sacred_music.enacademic.com>) ** ---|--- Open Bug Bounty Program:| **Create your bounty program now**. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| **[XSS (Cross Site Scripting)](<https://www.owasp.org/index.php/Cross-site_Scripting_\(XSS\)>)** / CWE-79 CVSSv3 Score:| 6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N] Disclosure Standard:| Coordinated Disclosure based on **[ISO 29147](<https://www.iso.org/standard/45170.html>)** guidelines Discovered and Reported by:| **H_chabik ** Remediation Guide:| **[OWASP XSS Prevention Cheat Sheet](<https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.md>)** Export Vulnerability Data:| Bugzilla Vulnerability Data JIRA Vulnerability Data [ Configuration ] Mantis Vulnerability Data Splunk Vulnerability Data XML Vulnerability Data [ XSD ] Vulnerable URL: ![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAAA3CAIAAABVZQ1/AAAACXBIWXMAAA7EAAAOxAGVKw4bAAAQn0lEQVR4nO2df0wb9fvAz66wrpwbK6UrjIyCCzO6VEYmsknMspmFEEI6M5GRqt1CCCM4kKDCNIQQ0ymCGkwI0ZmwaaYxZiFkWXBBox1Dgox0pRKoYym163ArFVjFDsru88f7+71c7t73g9JShs/rr77vnnvez/Pc++65e9/d08coiiIAAAAAIALIom0AAAAAsG6BHAMAAABECsgxAAAAQKSAHAMAAABECsgxAAAAQKSAHAMAAABEirWbY9LS0m7cuMHXBIDVAQYeIMyNGzdOnjwZbSvWLms0x4yMjDx8+PCZZ57BNgFgdYCBB4hiMpl0Ol20rVi7iOSYycnJxx9/HLtqdnb2zJkzfM0V0t3dXVhYyNdcfSYnJ7du3RqVfvnivzYJS6DWjtf0wPv777+PHz+emJi4ffv2d955Z3FxEQm8+eabmzZtOnfunICSX375Zc+ePXFxcfv27RsZGWGtlXjgCCsRQIr+6enpV199FXlXX19Pexdyp+HtRTjI9Gihx56U8ROuMTY9PW2z2aqrq1euat1CCeJ0OkmSlLJKQDIEsrOzr1y5wtdcfZxOZ3x8fFS6DgQCUek3NMIVqDXiNT3wCgsLS0pK3G732NhYbm5uXV0dRVFer1cmk1mt1mAwKKBEq9V2dXX5fL7Gxsa9e/ey1ko8cISVCCBFf35+Pu1dTk7Oe++9t8JOw9iLaJBpB+mxJ8XlcJ2vwnveW5esxRzj8Xji4+MXFhawzagQxRzzaLGeAkUPvPn5+ZSUFL/fj5YPDg7u3LmTkjzm1Wq12+2mKOrSpUt6vZ61NixKBBDV7/f7ZTLZzMwMavb19WVkZKyw0zD2Imq/2+3OyspCP7Kzs5lLBIAcs2pIyjGffvqpTqdTqVRGoxGNkpmZGfpOqLOzk9lsbW0lSbK5uVmj0cTHx7/22mvz8/NI2+DgYG5uLkmSycnJL7300ujoKLbTjo6OoqIibJNPw+DgYE5OjkKhUKvVR48eRUM2GAzW1dVpNBqlUnn06FGv10t7ZDab1Wq1Vqs9e/YsRVGBQODEiRMkSe7YsaOhoQFdMbnd7sOHD5MkmZGRYTabhU+dSG1LS4tOp1MqlUVFRV6vt7a2Vq1Wq1Qqk8mEzlDcxMxUy/WOJY/1iAnWEaZt8fHxJSUl9KGOjRtfR3zCfIHiGhNalES9xgr4/f6ysjK1Wp2SktLY2MgNhYAB2HFIc+HChRdeeMHr9TIPAYGx0dDQoNfrKyoq9Hq93W5nrmIdR6EpEdi/UvQLjEnRTrGHeRh7kR5kifT09GDtWe7mNFLGquhQZO21dYb4M3+/32+1Wvv7+wcHBz0eT11dHUEQW7ZsGRsbI0kyEAgYjUZm88iRI36/f3BwcGhoaGhoaHh4uLm5GakqKCgwmUwul6uvry83N1ehUGB7FHgYw6dheHi4rKxsamrKbrenpKRUVlYSBNHc3Nzb29vb2+twOJKTk0dHR2mPxsbG7HZ7Z2dnbm4uQRBNTU3z8/M2m62np8disXR0dBAEUVlZuXnz5tHR0cuXL1+4