Open Bug Bounty ID: OBB-976911
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:
      a. verified the vulnerability and confirmed its existence;
      b. notified the website operator about its existence.
Affected Website: |
internetcommerce.org |
Open Bug Bounty Program: |
Create your bounty program now. It’s open and free. |
Vulnerable Application: |
Custom Code |
Vulnerability Type: |
XSS (Cross Site Scripting) / CWE-79 |
CVSSv3 Score: |
6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N] |
Disclosure Standard: |
Coordinated Disclosure based on ISO 29147 guidelines |
Discovered and Reported by: |
tbm |
Remediation Guide: |
OWASP XSS Prevention Cheat Sheet |
Export Vulnerability Data: |
Bugzilla Vulnerability Data |
JIRA Vulnerability Data [ Configuration ] |
|
Mantis Vulnerability Data |
|
Splunk Vulnerability Data |
|
XML Vulnerability Data [ XSD ] |
|
Vulnerable URL:
![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAABLCAIAAAAphcDFAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAW8klEQVR4nO2dbVBU1RvAr8uK23oFXJeNNw3QkCGGSGklI/9ONo4xDG1GlMQUEUOrg7oxjIFjROsMOow5hkZMYw05pX5wHGMaItpoZqPNUaAVN9pQadm2FXFBoY1W3u7/w5lOt/u+wArV8/u059xznvM8zz33PnvPPfecBRRFEQAAAAAQAGRzrQAAAADwrwViDAAAABAoIMYAAAAAgQJiDAAAABAoIMYAAAAAgQJiDAAAABAo5m+MiYuLu3TpEl8SAESBPsMHeAa4a8zTGHP58uWpqakHH3yQMwkAokCf4QM8A9xNRGJMX1/fkiVLOA8NDw8fOHCALzlDGhsbs7Oz+ZJ3AQHD6cyu1XPbyr8M3Gdu3br18ssvh4eHR0dHv/766+Pj4/6KunPnzrZt26T0Bz4kdifR8ji/r69v6dKl01MGe4berxgtChyaIbMrDQPXyPyFEsThcJAkKeWQQMlpoNVqW1pa+JJ3B5/PJ1pmdq2e21b+ZeA+k52dnZeX53K57HZ7RkZGeXm5X3J8Pt/GjRtzcnJmeAqkdCcM3xnH+Q6HIywsbHqaYM8wWqFrSD80693PL1dIBK6Rect8HCu7fv16T0/Pxo0bOZN3jUWLFt3lFoHZAveZP/74o7Oz8/3334+Ojl69evXhw4fPnDnjl6j+/v4nnnji0KFDM1RpVrqTXC5PSEig//AXgavprnV4uLL+WwiHIPTv4MiRI7GxsSqVKj8///bt2xRF3b59G0toaGigJ99++22SJGtqajQaTVhY2Isvvjg6OoqkXbhwISMjgyTJqKiorVu3dnd3czZaX1+fm5vLTup0upqaGpRptVqDg4ORMhRFFRcXl5WVCRdYtWqVcHW24fjHoUOHYmNjw