Open Bug Bounty ID: OBB-975949
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:
      a. verified the vulnerability and confirmed its existence;
      b. notified the website operator about its existence.
Affected Website: |
stage.jobleads.de |
Open Bug Bounty Program: |
Create your bounty program now. It’s open and free. |
Vulnerable Application: |
Custom Code |
Vulnerability Type: |
XSS (Cross Site Scripting) / CWE-79 |
CVSSv3 Score: |
6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N] |
Disclosure Standard: |
Coordinated Disclosure based on ISO 29147 guidelines |
Discovered and Reported by: |
yassinehmimou2 |
Remediation Guide: |
OWASP XSS Prevention Cheat Sheet |
Export Vulnerability Data: |
Bugzilla Vulnerability Data |
JIRA Vulnerability Data [ Configuration ] |
|
Mantis Vulnerability Data |
|
Splunk Vulnerability Data |
|
XML Vulnerability Data [ XSD ] |
|
Vulnerable URL:
![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAAA3CAIAAABVZQ1/AAAACXBIWXMAAA7EAAAOxAGVKw4bAAAQ20lEQVR4nO2db0xTVxTAn1CxwKNCgapQxx8JGrMoI4zgZJvRxRFGCNsQHauK0zhmmBLiHDizMcxQGW4MF2JMTHRLnNkHQvjAnGF+aJApIqusY5U5V2utrBYUfLIClbcPN7t5e3/uey2tKJ7fp3dv7z3n3HPe7em7773bWSzLUgAAAAAQAIKm2wAAAABgxgI5BgAAAAgUkGMAAACAQAE5BgAAAAgUkGMAAACAQAE5BgAAAAgUj2+OSUpKunLlilQR8DtPoYefwiEDsly5cuW9996bbitmDo9pjvn1118nJyeXL18uWgT8zlPo4adwyIASSkpKEhMTp9uKmYNMjrlx40ZERIToR8PDwwcOHJAqTpHW1tb8/HypoqwxfofgB8Kn5F5eaY+KigpoR1kPK9coO2TfgsXt5RfH4iH7FlyKou7evbtly5bY2Nj4+PgPP/xwYmKCoqjBwcGNGzeiyqqqKlRJlqwkTP46l6S4f//+rl27EhISQkNDFy9efOjQoYcPH3orZPPmzc9zWLlyJffTI0eOLFq0aM6cOc8999wPP/ygRGAgRk329uDgYG9vb3l5uX+VPtWwRKxWK03TSj4itPSBzMzMs2fPShW9stNfuN1ub7X7yyqr1RoZGRnQjrIeVg7BUQjf3MLrJatFFu6QfQguy7L5+fnFxcV2u91isWRnZ1dWVrIsm5ubiyuzsrL27dsnK1lJmAJ9hhcWFhYUFFgsFqfT2d7evmrVqq6uLm+FZGRkSBUbGxsTExPb29udTuepU6e0Wq3RaJQVGIhRk739CL5JnjYexxzjcDgiIyPHx8dFi97a+Qh40nOMEg/7Eb/kmCmifMhSekdHR/V6PcMwqNjV1ZWSksIwTFBQ0L1791BlR0dHamqqlGS73Z6eno4OMjMzfTPDL4yOjqpUKmy2zxByTFxc3Llz53CxoaEhLy9PViDkmBmAovsxX331VVJSUnR09MaNG4eHhymKGh4eTkxMZBhm1qxZJ0+e5Ba/+OKLiIiIzz//fN68eVFRUZs3b/7nn3+QnEuXLr344osRERHx8fFvvvnm77//LqqutbV17dq1s2fPFhZFJfCMuXTp0ooVK0JDQ2NjY9etW3fr1i0k5/bt26+99lpERERSUtLhw4fx9fLY2NjWrVsjIiISEhI++eQT0SUCfM3+4MGDd999NzY2duHChZ9++im38aFDh4RD5iKlSNTgW7duvfrqqxEREYsXLz516hQWIutDqY6EYWIPo2EeOHAgNjZ2wYIFx48fJ3QU9SdvcUNoLS9YohqFDhHthbUIg4IaHD58OCkpKSoq6u2330bnreg55ltwQ0NDb968GR4ejhpcu3YtLi7O5XKFhYXNnTsXVer1eqfTKTwTEPHx8ZcvX0YHFy9eFDb48ccfpfoqQUl31GZycpKiKJVKJWywfv36zz77DBdXrFhx8uRJqakkxfDwsMPhyM7OxjUvvfRSX18f9Z/zCZESRSpSUnNfalLI8vDhw6qqqnnz5oWHh69bt25wcFB5XwAhn2MYhjGZTJ2dnV1dXQ6Ho7KykqKouXPnWiwWmqbdbrfBYOAWX3/9dYZhurq6uru7u7u7e3p66urqkKi8vLySkhKbzdbR0ZGdna1Wq0U1Em7GiErgGdPT07N9+/aBgQGz2azX68vKylDfsrKykJCQa9eutbe3f/PNN1h+TU3N6Ohob2/vmTNnjEbj0aNHCd7YuXOnw+Ho6ek5c+ZMa2trU1MT9lL3f3CHzEVKkajBZWVlGo2mr6+vra2NOytkfSjVkTBMrocZhrFYLGaz+cSJE+hLQaqjlD+5CK3lBUtUo9Ahwl6yQWEYpre3F523Nptt79693C6i9598Du7Vq1d3795dX18v6gRErABC40uXLq1Zs6akpITQRpaSkpI1a9agNEZWER4enpubu2HDhvPnzz948IDbrKioqKWlBR3fvn3bZDIVFBQoCT0XhmHUajX+1UhRlEajGRkZwZ8SIiWKVKQIc190UsgGpa6urr29vb29vb+/Py4uDuVFwDvIlzlWq5WiqJGREVTs7OxMTk7GH4mulaEuNpsN1Tc3N6NL5qGhIZVKJbrwbbPZEhMT0THDMDRNDw0NCYsECVJXuNeuXZs/fz7Lsh6PR61WX79+HVuFr5djYmLwiofJZBJdtUDyPR4PTdNYSGtra1ZWFmHIPKuUKEIGI2u5ApG1BA8gpDoStHM9jAaCnU/oKOVP7pClrOW2EdUodIiwFz4WDQrvvO3o6MDnLSs4x3wLLsZutycnJ58+fZoVmxTY/3YBouPt7+8vKirSarW1tbXY7ULJSmAYpra2VqvVFhUV9ff3k1WMjIxUVlampqaqVKqUlJTq6mqPx8Oy7OjoqEajQcNvamrKz88nTCWptTKh8devX8cnDCFSoqOWihQP3twXnRTCoPA06nS6np4eKQ8DShC5OuZB0zRel4iLixsaGpLtolarFy5ciI6XLFlis9koioqKiiosLMzKylq9enVcXFxGRsbLL7+MxXZ2dqLjs2fPZmZm4qtvbpEggcsvv/yyZ8+evr6+8fHxyclJtA7gdDonJyeTkpKwVejg7t27LpcLP6o4OTkpumKAcDqd4+PjXCFohkgNmQtBkdBgtMDCFYgOZD0g1ZGgnedwmqa5Sx9SHaX8yUVhvHgaRR0i7MUdsmhQuOetXq/nnre8IZPlUHLBLSwsLC8vX79+PcFIiqLi4+PJDRBLly7Ny8u7fv06XnATwv25fefOHanK8PDwqqqq0tLSd955Z+nSpfgJN1EVaMXywIEDY2NjPT09FRUVHo9n//79oaGhubm5LS0t77//fnNzc0lJiZLQ81CpVB6Ph1vDPQMJkRKFECmpuU+JTQpKLCg3btzAx8PDw0NDQ8uWLZMdIEBAPsf4ke++++7y5ctms9nhcFRUVLzwwgtHjhyhKCo4OHjBggWoDfmpZSkJXAoKCrZt23b06FG1Wm2323Nycggmud3uoKCg7u5ufMYHBQXknSGCIq8MVuIBr7STn1qeon98s9Yrh/iAvx7Upijq9u3bvb29P//8s2xL4ToMTg9campq6uvrd+zYUVNTs2jRIlFRJpNJYeWff/758ccfG43GmpoahSrmzJmzYsWKxsZGg8Gwf/9+iqKKioq+/vprg8HQ1dXV3NzMMAxxoCKgRc6JiQm8XDYyMqLRaLyVI4u3Z44wKN3d3bya4OBgf5r4FEK+zCFc+ytcK2tpaeFdQSNMJpNer+dVejyemJgYfBXMKxIkYO1Op1OlUnHbIIPR9bLVakX13OtlmqZlL4e9Wk7BQ+a5SFSRqMG8q/uWlhbRJ2GEPiR0FNXO87Do0oRUR1F/EpZ0sLVSq14EhxB6Sa2VSZ23wpPKt+BiaVxRhOfKFK6VsSzrcrnKy8tpmi4tLZVqo4TS0lKapisqKlwul6wK7rocy7JGoxGvWbndbq1W29DQ8MYbb7DEqaT8ubLGxkb0XBkhUsJPEVKRIs990UmhZK3MZDKxwBTwPccwDKNSqfA6Ly6iOVlYWGi3281mc1paWnV1NcuyfX19OTk5586dc7lcNptt27Zt3IcX0aq90Wh89tlncSWvSJDANUan0zU1Nd27d6+/v7+goAAbjN4AsFqtZrN52bJluL60tDQrKwv91q6rq6upqeGaxPPDtm3b8vPzbTab2WxOT09vbGxk//saEg55ZGREpVJZLBa0tC2lSNTggoICrkBUSfAAtla0o5R2nodFp7SU2aL+5EqQspYbLFGNog4h9BIGhXDe8obsc3AxvBtOOTk5BoPB4XD09/dnZ2cT3o8hY7VaDQYDQZEsBoMBZwKyCovFotPpjh075nA47t27h1xUW1uLWxYXF2s0mu+//x4VpaaSkvdjXC7X6dOn8fsxSnKM