logo
DATABASE RESOURCES PRICING ABOUT US

gamcore.com Cross Site Scripting vulnerability

Description

Open Bug Bounty ID: OBB-990848 Following coordinated and responsible vulnerability disclosure guidelines of the **[ISO 29147](<https://www.iso.org/standard/45170.html>)** standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence. Affected Website:| **[gamcore.com](<https://gamcore.com>) ** ---|--- Open Bug Bounty Program:| **Create your bounty program now**. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| **[XSS (Cross Site Scripting)](<https://www.owasp.org/index.php/Cross-site_Scripting_\(XSS\)>)** / CWE-79 CVSSv3 Score:| 6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N] Disclosure Standard:| Coordinated Disclosure based on **[ISO 29147](<https://www.iso.org/standard/45170.html>)** guidelines Discovered and Reported by:| **k0t ** Remediation Guide:| **[OWASP XSS Prevention Cheat Sheet](<https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.md>)** Export Vulnerability Data:| Bugzilla Vulnerability Data JIRA Vulnerability Data [ Configuration ] Mantis Vulnerability Data Splunk Vulnerability Data XML Vulnerability Data [ XSD ] Vulnerable URL: ![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAAAjCAIAAADNIk3yAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAIS0lEQVR4nO3cXUhTbxgA8LfNZOo5fsxt6py1WahEVNAwCyvxwqyGGCVFrCwKgzAZo0SFaiWkaAZ9YN4U5kXdRYwICSEwGaG2lt9fmJtufjSXq2lH2Xb+F4f/4bDtzI/cv/Xv+V2d5+yc9332vOLD3jPdQJIkAgAAAAKA87sTAAAA8L8FPQYAAECgQI8BAAAQKNBjAAAABAr0GAAAAIECPQYAAECgBG+Pkclknz9/ZgsBExQHABCcgrTHdHd3u93unTt3+gwBExQHABC0lukxRqMRx3GfL9nt9qqqKrbwF2m12ry8PLYQMK2tOH5Wdg1DxcTErMtQAID/mbV/jpmbm7tz5w5b+Iugx6wcFAcAELSCca9scnJyaGgoKyvLZwiYoDgAgGC2oh5z//59mUwWGxt75swZu92OELLb7VKp1OFwbNiw4dmzZ8zw3r17OI7X1tbGxcXFxMQUFhb+/PmTGqejo2P//v04jicmJh4/fry/v9/ndFqtNicnZ+PGjd7h5OTk0aNHcRyXyWR1dXX0Fk1HR8fevXvDwsKEQmFBQYHZbEb/bgfV1dXJZLKIiIiTJ0/Ozs5eu3ZNKBTGxsaeP39+fn6eut3lcpWXl8fFxUVERBQUFMzOziKE5ufnL126JBQKk