Open Bug Bounty ID: OBB-992281
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:
      a. verified the vulnerability and confirmed its existence;
      b. notified the website operator about its existence.
Affected Website: |
vertexco.be |
Open Bug Bounty Program: |
Create your bounty program now. It’s open and free. |
Vulnerable Application: |
Custom Code |
Vulnerability Type: |
XSS (Cross Site Scripting) / CWE-79 |
CVSSv3 Score: |
6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N] |
Disclosure Standard: |
Coordinated Disclosure based on ISO 29147 guidelines |
Discovered and Reported by: |
Mughiwara |
Remediation Guide: |
OWASP XSS Prevention Cheat Sheet |
Export Vulnerability Data: |
Bugzilla Vulnerability Data |
JIRA Vulnerability Data [ Configuration ] |
|
Mantis Vulnerability Data |
|
Splunk Vulnerability Data |
|
XML Vulnerability Data [ XSD ] |
|
Vulnerable URL:
![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAABLCAIAAAAphcDFAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAVNUlEQVR4nO2df0xT59fA72rFAhcQLBWhDnCbEuOwUcZ0Y8apcYQRUjdFxrqJkyASxghRB8wxxhw6LMY5w8yCizgzzeIMIQtxC3OmIWwqssI6hh0oVCydIANWsZTq/f7xvLvv3f3V21/Q4vn81ee5z3PPec457el9bu/pYwRBYAAAAADgAUTTrQAAAAAwY4EcAwAAAHgKyDEAAACAp4AcAwAAAHgKyDEAAACAp4AcAwAAAHgKr8gxsbGx7e3tXE3AXYBhAQCYYqY/x/z2228PHz5cvnw5axNwF2BYAACmHjs5pq+vLygoiPXQ6OjogQMHuJrCaWhoSEtL42p6P04v3Dl4PMIPq2H7+vpCQ0PdoZfH8aidnbDq33//vX379vDw8KioqHfffXdychL1O62nXR3IAc55zenIAQBXcP46ZmRkpLKykqspHF/PMU4vfIrxOcPS8DY7Z2VlWa1WrVZ78eLFlpaWsrIy1O9tepJER0cPDQ1NtxbAI8c075UNDAzo9fq1a9eyNgF3AYZ1L/fv329ra/viiy+ioqKWLFly+PDhc+fOeVqoWCxevHgx9YWjzJkzx91KAYAdBOWYTz/9NDY2dt68eW+88cbo6CiGYaOjozExMWaz+bHHHqurq6M2Dx8+HBQUdOjQofnz54eGhm7btu3+/ftcZ25oaNi4cePs2bNpzU2bNh06dAh1tre3z5kzB8nFMGznzp1PPfUUz9E9e/bwT9+zZw+pwNatWz/++GOyuXr16rq6OgzDJiYmduzYERQUFB0d/cEHHzx48AD7d7fhwIED4eHhCxYsOHHiBM0OrBNv3rwZGBj466+/Yhh29+7d0NDQn376CcOwBw8elJSUzJ8/PzAwcMuWLXfv3kU63Lt3b+fOneHh4QsXLvzwww+RaBqffPIJ07ysOjPtfPv27ZdeeikoKGjJkiVff/01OYZLLlNP2q4LuXWD+qurq2NjYwMDA7du3Xr37t09e/aEh4fPmzdv+/bt9+7dI2cxtaVODw0Nff3110mv0ezM4x3W6VRVeYKTGedc4/