+/94PB7RSLHSc19qUgix2WxqtRoXa2trMzMze3t77XZ7WVmZknd6AB6+5xiWZaurq8PCwk6cOMEtHj58mKbpgwcP6nS6yMjITZs2jY6Osiw7Pj5eXV2dmpoaEhKi0+kMBsPAwABPy+7du/fu3Yvl84oECVxjjEZjRkaGWq2eP39+RUUFNnhgYCAvL4+m6cTExIMHD+J6t9tdXl6u1+vDwsJyc3PR7yOpqzSGYbZv3x4TE6PX6/F9UfRpXV0db8gsy1ZWVmIXiSpiWVbUYLvdvnbtWpqmU1NT6+vrUaWUB7jWinaU0s7zsOg3vpTZov7kSiDECwdLVKNUBKV6CYNCOG95Q55KcFnBjGBZ1ul0FhcXa7XauLi4yspKf711FOj3Ntra2latWqXRaMLCwpYtW3bs2DHupy0tLTRN44FLTaWM/8PzTGNjY3JyckhISFpaWltbm+i4hDlGuPRy9OhR0Uix0meO1KQQ4na71Wo1/uns8Xj27NkTExOjVqsLCgqEV4SALDI5xgemMhlSU1MvXLggVfQj6Ieb8vYz9c0sf3nYW39OI8Ihz9TgPhqeoNArZOfOnatXr55uK2YOj/SevyxXr14lFP2IyWRKTk4OkPAnCH95+AnyZ+BOqqeTJyj0Cqmvrxd9gALwjcd032XMxMTEW2+99ffff6Oi7LbbvPZc9u/ff/z48Tt37ly8eHHv3r2lpaXKbejs7NTr9d4aP7Px2Z+PFRBcH5gZoZdi9uzZzz///HRbMYPw+5WR31ceNm3ahG9+pqWlHTx4UHl7LkajMT09PSQkJCUlpaGhQbkBJSUlWq22ublZeZenAZ/9+VgBwfWBmRF64NHg/xzDsmx5eblarUY3/6curaenB72v63K5goKCuE/XuN3uDRs28LTg9gRgCR4AAOAR4P+1ssHBwcbGxgsXLuzatcvlck1doFarRa99MQwTFhY2Z84cVD82NpaTk8N7f5jbHgAAAJhe/J9jUCZYvnx5cHAwzgeBYGBg4JVXXiFvRAgAAABMI/I5xquN0wcHB3mb/KN64RbuXCHh4eHr168fHBz84IMPYmNjo6Ojt2zZwtv/VUhCQsJHH33k1WinuFk6AAAA4BXyOcarjdOjo6O5m/xz5Qi3cEf/GtDR0WEymRwOx5IlS1wuV29v74ULF6xWq5ItvpXjl83SAQAAAO8g367xYeN07sZlhC3cUQ13Z6egoCD8InFnZ2dKSgpBoFCdVI3oTuZwzx8AAOARIPMOpg8bp0sh3MKdpmnuPwZqNJrQ0FBURH8pqChJyuHbZumi26cDAAAAXvF4vecfCHzbLB1e9AUAAJg6MvdjdDpdSEjIX3/9hYoWiwX/XdWTQlVVVX9/v06nS0tLw3sEJCQk3L9/H7eJ5yBVAwAAAHiLTI4JDg7esGFDeXn5zZs3f/vtt+rq6uLi4kdjGcbj8aA/yAoKChK+DUNoj4mOjv7yyy/NZjP3vZmxsTG/mwoAAABwkX+urKGhYf78+enp6Tk5Ofn5+Tt27HgEZnExmUzPPPMMRVE6nY6iqD/++ENhex4JCQnffvstOr5x40ZMTIy/LQUAAAD+xyyWZafbBhJjY2NLlizZt2/f1q1bKYratWuX2Wz+6aefFLYHAAAAppHHPcdQFHX+/PmVK1ei44mJCZPJRN4VldseAAAAmEaegBwDAAAAPKE87v8fAwAAADy5QI4BAAAAAgXkGAAAACBQQI4BAAAAAgXkGAAAACBQQI4BAAAAAgXkGAAAACBQQI4BAAAAAgXkGAAAACBQQI4BAAAAAgXkGAAAACBQQI4BAAAAAgXkGAAAACBQQI4BAAAAAgXkGAAAACBQQI4BAAAAAgXkGAAAACBQ/AtSZq+Kj+nZ+gAAAABJRU5ErkJggg==)
Screenshot:
Mirror: Click here to view the mirror
Coordinated Disclosure Timeline
Vulnerability Reported: |
19 September, 2019 00:53 GMT |
Vulnerability Verified: |
19 September, 2019 01:03 GMT |
Website Operator Notified: |
19 September, 2019 01:03 GMT |
a. Using the ISO 29147 guidelines |
|
— |
— |
b. Using publicly available security contacts |
|
c. Using Open Bug Bounty notification framework |
|
d. Using security contacts provided by the researcher |
|
Public Report Published |
|
[without any technical details]: |
19 September, 2019 01:03 GMT |