5KSbt265XK56DGrqqqEQmFCQsKTJ08QQouLixcuXMBxfPPmzTdv3qSu9LDaKVaSNrM4Hntf9P4Vdd7ncjD5zIStsAghs9l86NAhHMdTU1OfP3++3E8QAOAvtXyPcTgcBoNBp9O1t7dbLJaysjKEUFRU1MDAAIZhBEEolUpmeOzYMYfD0d7e3tnZ2dnZqdfra2pqqKEUCsW5c+dMJlNbW1tmZiaPx/M5o5+NsuLi4tDQ0JGRkZaWlqamJvoavV5fVFQ0NTXV09MjkUiKi4uZybe1tRkMBovFkpaWZrVau7q6Pnz4MDY2VlFRQV1WU1PT0tLS0tIyNDQkFov7+voQQiUlJRaLRa/XNzc3a7Xa+vp6esyBgYGenp7GxsbMzEyE0O3btxcWFrq6upqbm1tbWxsaGrzf1GqnWEna3rViW0Gfy8HElglbYYuLiyMjI/v6+t68eQM9BgDAivRrbGwMIfT9+3cq1Ol0ycnJ9EsYhjGvpELqFpPJRJ1/+fKlXC4nSdJms4WEhBAE4T2LyWSSSqXUscPhwDDMZrN5h06nk8fjjY6O0iNHR0d7jzYyMhIfH09nMjc3R51va2vjcDgLCwv0e9m6dSt1LBKJ9Ho9cxCn04lhGD2XVqvNyMigx6TTowgEAofDQR0bDIb09HTvrFY7xUrSZhbHezmo4rAtB/N6tkzYCkstBHNMnwsBAAAhyzYhDMPoTRixWGyz2Za9hcfjJSUlUcdpaWkmkwkhFBMTc+LEiYyMjOzsbLFYLJfLDx48SA+r0+mo47dv36anp9ObYMxwZmbG7XbLZDJ6ZHrGT58+lZaW9vX1LS0tud1ut9tNJx8VFUUdSySSyMjIsLAwelKr1YoQstvtNpttx44dzLcwMzOztLTEnIv6ZU2Nyfwa1bdv36xWq1QqpUK32x0S4lnVNUyxbNretWLjczlWmInPws7MzCCEmGP6TwAA8NdavsesoxcvXnz8+LGnp8disajV6n379j18+BAhxOVyExISqGvW9o2y/Pz8ixcvNjQ08Hi8iYmJ3Nzc1ebG5XJXewuFIAgOh9PZ2Um3Fg7H9w7kmqdg8x98o+zXCwsA+JsF5HtlBEGMj49Tx0NDQ5s2baJf2r17d2FhYXl5+dOnT1+9euVxo8vlev36Nf170yMUiUQcDsdoNFLhwMAAdfD161eLxXL9+vUtW7YkJiayPeZhExUVxefzPf5OXiQShYaGfvnyhZ6L/qTiISEhITw83GazJf6L7pfrNYVPHsXh8/kLCws/fvygwomJCfpKP8vhPxO2wopEIoQQc8yVpw0A+KusvccIBAKCIIaHh32GarXabDb39vZqNBqFQoEQ6u/vP3z48Lt372ZnZ8fHxx89erRr1y56tMXFRYSQTqeLj4+nN208Qi6Xq1AoVCqV0WikRqbOC4VCPp//+PFju90+PDxMn185lUpVVFTU3d1tNpuvXLny/v17Lpd76tQplUo1Pj5OzXX69Gm225VK5eXLl3t7eycnJ2traysrK5lval2m8OZRHBzH5XK5Wq2enp4eHh6mvppB814OPp9PEMTg4KDL5WLLhK2wXC43NzeXOebK0wYA/F38P65he5JM0Wg04eHhjY2NzLCurg7DsOrqapFIFB0dffbsWep59dLSkkajSUlJCQ0NFYlESqVyamrKY5arV69WVFTQ43uEJElOTU0pFAoMw6RSaXV1NZ1Ma2urXC7n8Xjx8fFqtZp+3O0neWbodDpLS0sFAgGPx8vPz7darSRJOhyOoqIigUAgkUg0Go3T6fQek0IQhEqlkkgk4eHhR44coR6ee1y55inY0vYuzsjISHZ2NoZh27Zte/DgAbMI3stBkmRZWRm9fD4zYSssSZITExM5OTkYhqWkpNy9exee+QMAfNpAkuT6Ni2j0bh9+3Z602ZVUlNTm5qa9uzZ4zP0MDg4eODAgenp6bXn+ifzXxzarywHAAD8ov/0mf+yBgcH/YQeDAZDcnJygDMKXv6LAwAAwSC4esyyKisrxWJxXl7e6OhoRUXFjRs3fndGAAAAWAXj/yvzIysrq76+XiKRKJXKkpKSwsLC350RAAAAVuv/PAYAAACg/GGfYwAAAPxBoMcAAAAIFOgxAAAAAgV6DAAAgECBHgMAACBQoMcAAAAIFOgxAAAAAgV6DAAAgECBHgMAACBQoMcAAAAIlH8AZ/JWMSizK7YAAAAASUVORK5CYII=) --- HTTP