cEFioPr6+qxWq8fjefLJJ71er81mGxgYcDqdp0+fFtUgGh8+j2iwjiDbbDYb2okul4s2Bhs3vo74hPkChTUmhCiJeo0VOHXqlMfjGR4e7unp6e7ubm9vX+5uwj4FHB8fr62tbWlpSUhIYB4CBEEkckCbkCR569atzs7Onp6ep59+mqmNdRyFpkRg/7L08ynnQ7RT7GEexl6kB1mU33777dChQyaTSaI8FpPJdOjQoevXr/MJLHcoYvfaekM4BTmdToIg5ubmULO/vz89PZ1ehZ0rQ5u4XC60/OLFi2iO1efzyeVy7Dy7y+XS6XTot9/vJ0nS5/NxmwIamNy8eVOr1VIUpdFohoeHsR7R+hFqtZq+gLVardnZ2cFgUKFQML0QvY8hCII5FSCTyegru/7+fuzsCvNqDusdSx7rkbAjFGcn9vX10TuRCR03KR3RwgKB4hoTWpREjeEKBINBdOZCze7u7pycHErybqI44xDhdrvT09O//fZb1GTZ6eZAUdTZs2f1ev3U1NSBAwfy8vJQ6DQaDb3VypUI71+mfqxyvjEppVPuYR7eXiTGRxiHw1FUVKRSqcxmMz0gQ7uP8fv9ZrNZpVIVFRU5HA6unuUORdGjch2wvOcxzHOiQI5RKBT08tHRUXrEFBcXZ2Zm1tTUtLS0/Pzzz7RMMBj0eDzo98WLFw8ePEivYjX5NAwPD7/44ovJyclo0iM+Pn5mZkYul3OfE3LHls/nIwhC/f+oVCqNRuPxeFheSJkrwwaK2RQW43rHlOfzSNgR4U65cRPoCCvMFyisMSFESdRrrIDH44mNjaWbDocDZUSJBlCcgYfIyclpa2tjyouep+iTjsfjUavVZrN5YGAgMzMzjEpEnRLWz7e5aKd8h3kYe5FivyhyudxgMLBmolhq1Qz4ltD4fD6DwSCXyykJYzW0obiekK/iLRPxzTffXL9+3W63ezyempqa/fv3f/bZZwRBbNiwISkpCckIv7XMp8FgMJSWlnZ0dCgUCrfbnZeXh+Q3bNggalUgEJDJZENDQ3L5/0VDJovOZ0Nc72pra1kyAh6F4Ahf3LAdCQhLNGZhYUHYHj5E96OUHb0suBNld+7csdlsv/76K98m3Hmb0dFRn8+3Z88egiCSkpI6OzsNBsPQ0BCaoY2cEunK7927h5W8d+9eyJ1GtBfpymmamppaWloqKiqampqeeOIJrIzVahVdgpiYmGhoaLBYLE1NTViBsA/FRx7hFBTafQzBuInu6urCvvVotVpTUlJYC4PBoFqtpu8rWU0+DXfv3kXXFPRy+hLJarUKe4QgSZJ7h8ucAurq6grLfczc3JxMJmPeIPOpRd5x78S5Hgk7ImAbX9ywHfEJCwSKa0xod3uiXnMFBCYopBiAHXjBYJC1RHQaBwUHTaogysrKCIJgPtleuRLp9zHYiSbsG19SOuU7zMPYi5T4UBLwer3V1dUkSZaXl0uR56O8vJwkyZqaGvrFE9GxGtpQXE+EnmP8fr9cLqfHB91Egw+9d2S32zMzMxsbGymKGh0dzcvL++mnn7xer8vlKi0tLSgooDWj5xAWi2X37t30QlZTQINGo2lvb5+ZmXE4HAaDARlpNpuzs7NtNpvb7a6srLRYLFyPEOXl5Tk5OegGorm5uampiaIog8HA9CIsOYaiqOzs7NLS0qmpKYfDkZubSy/HesdSi/WI+QgH64iAbdi48XXEJ8wXKK4xoeUYUa+xAqWlpYWFhS6Xy263Z2VloTkuiQawBh6N8NMyLBUVFfv377fb7V6vt7OzE73NSH8aQnGOoxCUCDslRX9eXp7RaPR4PGhMIs2inWIP8/D2wvVuJTidTqPRSDdD+AbLaDQ6nU7mEpfLxZwzDNdQXE+EnmMoimpsbFQqlfQ7haiJ3l3+4IMPWC81LiwsNDY2ZmRkxMbGajQao9E4NTXF6qW2tvb06dO0flZTQIPFYtm7d69CodBqtTU1NfTV6Ntvv61WqxUKhcFgYL67zHIzEAhUV1enpKQolcr8/Hx00eFmvJLb0tISrhxz8+bNgwcPkiT51FNPtbW10cux3rHUcj1iCWAdEbANGze+0PEJ8wWKa0xoOUbUa6y1Ai+MihrAGnhYYa42LIFAoK6uTqfTKRSKrKysr7/++tatW0qlEp19EKzjaLlKRM9Wovrv3r1bUlKiUqmSk5Pr6urQt2hSOuUe5gKE0AvXu3ARLrWBQIB5KxauobieeIyiqPBOvk1OTu7evfv+/fshbLtr167z588/99xz2CYArA4w8ERZyWG+zqiqqrLb7T/++GO0DVmjrOozf1HGx8cFmgCwOsDAA6TT0tLC94IAQKx+3eXFxcVjx4799ddfqClaFpslL0qkK7FzPwFDPEIXdFCsHgDCSExMzLPPPhttK9Yuq30fExMTExsbW1tb+9VXXxEEYTKZiouLpcsLswqV2PkuWNZInWBRoFg9AACriaT