8LC8vLycC2GE3w+X2FhIUmSK1asqKysnJiYwNWrq6vVanVERMTx48cFBHJKYLRCUdTExER5eblGo1EqlTk5OR6Ph6Ior9dbXFysVqtjYmKqqqroraO2lEplbm6ux+MpKytTq9UqlaqgoMDr9Uovxqch20Y+JTmrMxAwhNGE2+3OzMwkSTI2NvbQoUP0//WMLoQ5efLkhg0bpHdFdn/AcF5HLpdr8+bNSqUyPj7+8OHDWCVUXbqfUcmDBw+yLyI2zc3NwsrTC2DPMPoV3UCBQxTPSRTVAZdhPyGxrwWUz76HsMdOkIfZ1wgwfxB/jvF6vVar1WKxXLhwwe12l5eXEwQRGhpqt9tJkvT5fPn5+fTk008/7fV6L1y40N7e3t7e3tnZWVNTg0RlZWUVFBQ4nc62traMjAyFQsHZIt/LmKysLJPJhDI/++yzqamp5uZmlDSZTJmZmcIFdDqdcHUBD3R1dSEPOJ3OvXv3onyGE4xG4+joaFdXV3Nzs9lsrq+vx9XtdrvNZmtoaMjIyBAQyCmB0QpBEDU1NSaTyWQy9fT0REVFdXd3EwSxa9cut9vd2dnZ3Nzc2NhYV1dHP31tbW1Wq9XtdicmJno8nq6urvPnzzscDty0xGLSbeRUkq86HQFDGE2UlJQEBwdfvXrVZDKdOHFCoAshfvrpp7KyMvREwtkVw1nwdQmCIHx/smfPnueffx5llpSUhISE2O32lpaWhoYGzr4kxc+oZPuf0C8iNgUFBZs2bero6GAfunjx4qZNmwoKCtieYfcrjMAhguckCujAqQbdTM5rge8ewomwwsAcIxyCHA4HQRAjIyMoabFY4uPj8SHO9zGoitPpRPlnz55NS0ujKGpoaEgul3MOxTqdztjYWPTb6/WSJDk0NMROut1upVKJJGi12tLS0ry8PNRiSEjI2NiYcAGn0ylcnWE43Rzsgba2NuwBhhPUajX+H2q1WrVaLa6OzREWyCmB7WqNRtPZ2UnXdmJigiTJ3t5elGxsbExPT8dt4eektrY2mUyG/xFbLJZVq1ZJLybdRk4lBQyUaAi9iYmJCYVCgUuePXsWPzQwuhDC5XLFx8efPn2a4u+KLhb4EN9wv81mW7FiBXpKQyrRez77OUain/kuIk68Xm91dbVKpcrNze3p6UGZPT09ubm5KpWquroa+5zhGYGXLgKHOE8ipw6cajAkc14LfObzPcewDwHzB7loECJJEs8DiYqKGhoaEq2iUCiWL1+OficmJjqdToIgli5dmpOTk56e/vjjj0dFRaWlpf3vf//DYi0WC/rd0tKi1WrxnBl6MjIyMiEhwWKxJCUlud3uysrKhISEyclJk8n0xBNPLFy4ULjA8uXLhatL8UBMTAynB27duuXxeGJjY1FyampKLpfj6owpQJwCBSTQGR4eHhoaSklJoWcODAyMjY3FxcVhn6OrFLUVGhqK2woJCbnnnnuw2z0ej/Ri0m3kVFKKgcKG0JsYGBiYmpqil8SHGF0IkZOTYzAYnnvuOYK/K0ZHRxN+UlxcXFtbu2zZMqQSQRD0ns8uL/F0EDwXESeLFy+uqKjQ6/WFhYVJSUlo4lxSUlJWVlZvby9ujuDxjF/wnUROHfjUoMN3cUk3H5jniMeYWeTUqVMdHR02m83tdpeWlq5fv/7o0aMEQQQFBUVGRqIywrOWMzMzTSZTb29vVlZWaGhoamqq2Wymj3QJFxCtPm18Pp9MJmtvb8f3TZnMv/kUfkkICgqatqrTxl8bGUrO3EUSYQ+UXb9+vaur67vvvsM5nF2RPTh28+ZNgYbefffd+Pj4p556ahaVnx7Xrl2rrKw0m81GoxHlGI3GQ4cO7dixw2g0rly5EmXO/BsAgZPI1oFPDeC/hfBjjvSHU76xsnPnznE+5lut1