POST data: ![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAAA3CAIAAABVZQ1/AAAACXBIWXMAAA7EAAAOxAGVKw4bAAATZUlEQVR4nO2df0gb9//H75OmNssya7MsWCvFumLLNqwV17nOlbKWISIukxKchE46KU7EOSlFpIjYkhVxo2xDZLQjK2UbZTjxjyLDjS5I6ZyV1AZJQxfSLKS2zcR2maQ29L5/vL87brn3+33vXHI5U1+Pv3KX94/X+/l+3b3v3nf3ev+P53kOAAAAAFRAp7UBAAAAwFMLjDEAAACAWsAYAwAAAKgFjDEAAACAWsAYAwAAAKgFjDEAAACAWsAYkwLbtm27fv261lZowPXr1z/88EOtrcDz+PHj99577+7du1obAgAABhhjWLlx48aTJ0927dqltSEa0NLSUlJSorUVeNavX5+Xl3fs2DGtDQEAAIMGY8zt27efe+456W964tu3b2/atCkb9hEYHx9vaGhINZdsA1MqSoECig148ODBJ598wnHcX3/9NTc319XVlSmT2GE0vqura3JyUjbZr7/+unv37mefffb111+/ceNGJgzMPDlh5GpAVqiPP/74mWee+eabb8TnkHQORugahfBaEI/H0Y9gMGgymSgphQTBYLCgoCAbxhHYs2fPTz/9lGou2QamVJQCBRQbIFaeVEIWOkVwFQqMbSwsLBwbG1tcXOzv76+qqsqEdZknJ4xcDdCFikajOp3O4/EkEgn+Xy9K82CErlGGNnNlGzZsYEyp1+vLysrEPzThzp07fr9///79WhmwZmF3FVkSiURVVdWmTZuqqqpWVlYyVWxmyQkjVwN0oWKxmNFo3LVr17p167gMeRF0jUJkR6F4PH7kyBGTybR169a+vr5EIoEuB4aGhkpKSoxGo91uj0ajx44ds1gsZrO5paUlFouhvNPT09XV1QaDwWKxHDp0KBwO8/+9mlB2ZTExMcGeYHp6uqamxmQyFRUVNTY2zs/P2+32U6dOCQmqq6tdLhfP85FIpK6uzmQylZSUDA0Nia/QR0ZG7HY7+h2LxY4ePWqxWIqLi/v7+9GFkliTgoKC5ubmpaUlaQOxeUlC8TwfDofffvttk8lUVlbmdDrpNw2yavPk3nQ6nRaLpbCw8OzZszzPLy0tCR7y6aefiksgmSQrSzquQpIXIW4jxTf6+vrKy8vb29vLy8u9Xq/4L0r5FMNY2iUVnNKDdCN5sotKjVTJwpwQKhqNCt7rcrlId+SZ7RrpeQbtTyQSPT09VqvVaDQeOnQoGo1ijziSMfTTr/RYIJmhIfL3MQMDA8vLy3NzcxMTE263e2RkhOO4WCzm8XimpqY8Hk8kEtm5c2c0Gp2bm7t69WowGOzt7UV5Z2dnjx49urCw4PV6i4uLOzo66HW9IAGbrKWl5cCBA9euXZP+9fvvvx84cKClpUXYU19f39LSEgqFpqamampqDAaD3W4fGxtD/965c8fj8dhsNo7jOjo68vLybt26NTk5ef78eXGx4ocxnZ2dkUhkdnZ2YmJifHx8eHgY7Y/FYnNzc1euXJmeng6FQoIIYkh5SUJ1dHTk5+fPz89funTp22+/pQvFojapN30+n9frdblcNTU1HMdt3LjR5/OZTKZ4PP7uu++KSyCZRJElI67CIi9H9Q2TyRQIBFwu18TExMsvv8xYPskwxnZhBaf4Od1IkotijUzHQgrZFIqiFUWo559/XvBeh8NBakgGa+Rw5xm0f3BwcHJycnJy0u/3FxUVzc/Pc7gjjmQM6YAlHQskM7REdhSyWCzCtYbH49mzZ08wGOQ4Thg8p6amdDrd8vIy2rxy5cr27dul5dy6dauwsJCn3seEJWBNisViTqfTbDbb7Xa/3492+v1+u91uNpudTqdg8OLiol6vT5rTX15ezs/PD4VCPM8PDw83NDTwPJ9IJAwGQyAQQGlGR0fFV+gmk2lxcRElQ66G/hofH6+urkYN4Tju4cOHgialpaVJDSTlJQmFTEJ2JpkkKxRWbZ7cm6h1YrBXfyST6LKk7yokeZNM5Qm+wfP82bNny8vLFxYW9u/fX1tbi2qxWq1CCZTysYYxtksqOE/uPrqRFBeVGpmmhSSyLBRJK7pQPOEkI3ssKK4Re55BWK3W2dlZqYZJRxzJGNIBi+0CihkaIjPGLC4uchxn+Rez2Wy1WpO6KunBr3hzdnb24MGDRUVFKC/an/5cmWCbzWbT6/VoU6/X22w28W0joqmpqaKioru7e2ho6PLly8LOzz//nOf5gwcPXrhwgef5SCSSl5cn5JqfnxdaMTo6+tZbb6HfScn8fj/2VC6IIN5PyksSKhKJGAwGrElYZNVm6U1xE6RHJsmkVGWRbtKNly0nqQlJvsGLDvVIJGKxWJxO59WrVysqKrAlpOTDlHZhBZdKzWgkxUWlRqpkYU4IxRNOMrLHQjo1Ys8zS0tLer0+aRYO665YYxScfrFmaIuefpcTj8d1Ot3MzIxe//8pdTod+/Mum83W2to6MjJiMBjC4XBtbS09vXRy7P79+9iUf/zxR19fn9vtHhgYQHsGBgaGhoba29sHBgZefPFFIeV333137do1r9cbiUS6u7v37t37xRdf2O32L7/80uFwTE9Pj46O0q1S9tZySmREKNlC0uxNVUlVAQpS37h///7i4uLu3bs5jtu8ebPL5bLZbDMzM2iaQj3DsIJzhO7TxEiShQpQQygOp9X8/LxiodSrEXueQX+h9w4UGKPggKWYoRmyo5DJZJLe67Fcm9y7d098IenxeGTvYxjnytra2kwmU3d3dzQaFe+PRqNdXV0mk6mtrQ2b0ePxFBcX8zwfj8fNZvOZM2caGxvRX2giIhgMok3xLJDFYhEmKCiTQrL3MaS8JKGSJqbGxsYoc2UsavMMvSndT5krE0xKVZakTVnj2e9jsL6BzBZPnR09epTjOOHJLal8RlUp92dSwXmCn8saSXJRrJFpWkgiy0LxOK1kheIJJxnZYyGdGsUI5xme561Wq8fjEf+LPeJIxqR6+iWZoSHyY0xbW1t1dTUaGAcHBwcGBtj9xmq1Dg8PLy0t+f1+m80mdbuHDx/q9Xqfzyf7UocYh8MhHGlSgsGgw+FAv+fn52tra3/55ZdoNBoKhVpbW+vr69Ffzc3N+fn5Fy9eFDIeOnTIZrMFg0Gv11teXo6sdbvdr7zyirj81tbWhoaGUCjk9XorKyvRnBtJk6QGYvOShOJ53mazoVd0vF5vRUUFfa4MW0iSAbK9KRCLxfR6vd/vD4VC4vkxkkkpySLdpLsKvZxbt24JmyTfaG9v37t3r9frjUajLpcLvdJz4sQJoUBS+bI+TG+XVHCpbYxG8gQXxRqpkoW5IhR2jJE9FhTXSDnPOJ3OPXv2zM3NhcPhjo4Ot9uNPeJIxqR0+qWYoSFM7y53dXUVFxcbjca6urpAIMDuN263u6qqymAwFBYWdnd3Y92up6fHaDSit4czzsrKSn9/f1lZWV5entVqdTgcCwsL6K+xsTGTySQ8fuR5fmFhob6+Hr0Yevr0aWTtsWPHent7xWVSXtLFiiBuIOndZaxQ/H9fFE56nVoKqRCxAbK9Kaa/v99oNJ49e1Z8EUcyKVVZ+FRchV7ODz/8UF5eTlEGNbynp6ekpMRgMFRWVl64cCEQCBiNRrfbTS+fxYcp7ZIKrthInuCiWCNVsjBXhCJNltCPBcU1Us4ziUTi+PHjFovFYDDYbDbh3WVp+VhjUjr9UszQkP/xPK/tZN3q5ObNm/v27bt79+6OHTvOnz//2muvaW2Rlnz00Uder/fnn3/W2hAMjx492rlz54kTJz744AOtbckqgotqbQgA0JB55r9m8Xg8paWlHMfdvHlTa1u0Z2hoyOPxaG0Fng0bNly4cOGNN97Q2pBsI7goAKxmNIgl8+eff6Ivm06ePPnOO++88MIL27Zty74ZUk6ePHnu3Ln79+//9ttvvb29bW1tWlu0Wli/fv2rr76qtRVE1s4Aw+ii0kUoUl2WQvodIuLvv/9OqwGrjzW7YEfW0OA+5smTJ8vLy36/Pz8/Px6PBwKBgwcPZt8MKfv37+/q6mpvb9+6dWtnZ+f777+vtUUA8B9YXFS6CIWCZSlIt62ZCiK+SljLC3ZkD/rjGsoDYRJLS0tOp5O9TMYqLl++XFFRYTQaq6ur5+bmUjIph8iJZsp2cQbJoCBdXV0Gg0Glt0ukUBw7ScDM6nnq1KmOjg76HgAhVobiaZSu9Pl8tbW1+fn5Vqv1yJEj0iiF6eRlIRqNOhwOi8VSVFTU09OzsrLCnjc7ZH6Mkc2ibIxZI4G1c6KZCrxCMZkSJCnYexagqKTsEGBEugiFsmUp1gJiZSieRumg0tLS1tbWSCQSDoebm5ubmpp45jFGNi8LdXV1zc3N4XDY5/NVV1eLX+BeJeTMOphrJLD2GmkmO5kSJCnY+9OKdBEKWJaCRJIyCjzt0aNHnZ2dn3322ebNm7ds2dLT0zM1NcVYezp5Bf7555+JiYnh4eEtW7bs2LFjaGjo4sWLqRaiOvQhCA2qZ86cKSkpMZvNDodDCAiG/R5CHBPe5XJhA00ru4hjDMyuLH441k5SlGxsDHNS0HWtQrtnRBYsSV2cqiCpxh6X7XeWGOlJwd6xadhLw6aUQjp2kgRM2kS5BgcHrVZrQUHB4cOHhU+4WKQTL0Ih3aPG0gDS2PVoP+V7Kcaw9gLYKtJcS0Kqlaynod9er9dsNgsf4gisrKwcP3788OHDPO4+5vTp09IOlc1LqgtrGE/95l9D5O9jUGhuFEc6Eon09PSg/dhY7uKY8A6HQ0GgaWWBtdOMH461k2Q8NoY5Keh6ZuOHpxTaPX1ZsCR1caqCkFRV3O8sMdKTgr2T2ssecV2aEms/9thJElCqZywWm56enpmZmZmZmZ2dHRwcpEsnRhpbT7xHjaUBsLHrOepaD4wiC2CrSHMtCalWdE9DPHjwoLGx8fTp02+++aZ4/48//mg0Gqenp7/66itprlgsNvMv4g6l55XWRTpGVjv0ISj43zjSV65cQXGkKWHqhaGVFGiafh+jILB2ML344Vg7GaNkoxjmlKDrGYwfnlJo9/RloUC59aQLQlFVcb8zxkgX24xNw14aNqXUftKxIxUw6bKX4zjx6gno2QBJulAoVFJSgn6LF6GQ7lFpaQBp7Hpebq0Hxi4TkFaR/loSSVrJehrqoLq6uvb2dqloy8vLKOjUyMgIz9ahsnmldWF9bPXfx6T2zF9oAyVMvTgLNtC0grkyxYHZxZuUaN6k+P/YKNnSGOakoOsahnbPiCwkkkpmF4SiqgJBpJ5DaYv40gebhr00xtldiv70MSZp9QS6lyYSiUgkgn6LF6GQ7lFjaQBs7HppXaS1HngG98NWkf5aEklasXhab2+vTqf7+uuveQKXLl2qrKzkmTuUkle2LrFhpPauEtT9PkZBoGmVQnlz1GjeWDtJxrPHMM9axHKVwqozklLtJFUzIghLW9jbm5IyUvtnZmZIiZWBlW7dunWbN29GCegTZRTSXFghndcoGEXO+JsaYmVYVlVYXl4eHR39/vvvOzo6GhsbN27cyHHc48ePPR6P8HlyaWlpJBJhNICSF1sXlxUfUwX6EEQaJ1nmypIQAk2nOlemODC7dNPEEMYcGxBb2ImNYU4Kuk6pUUEzUwrtnnFZxIhLTlUQMWKp0+93elvEibFp2EvDpkxpHoN9rmxsbAz7xrbUS5MWoZDuUWlpAGnsep55rQeErPtJq0hzLQmsMnRP0+v16CWL+vp64ZOaeDyu1+uFCbfx8XFhNlW2Qyl5sXXxOB+LxWI6nU48N1hWVkZRUhMUjjE8OUy9EBOeFGhawVyZ4sDsSZvYANpYOylRsrExzElB17UK7Z6+LBSELk5VkFRjj6fU7/S2iBNj07CXlv5cWZKA4k10ShKvntDf30+XDj2kkS5CId2jxtIA0tj1aD/LWg8UkcVPnrBVpLOWhFQZdk/z+XwGg0H4SLO+vr6pqSkcDns8npdeeml4eJj/7yICpA4l5aXUhaW2ttbhcEQiEb/fX1NTswq/j1E+xpDC1PP/xoQ/d+4cNtC0gjFGcWD2pE1sAG1sQGxKlGxsDHNS0HWtQrunLwsd1MXo3WV2QVKNPZ5Sv9PbIk6MTcNeWvpjTJKA4s0g4VVXknRCLdJFKKR71FgaQBq7Hu1nWeuBJHJSMmwV6awlIVUmJU/r7Ozct28f+n3v3r2mpqaCgoLi4uJTp04JaYRFBILkl9GxeSl1Ybl3715zc7PZbM7V7/zVAA3sFotlYGCgoaHBbDazHLE5hM/nk31sniu1ZIQcMlVzGAcwKWVlZVevXqXvEbOWO4WuDJBZNIiJWVxcHA6HOY5DMTFXVlYULyG+OslO0PUcCu2eQ6bmLtJFKOjLUqzlToEFO7KJBmPMunXrtmzZgn4/NWFcT548WVRU1NDQEAgEent7+/r6crcWBOkLr0AgwNJr2TQVYAQ6BdAArW+knhLcbndlZWVeXt727dvPnDmT07UgpC+xIFahqU8TiufKWIBOAbIPrLUMAAAAqMVT9SAEAAAAWFXAGAMAAACoBYwxAAAAgFrAGAMAAACoBYwxAAAAgFrAGAMAAACoBYwxAAAAgFrAGAMAAACoBYwxAAAAgFrAGAMAAACoBYwxAAAAgFrAGAMAAACoBYwxAAAAgFrAGAMAAACoBYwxAAAAgFr8H76EPdhY0m/WAAAAAElFTkSuQmCC) --- **Screenshot:** ![gamcore.com vulnerability](/twimages/screen-990848.jpg) **Mirror:** [Click here to view the mirror](<http://990848.openbounty.org/mirror/>) ### Coordinated Disclosure Timeline Vulnerability Reported:| 10 October, 2019 12:57 GMT ---|--- Vulnerability Verified:| 10 October, 2019 13:05 GMT Website Operator Notified:| 10 October, 2019 13:05 GMT a. Using the ISO 29147 guidelines| ![](/images/done.png) ---|--- b. Using publicly available security contacts| ![](/images/done.png) c. Using Open Bug Bounty notification framework| ![](/images/done.png) d. Using security contacts provided by the researcher| ![](/images/done.png) Public Report Published [without any technical details]:| 10 October, 2019 13:05 GMT Vulnerability Fixed:| 14 November, 2019 00:40 GMT ---|---