logo
DATABASE RESOURCES PRICING ABOUT US

safeping.eu Cross Site Scripting vulnerability

Description

Open Bug Bounty ID: OBB-974610 Following coordinated and responsible vulnerability disclosure guidelines of the **[ISO 29147](<https://www.iso.org/standard/45170.html>)** standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence. Affected Website:| **[safeping.eu](<https://safeping.eu>) ** ---|--- Open Bug Bounty Program:| **Create your bounty program now**. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| **[XSS (Cross Site Scripting)](<https://www.owasp.org/index.php/Cross-site_Scripting_\(XSS\)>)** / CWE-79 CVSSv3 Score:| 6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N] Disclosure Standard:| Coordinated Disclosure based on **[ISO 29147](<https://www.iso.org/standard/45170.html>)** guidelines Discovered and Reported by:| **devl00p ** Remediation Guide:| **[OWASP XSS Prevention Cheat Sheet](<https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.md>)** Export Vulnerability Data:| Bugzilla Vulnerability Data JIRA Vulnerability Data [ Configuration ] Mantis Vulnerability Data Splunk Vulnerability Data XML Vulnerability Data [ XSD ] Vulnerable URL: ![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAAA3CAIAAABVZQ1/AAAACXBIWXMAAA7EAAAOxAGVKw4bAAARz0lEQVR4nO2df0wT5xvAz1KhYBEp5eSXX8FlaIhBsjHGNrYZXTbHGlIVnXPdYJMoGiVd45wwwxhs6FBY5hwxiy5qlsw/mDGEGGc6l3Smc4pYsSpWZFCwoBYUd2qthX7/uOxyu3vfu2tpKcPn81fft/c+v+7pPdzb8twUr9dLAAAAAEAQkIXaAAAAAGDSAjUGAAAACBZQYwAAAIBgATUGAAAACBZQYwAAAIBgATUGAAAACBYTt8akpaVduHABN5z0TGJ/J7FroQJCKpELFy6sX78+1FY8WUzQGnPx4sXR0dEFCxYgh5OeSezvJHYtVEBIpVNcXJyamhpqK54sRGpMT09PdHQ08q3h4eHt27fjhmOkubm5oKAAN5TORx99FBkZefDgQZ9WCXg9PjD+8i3p6emJjY0NiJaenp4p/xAWFpaWllZTUzMyMhIQ4QQmjH6fyjHqFebOnTsffPBBfHx8cnLyJ5988vjx4/HMgTHqGoeQSkGiF35fKPyOEqNxcHCwvb1dr9ePUSDgE/7fx9y9e7e2thY3HCMBqTGDg4O7d+8+ffq0TqfzaeHs2bOdTqev6gLIuF01lEqly+VyuVwURR09erSlpSWAJxHJBLkgciguLna73RaL5eTJk2azubKyMtQW+cAECanET01gLxRSYDRSFBUVFRURETGe2oGJuFfW399vs9kWLlyIHEqHTqkFCxaEhYX5ujaEiei3v/4RERERERERGRm5YMGChoaGw4cPB0/XOLsmkYcPH7a1tX3//ffJyclz585taGhoamoaTwPkcnl6erp/aydUSP9bl++xhB2QjqQa880336SlpcXFxb333nvDw8MEQQwPD6emplIUNWXKlIMHD7KHDQ0N0dHRO3funDlzZmxsbFFR0cOHD2k5Z8+effnll6Ojo5OTk5cvX37lyhWkuubm5tdff33q1Kn8IU7C2bNnX3jhhcjIyPj4+BUrVty4cWNwcJBtIUEQjx49WrNmTXR09OzZsz/77LORkRH6ZplvKvsmmn5dX1+flpYWGxv77rvv0hEgCKK/v/+tt96Kjo5OS0urr69HbmHxlRK8m3TO9hfHfQGQ0RDQuH379vj4+MTExP379yMFKhQKj8eDC6lAKHB6OTCu4SK/dOnSnTt30gdfuHAhIiKCUbFu3bqPP/6YLQ0nhIaftLjjIyMje3t7p02bRi/s7OxMSkrih5oTDWLMucGQnJx87tw5+vUvv/wicCT/GM6ng2+kFJnsA5BJNTIyUl5ePnPmzGnTpq1YsWJwcJCfUfxPDT/UnOsGzjacI2wk5jlb488//8yWwA77/fv3161bFx8fP2vWrM8//5wtDZdggETEawxFURaLxWw2nzlzxuFwbN26lSCImJiYjo4OeqdFp9Oxh0uXLqUo6syZM62tra2trW1tbXV1dbQojUZTXFxst9tPnTqVl5enUCiQGgU2ynAS2tra1q5dOzAwYLVaU1JSNm7cGBcXx7aQIIjq6uoHDx60t7cfP37cZDLt3buX9g5pKicC7e3tdATsdntFRQU9v3HjxvDw8M7OTqPReOjQIaQvSKXCSN/6QEYDp5GiqI6ODqvVeuDAgby8PL6027dvb9u2TavV0kN+SAVCIdFTtmvIyGs0GqPRSB/Q0tIyOjp6/Phxemg0GvPz8zkCcacPmbQCxzNcvXp18+bNu3bt4swjoyEQEFxuxPPgKCouLl68eDFz7eNw9uzZxYsXFxcXI0OKM1JAJl8gMqnq6uqMRqPRaLTZbElJSZcvXybEMgoZas51A2cbzhE2EvOcc2lCRpUgiLKyMofD0dbWdvz48ebm5sbGRgEvAN/wCtLd3U0QxL179+ih2WyeM2cO85ZSqWQfSQ/pJXa7nZ4/cuRIdna21+sdGhqSy+Uul4uvxW63p6am0q8pilIqlUNDQ/yhgAQ2nZ2dCQkJfAvVajVFUfRri8WSk5ODM5W9kBOBU6dO0RHweDwKhaKrq4tZO2PGDL4xfKXI0DFrOe5zjmQfjIsGTiNBEIxYtmtqtVqtVqtUKoVCUVpaigwvHVJcKATCyzae7Rou8g6HIyoqirYhJyfHYDCsXr2aPn769Olut5tvP/L0IZMWdzxDX1/fnDlzDh8+jIw8Jxp8RVJyo48HRzhFUbW1tSqVauXKlTabjZm32WwrV65UqVS1tbVMnDnZgjQSJxMpEJdUJEm2tbWxZ/gZxf/UIEPNzwqkv3xHRD/OSKu8/740Ic+px+NRKpXM+Wpubs7NzRX2ApCOXLQIKZVK5hY4KSlpaGhIdIlCoZg1axb9et68eXa7nSCI2NjYwsLC3NzcRYsWJSUlZWdnv/rqq4xYs9lMvz5x4kROTg6zt8AeCkg4f/78li1bLl++7Ha7R0dHR0dHOSbduXPH6XQyP1scHR2Vy+U4UwUikJKSQkfg1q1bo6OjaWlpzFr+QpxSATjuC4CMhoBGpVLJFxsVFWWxWAiCkMlkJEmyv7hChhQZComeclxDRj4xMTE9Pd1sNmdkZDgcjsrKyvT09JGREaPR+Nprr/H3D3GnD5e0wqe7sLBQr9e//fbb/GjjEszX3EhOTuYLZzNt2rTy8vLS0tIPP/wwIyPj8ePH9HxGRoZGo+nq6oqJicGFFGckUiZSIDKphoeHh4aGMjMzOaYiM4pByicLZ5vfH2dRq5DcunXL7XazzxddXaR7AQggXmMCyE8//XTu3Dmr1epwOAwGw4svvvjtt98SBBEWFpaYmEgfI/yLMpwErVZbUlKyd+9ehULR19e3ZMkSjmqXyyWTyVpbW5lclMlkbrc7qP4ilQov4fhL/1E/MjLCXP3pHzLQr/nRqKio8EmjTCbDXfVEQyrqKSe8EvcA8/PzjUZjV1eXRqOJiYnJysoymUzIjbLA0t/f397e/scffyDf9SkaAvA3x27fvs2ZuX79emVlpclkqq6uZiarq6t37dq1YcOG6urqp556ip7khFTASL5MpEAClVRffPEFQRB+/HBGInzb/Ps4B8k8YKwI3+YI7OpI3Cs7evQo8gbTYrGkpKRwJj0ej1qtZm5aOUOchFu3bsnlcvY8bSTHQqVSibzf55vKuetHRoDeD+nu7qbncXtlfKVer/fevXsymYy9x8LI5PtLkuSpU6eYYWNj45IlSwSigdSI3CUQ2A5ChlQgGZB62cdzXBNIErPZnJOTU1BQcOzYMdrfsrKyhIQEh8PBt1/09LHtFM5Mj8fDjjxbiMQEk5IbontlpaWlSqXSYDA4nU7OW06nU6/XK5XK0tJSfkhxRgrI5AjkwyQVSZIWi4X9FnIXF7dXxg41ZyHfNr8/zkirvIHbK8NdygBh/K8xFEXJ5XJmC5UZ0iemsLCwr6/ParVmZWVVVVV5vd7Lly8vWbLk5MmTTqfTbreXlJRoNBpGMr0FbDKZ5s+fz0xyhgISSJJsbGy8e/euzWbTarXIpCwtLc3NzaX/QKurq6uursaZKqXGeL3ewsJCrVbb3d1ttVozMzOZefZ2Nl8pPZ+Tk1NSUjIwMGCz2fLy8ui1HH9p9uzZk56ebjKZnE5nU1OTSqWiSw4uGkiNvtYYZEiFawxf77179+RyeUdHh8fj4biGizyjmiRJOox9fX3Tp0/Pyspi3mXCK+X0eXk1BqeUc+LYxiOjIaDIi88NUXQ6HVOckHR3d+t0Oi8qW5BGispkBHrxSVVbW5uTk9Pe3t7X17dx40aTySSlxiBDzbluIG1DOsI5I9LznNFot9sVCgUyCCUlJQUFBXa73Wq1PvPMM7t37xb2ApCO/zXG6/VWVVVFRUUdOHCAPayvr1cqlTt27CBJcsaMGe+///6DBw+8Xq/b7a6qqkpPTw8PDydJUqfTDQwMcLRs3ry5oqKCkc8ZCkgwmUzZ2dkKhSIhIcFgMCAvAS6XS6/Xp6SkREVF5efnd3V10QfwTZVYYwYGBjQajVKpTE1N3bFjh0Sl9HxnZ+eiRYuUSmVGRsbu3bvptRx/GRoaGlJTU8PDw+fPn3/kyBHhaCA1+lFj+CEVTgak3q1bt9IZwnENF3ma1atXFxYWMsPs7GxmLf/UCJ8+779rjIBSjjts45HREFDkxeRGYOFnC9JIn8Allcfj2bJli1qtVigUWq3W6XSK1hiBUHOuG3xwjrDPiPQ8ZzTu27dPoVAgf1lAUdTatWvVanVKSkpVVRVdxoS9ACQiUmP8QPjKJUx6evrp06dxw4AzFlM5dHR0kCQ5RiHB9jeEcFwLSOR9FRLA0+0TAckNPhM5W0IValHKysoWLVok8eAJ68V/i3H9zl+Uq1evCgwnMhaLZc6cOWMU8h/y11cmsWuiBCQ3+DzJIfWbXbt20T+kBMYN+DGGOI8fP37nnXdu3rzJma+pqdm/f//t27f//PPPioqK0tJSeh4arQO43ABCy9SpU5977rlQW/FkATVGnKlTp4aHh2/evJkzv3DhwsbGxpSUFJ1OV1ZWVlRURECjdYAgCExuAMATyBSv1xtAcT09PfPnz//7778niBwBhoeHGxsby8vLpdhw/vz5/Pz8/v5+UbFffvnlwMAA/V87fiPFfVH7AQAAQs6Tex/jU49xlUpFUZSUIwPSaF1Km/Tx75EOAADgK09ujRHFj9bfAWy0/t9qkw4AAIBEvMbgWuLjerwTBPHVV18JdMsn/t3NXqALOl8OIdiFmy8fZyqnx/h33333xhtvMMs//fTToqIidutvAQQarSMfQ+BTm/Qx9kgHAAAILeI1BtcSH9fjnaKo1n+Q0g0b1wUdJwfXhRsH0lROj3GtVmsymZjvP5qbm5ctWyYaGeFG67jHEPjaJn0sPdIBAABCjOh/0OBa4iN7vAu0Wxfo7MTvgo6TI9BZSKB9CM5U9pLc3NympiZmntPenHOwaKN1gccQ+NQmPYA90gEAAMYfkf/BxPXQxvV4J3zshi3QBR0pR6ALNw4BU9lotdqWlpbly5e3tLTk5+cLfx0i2mgd9xgCP9qkj6VHOgAAQGgR2StjemhbLBaLxdLe3j5Z/0t22bJlx44dIwiipaVFdKOsurraZDJt2LDh+vXrzCT/MQT79u3LzMx0u90Gg2HTpk3MW0Fqk379+nW6XyG7JzwAAEAIEakxiYmJUVFRQ0NDyf/APOgFh8vl6u3tpV/bbLb//e9/BEGoVKoHDx4wX3j09fXRL0iSlMlkPT099LCjo0NYDkmS4eHhf/31F3M8fY+Fky+dp59+miTJX3/99fTp06KPKikvL7fZbCRJZmVlrV+/niCIkZGRlpYWzq+Wn3322aKiovLy8h9++OHo0aMEQcTExKhUKp+6ACDjwGf9+vVZWVkJCQk2mw3+aQYAgAmC+Hf+Op1uw4YNly5d6u/v37lzZ01NjegSg8Fw48aNS5cuVVVVaTQagiCio6Ozs7MNBsPNmzevXbvGPF89LCxMo9Ho9fqenh76eGE5YWFhq1at0uv1vb299Pzq1asF5AugVqtdLte1a9eYmWXLlhkMhry8PPZP1Gg8Hg/nwY5xcXFff/211Wql/2/GbDYnJCQwm3hXrlx58803f/vtt8HBwd7e3j179mRlZdFv6fX6tWvXXrx48caNG5s2bfr999/9iCfffoqirFZrfX19XFycqEAAAIBxQvQbG1xLfOYA/oPL6urq+N2wkd3svYId8pFykF24cfJ9ejYBvQ2IbDne1NSUmZkpECXpjyHwqU36GHukAwAAhJYA95IZI1evXn3llVf43SfHh/v376vVaofDwfn6/dGjR/Pmzdu2bduaNWtwa+fOnXvo0KHnn38+sCaNQ08dAACA4DGxevsHqQu6RE6cOJGXl8f/fVdERMSPP/740ksvCayFRusAAAB8Ql9jampqkpKSCgoKurq6KioqKisrQ2LG8PDwnj17Vq1ahXxXuMAAAAAASELfr2yCdEFnvvAIiXYAAIBJycT6PgYAAACYTIT+PgYAAACYrECNAQAAAIIF1BgAAAAgWECNAQAAAIIF1BgAAAAgWECNAQAAAIIF1BgAAAAgWECNAQAAAIIF1BgAAAAgWECNAQAAAIIF1BgAAAAgWECNAQAAAIIF1BgAAAAgWECNAQAAAIIF1BgAAAAgWPwfpEtpi0a1YrAAAAAASUVORK5CYII=) --- **Screenshot:** ![safeping.eu vulnerability](/twimages/screen-974610.jpg) **Mirror:** [Click here to view the mirror](<http://974610.openbounty.org/mirror/>) ### Coordinated Disclosure Timeline Vulnerability Reported:| 17 September, 2019 06:15 GMT ---|--- Vulnerability Verified:| 17 September, 2019 06:30 GMT Website Operator Notified:| 17 September, 2019 06:30 GMT a. Using the ISO 29147 guidelines| ![](/images/done.png) ---|--- b. Using publicly available security contacts| ![](/images/done.png) c. Using Open Bug Bounty notification framework| ![](/images/done.png) d. Using security contacts provided by the researcher| ![](/images/done.png) Public Report Published [without any technical details]:| 17 September, 2019 06:30 GMT