piYGEbmxMSEWq3GAyCMJEVRFotFq9VmZ2c3NTVRFFVXV7dr166IiAi32y2lgGh1TnP4PMA4SpIke3SI/QgvIJBTAruKRqOxWq0Mv/ENMQkrj5ISi0m3kVNJAQP9NYT6c2DK4XCgJB6YYvcZlMnIoYO7ol9jZS6XKzExkT18R+/5nO/86TL5/CzxIkLo9XqSJEtLS9GQHcbj8RgMBpIk9Xo9p2emN1bGeRL5dGCrIdwo7pCc5o+MjMhkMvrYGoyVzX+mH2O8Xq9cLsdjrziJ+kdOTo7L5bLZbKmpqVVVVRRFdXd3b9mypbW11ePxOJ3OoqKirKwsLBkNjpvN5uTkZJzJSCI0Go1Go0HlXS5XSEhIamqq9ALCR/EYvcQYQ3eCXq9PT09Hf41ramqMRiO7urBATglsV1dXV2u12q6uLpfLVVJSYjabKYoqKirKzs52Op02m23NmjW1tbWiyk8jxki0kU9JPgPpr0akGILIycnR6XQOh8Nms6WkpCAlOfsMownhrsgJW4GtW7eeOXMGv/lHmTqdjt7zZxhj2BcRJ/n5+TjWcmqen59PcXmG3q8YutEPjYyMyOVyu92OppBxnkRhHehqSI8xnOZrtdqioqL+/v6enp6MjAy+2xEwf5h+jKEoqqqqSqlU4smCKInmLrOnXY6NjVVVVSUkJAQHB2s0mvz8/P7+fkYrZWVle/fuxfIZSUReXl5OTg5OpqWlMcoIFxA4ytn7hT1Ad4LP5zMYDDExMUqlMjMzE/1h9CvGcEpgu3piYmLPnj1qtVqhUOh0OtG5y3zKTyPGSLSRT0kp1aUYgujv78/KykJzlw8ePIiU5OwzDIsEuiIfbAU4xwPoc5fp06mnEWM4J+/OBE7P4H7FNpDe5crLy/FvgV4qBYkxhm/q9tWrVx9//HGSJJOSkmprawVuR8A8QSTGTIOZPLQmJCScP3+eLwkAfNjtdo1GQ82nPjPfZj3NH8+IMh/cBcwWd/Wdvyg//fSTQBIA+LBarfHx8QT0GX7AM8CcML9iDABIZ//+/VFRUdnZ2b29vXv37q2srJxrjbgZHx+3WCwxMTFzrQgAzAEQY4B/Khs3bjQYDDt27FixYsWuXbteeumludaIm+Li4sbGxuPHj8+1IgAwByygWG8vZ8jw8HBdXV1FRYVwsddee62+vr6+vn7e3hoAAACAGTL7Maavry85Ofm3334TKDM4OIjWGklOTp6TzwkBAACAu8DcjJV5vV6lUgk78QEAAPy7EV/M4+LFi4888sg999wTHh7+7LPP/vrrr4yd7Ohb8g0PD8fGxnq93gULFnz00Ue///77q6++Gh4evnz58rfeemtycpIgiMHBQdEyBEFMTk5WVFTce++9ixcvfvbZZwcHBwnWJnr0pi9evPjYY48tWbIkOjr6mWee+fHHHxmGsBtC0t5+++24uLilS5e+8MILw8PD0/clAAAA8HfEY0xnZ2dxcXF/f7/NZouJiSkpKREozFhkm3Od9mXLlomWIXgWhxdAdOMAzob4lhYHAAAAZgG/vqa5evVqRESExCW8+NaekliGc3F4vqYFNg5AcDbEt7Q4AAAAMCuIv4/5/vvv9+zZ093dPTY2NjU1NTU1JTF6CazTLlqGc3F4AQQ2DhBuSMq6/QAAAMD0EB8r0+l0GzZsMJvNVqu1qanpLuiE8WvK2alTp44fP56SkjI2NlZaWrpz587AKQYAAABIQSTG3Lx50+12v/HGGytXroyOjkYvOVQq1ejoKJ6d7HK5OOtqNJrg4OCff/4ZJe12O97aSLRMaGioSqW6dOkSo7xw02vXrn3ppZcqKio+/PDDc+fO+asMAAAAMLuIxJjw8HCVSvXee+8NDw9fuXKlqqqKIIglS5akpaWVlpbeuHHjypUr5eXl