7GFRb++OPP5ZyJk1NTRW+qK+uru7t7SVwZbEfPHhw7NgxVi+0vCj0Nw3379+vqqpKTU3dtGnTrl27Pvzww6WlJSkaEAJ1v7czIEny/Pnz6Ld05RE1jwm2qDvzsw9stEPuDvhPIXqYAwBCPMdMT0+3tbUNDAxUVVUxS9SFjEql8vv9BEH4/X6lUrlx40a0/MGDB3l5ecFgkE9eFPoEeuLECZfLdeXKFZfL1d7e3tPTMzw8LN3C1NRUKZ7OzMyYzWbpammiaB4dIr5oAwAAhBPRN8/C/u4g82tN1tt777//Prc7iQYwK7HL5fJVKGIaWmSiaB7zXxL4os3FLaFSOgAAABaR+5jp6WmdTuf3+x977DHmXBmaPzlz5kxiYmJSUtKXX36JlrS2tqalpcXFxb3yyivT09NvvfVWYmJiQkLC8ePH//nnH+G+UlNT33333WUlyB9++IH+3d3dffjw4ZiYmIcPHxIEQZcwYbG0tFRfX79t27a4uLiXX355enqazxempx999NG2bdu2bt36+uuv//vvvwRBzM7O0pE5d+4c0xJha6NiHitExHKivX37doFCswAAAAKI5Bhmbe0jR44wV3Er5K+8uL10uJW66VmguLi4/Pz84uLia9eucRMbtvg21xeWp9wa5qyq6cJFv5nWRsU8Voj4CLlwOgAAAB7ROx3s1JaTUyHfKblqOt9cGWst3xJspW5WJfa5ubm6urqMjAy5XL5z507621oKV3wb6wvLU2wNc6YYt+i3gLWrbx43RFiZ0IpBAQAA8BF6jhHOBALFVFaYY7CVurGV2CmKCgQC/f399J+HY4tvC/fo5K9hzt2QWfRbwNqomIcNUYQKdQAAACCiU8R+JTQ1NVksloqKiomJCXoh3yzQxo0b9+3b19bW9t1339ELI1R8e2JiAlXBYxb9xlobFfNEJ8oImCsDACDcPHo5pr6+3uFwaDSazMxMVCNgaWnp0qVLzBMo6zlHIBBAL+lu2bJFpVIt9yv3QCDw559/ot8Oh2PHjh1cmZMnT2ZmZmq1WofDUV9fL2BtVMzjhgiLlcOyLAEAAGARhRwTDAbRW1UymUzK9xm0PE1CQsInn3xit9vRdzP9/f1arTYtLQ2tHR8fT09P/+KLL+7cuTM7O3v16tWKiorS0lK0trq6uqysbGRk5Pbt22+88cbVq1el2FxTU3P79u3ff/+9sbGxoKAALVSr1YFA4I8//iAIwu/32+321tbWhIQE1rYsa6NiHitEfGznIKV3AAAAXkRn08L+POb777/X6/UUpyw2n2Zang9uJfbLly8fOHBg8+bNSqVSr9d//vnn9CrRQvFYT/lqmItWTcey+uZhi9VT8DwGAIAII55jwksgENDpdGfPnkXNU6dOYZ/V88ljycjIGBgYCKeVDNb4WViieRENEQAAAB/h//8YUa5du/b888+j34uLi1arVbhqKVN+9Vnj/5Oxxs0DAOA/ThSexzAThpSy2FFMMAAAAMBKePTeKwMAAAAeFaIwVwYAAAD8R4D7GAAAACBSQI4BAAAAIgXkGAAAACBSQI4BAAAAIgXkGAAAACBSQI4BAAAAIgXkGAAAACBSQI4BAAAAIgXkGAAAACBSQI4BAAAAIgXkGAAAACBSQI4BAAAAIgXkGAAAACBSQI4BAAAAIgXkGAAAACBS/A+rINetLbhLQQAAAABJRU5ErkJggg==) --- **Screenshot:** ![sacred_music.enacademic.com vulnerability](/twimages/screen-973955.jpg) **Mirror:** [Click here to view the mirror](<http://973955.openbounty.org/mirror/>) ### Coordinated Disclosure Timeline Vulnerability Reported:| 16 September, 2019 08:40 GMT ---|--- Vulnerability Verified:| 16 September, 2019 08:51 GMT Website Operator Notified:| 16 September, 2019 08:51 GMT a. Using the ISO 29147 guidelines| ![](/images/done.png) ---|--- b. Using publicly available security contacts| ![](/images/done.png) c. Using Open Bug Bounty notification framework| ![](/images/done.png) d. Using security contacts provided by the researcher| ![](/images/done.png) Public Report Published [without any technical details]:| 16 September, 2019 08:51 GMT