9Cpqtdrn8125ciUoKOj55583GAy//PLLDz/8UFVVlZeXx5AvUMZgMBQXF1++fPnXX3/duXPnN998I9D0jz/++OSTT3799deDg4O//PLLsWPHUlNTJTYEAAAABArRNzZmszktLU2hUERERJSWlqJ37AIrbFO0RbY512mn/v7qnq8M5+LwfE1LWa2d3ZDouv0AAADATJj97/wBAAAAABGQDdUBAAAAgIAYQ+fSpUvbt29nZMbFxbGnHgB3k7i4uI6Ojm3btt24cWOudQEAwD8gxvxFQUEBY7LZ5cuXp6amYF21OQSdgrVr1wYHB5eVlc21OgAA+Id4jOnr61vA4p133vGrGcY6Y8TflxqbOWz5UhgeHj5w4AD6PTg42NXVZTAY6AUaGxuzs7Nx8ujRoytXrly0aNFDDz30+eef01vHngkKCoqLi9u/fz9aeE3Ae319fUFBQWi+HF0Udguj7vLlyysqKsbHx/lMZrj06NGjcXFxixcvXrdu3VdffcWpLVusgJmijYpaxHbFggUL6CvLffLJJ6tXr8Zr1tFPgcFgMJlMBAAA/yxEZwWgyVe+v4Nnf0mEvUH37E7imt4G4PRanBK0Wm1LSwv6XVtbGxsbazKZBgYGTp48qVKpzGYzvS7yzOjoqNVq1Wq1RqOREvQeWmggPj7e6/XSVWJsAo/F2my29evX79u3j09het3a2tr4+PjW1laPx3PmzBm1Wt3W1iZFrICZoo2KWoQatdvtYWFh6PfOnTtffPFFXDglJaWhoYHzFMAe7wDwT0RqjJlhM//EGON2u8PCwsbGxlAyKiqqtbUVHz1y5EhWVhZf3ba2tqSkJGHFHA6HUqlcs2aNXq+nZzJiDL2KxWJJTEzkO0qvy9C2vr5eQFu6WAEzRRsVtYid43a7SZJ0OBwURTU1NcXHx9P/vtBPAcQYAPgnMv33MX6tyS+M6LL8jMKMvQbYZe7cufPKK68sWbLkvvvue/PNN/Ey/gcOHAgPD4+MjPzggw8Y2xCwhTQ2Nm7evHnhwoUEQQwPD7vd7oyMDHx0w4YNAktBKxSKiYkJUcNlMtmJEycaGhq+/PJL0cIEQQQHB4+NjYkWY2tbWFh47NgxUbH+msnGX4siIyMLCgpqamoIgjh48GB5eTl9ASH6KaDzxRdfSFcJAIA5ZPoxZrbW5Cd4luUPZ4EKS9lrwGg0jo6OdnV1NTc3m83m+vp6giC8Xq/dbrfZbA0NDRkZGYxtCNhC6C9jvF6vQqGg3+xCQkJGRkY4zbl58+a+fft0Op2o4QRBPPDAA1VVVYWFhaJb19y6dauysrKoqEhUJlvbhQsX3nfffaJi/TKTD+kWIcrLy0+ePPnpp586HI6CggL6Icb7MExBQcGmTZs6Ojr8UgwAgDlA9EkHDbKraZSUlMxwTX5KwrL8LhZs3dBeA2z5arUavxJAb0eQFUNDQ3xaMSR4vV6SJHF5tv69vb2M9xDIOSqVSqFQ6PV6ZBGn9xgyJyYm0tPT0WsJ9usNLFYmk23ZskWKS+mHysrKkAS8bYGAWGEzhRuVYhG7CkKv1ysUirq6OnqmwCnwer3V1dUqlSo3N7enp4cCAGC+ImmvZaVSabVa6cnZWpOf4F+WPzo6mrO86F4Dt27d8ng8eBby1NSUXC4nCIIkSekz2VpaWrRaLS4vl8sZY19YLAK7SCaTaTQa+oAP23uMtoKCgk6cOJGamrp161bGMmv0ur29vQaD4Z133tm9e7ew8nRt9+3bZzAYXC7Xli1bRMWKmikRAYs42bFjR0NDQ2FhIT2TcQroLF68uKKiQq/XFxYWJiUl0SfFAQAwr5B0+5DJZIw7/vXr1wXKs9fkVyqVPp9vcnISH/J6vfhue+rUqY6ODpvN5na7S0tL169ff/ToUTw4hrl58yZBEDqdrqioqL6+XqFQMG6dCJ/PJ5PJ2tvb8c1RJpNJeY1BhzFKg4bUxsfH8TjSyMhISEgILsB2kZRDmPvvv7+6urq4uJixewK9bnR0dG1tbWFhIYoxAi6laxsaGhoaGjowMECPbXxiRc0UPo9SLOIkJCRELpcvWrSInsk3UIa4du1aZWWl2Ww2Go2i8gEAmCum+T7G3zX50frN58+fxzlms5n+uMNelt/KguDZa4BBZGSkUqkcGhqK/pPIyEi/rJucnPzss8/oN7jQ0NCoqKi2tjacg2aO+SVWmN27dyclJQlvZU1/zhBwKdLWYrHgQ62trQIPl1isqJmi59Ffi/hgnwI627dvT01NjYiI6OnpqaiomIZ8AADuEqKjaXxzRouKirKzs51Op81mW7NmTW1tLcqvrq7WarVdXV0ul6ukpAR/XXHs2LGEhASz2Yy+2FCpVOiLje7u7i1btqAvOZxOZ1FREX2yLBuNRlNXV3f79u2enh6dTodG9kdGRuRyud1uRzNf9Xp9eno6ejCqqakxGo2cVni9Xrlcjgb0nU6nQqFA+WazOTk5mVEYfzji8XhOnz7N/j5GwHt838ewX36QJMn5fYzP5+vu7t6wYcOOHTtweT6XUrTvYwYGBj7++GOVSmWxWKSIFTBTtFFRi3Axdg6jIvsUXL16FdfKz89H050BAJjnTD/G+LsmP0VRhw8fjo2NDQ4OTk5OPnv2LMqUsiw/Hc69BiiKKi8vRxsKUBTl8/kMBkNMTIxSqczMzOzt7eWzAm9D4PP5FAoFijdlZWV79+5lF0Y37uDg4NTU1KamJlEXUX++YGdw5MgRvlr19fWMd/4YjUZTXFw8MjJCL8/pUqwtOrRmzRr6Jy+iYvnMFG1U1CJcTDTGsE/BmTNnUlJS2MoAADCfgbX9/2L37t02m+2rr75avXr1iRMn1q1bN9ca/XdhnII7d+4kJibu27fvlVdemVvFAADwC4gxfzE+Pm61Wh9++OG5VgTg4Ntvv3300UfnWgsAAPwDYgwAAAAQKGBtfwAAACBQQIwBAAAAAgXEGAAAACBQQIwBAAAAAgXEGAAAACBQQIwBAAAAAgXEGAAAACBQQIwBAAAAAgXEGAAAACBQQIwBAAAAAgXEGAAAACBQQIwBAAAAAgXEGAAAACBQQIwBAAAAAgXEGAAAACBQQIwBAAAAAgXEGAAAACBQQIwBAAAAAgXEGAAAACBQQIwBAAAAAgXEGAAAACBQQIwBAAAAAsX/AZdv417BZUufAAAAAElFTkSuQmCC)
Screenshot:
Mirror: Click here to view the mirror
Coordinated Disclosure Timeline
Vulnerability Reported: |
20 September, 2019 18:38 GMT |
Vulnerability Verified: |
20 September, 2019 18:51 GMT |
Website Operator Notified: |
20 September, 2019 18:51 GMT |
a. Using the ISO 29147 guidelines |
|
— |
— |
b. Using publicly available security contacts |
|
c. Using Open Bug Bounty notification framework |
|
d. Using security contacts provided by the researcher |
|
Public Report Published |
|
[without any technical details]: |
20 September, 2019 18:51 GMT |
Vulnerability Fixed: |
10 August, 2020 07:39 GMT |
— |
— |