39/W/duhUYGIgmdnd3R0ZGMvW8evXq6tWr/f39w8PDt2zZcvv2bTSeq5+fqKioa9euoReXL19Gnd9//73diWgM1WvCPTUwMPDyyy8HBQXFxsZWV1cz9+iuXr36wgsvBAUFRUVFvfrqq3/88QfG9k7BuAOeiXP2AbwT+znGbDZrtdqWlpYrV64Yjcbi4mIMw0JCQrq6unAct1gsKpWK2ty0aZPZbL5y5Upra2tra2tbW1tVVRXXybk2ylJTU5uamlDnd9999/DhwwsXLqBmU1OTUqnkOZqSksI/PSUlhZSYnp5eX1+PXg8MDGi1WqVSiWFYRUXF+Ph4R0fHhQsXNBrN8ePHSWt0dXXpdLqTJ08mJSXR7MA6MTY2trS0tLCwEMOwsrKylJSUF198EcOwqqqqpqampqYmvV4fGRnZ2dmJRBQUFBiNxra2tgsXLjQ0NNTU1DA90vovVPNy6Uyzc35+fnBwcGdnZ2NjIzXHcMnl0pMVFC3Nzc1ardZoNMbFxQ0NDXV0dPzyyy+9vb2lpaXkSFZtzWZzR0cHCjaDwUCOp9mZxzus02kasgYna5zzjCe5fv367t271Wo1U8+2tracnByTyaTT6eRyeX5+PprC1U8lnAGrwbOystavX49yD5OrV6+uX78+KyuL1Q5CPJWfn+/n59fd3d3U1HTq1CnmeVJTU7OysgwGQ3Nzc1JSkkQiIc9PfadgHIHEukwh9gF8BoKX3t5eDMPGxsZQs6WlZdGiReQhHMepI1ETTTEYDKj//PnzCQkJ6LXBYIiJiSGnmM1mHMeHh4eZTaPRGBAQYLFYCIJITEwsKirKzMxEJw8ODjYYDDxHrVYr/3Sr1UrqMD4+jk5IEERNTU1aWhrql0qlZrMZvdZqtYmJieTSSIVZ7cA60Wq1xsXFlZeXS6VSk8mEjspksra2NprBbTYbjuM3btxAzYaGhlWrVjE9wmpeVtE0w9psNolEQp0+d+5cfrlMPZmuRydBuo2MjKD+5uZmkUg0Pj6Omi0tLU8++SSPoWjB1tzcTAYbTSiPd7im81uPK855rI3o7+9ftGjR2bNnuYxD0t3dHRERwdNPm9jPgDmXIAiz2VxZWRkWFpaenq7X68l+vV6fnp4eFhZWWVmJbEU9v0BPoWgho4KMFpLh4WGxWIzeaFRY3ymsAW93mVx2A3wF+zmG9dOE9RCZYyQSCdnf2dkpk8nQa5vNZjQayUPnz59ft24dV1OhUFy8eNFkMsnl8pGREZlMZrPZamtrX3nlFbtHhQwgycjIOHr0KEEQGzZsOH36NEEQw8PDGIZJ/yUsLAwtgfXjg9rJNZEgCHRdhQQRBDEyMiIWi202G+1sRqPRz8+PbOr1etobjMu8PKKphjUajbTpyKFccln15MkxXNFCa7Jqa3c6OirQO7Tp/NbjWRFXMCNWrVpF+pRpnLa2tg0bNkRGRiI9SX1Y+7mSkxCGh4eVSqVYLCZ7xGKxUqkkswjByDFCPEWLCjJaqGRkZCgUiqKiIrVafenSJdbzE9wBzwqX3QBfRDwV10r/MmvWrAULFpBN/l+UpaSkNDU13bhxIzU1NSQkRKFQaDQacqeL/6iQASTp6enHjh1TqVRXrlw5f/48hmEWi0UkErW2torF/2cfkUjQjSueiSaTSSQSmUwmmkGEnNZF0a7/osyNeiJYtbVarU7Pda96AhkYGOjo6Pj555+5BiiVyuzs7OPHj0skkv7+/uTkZP5+KszNscHBQVYpPT09ZWVlGo2moqKC7KyoqFCr1Xl5eRUVFU888YTDaxPMmTNnrl27ptPpjEZjUVHRc88999lnn3ENZgYS6zKF2AfwGfhTkHPXMRhle6G+vp62vYCw2WxSqZS8DKc1CYJoaWlJTExMS0trbGwkCKKmpqagoCAiIgJdCfEfFTKAxGKxhIWFHTlyhHqJg+M487re7nUM18SRkZGIiIizZ8+GhYV1dnaiTplMptVqmWZxaK+Mal5W0Uw7U/fK6uvrheyV0fQcGxsTiUTUXSlHr2NYtRV4HcO1UoHXMazW49/94wpmm81GjViaGnfu3KFeWGi1WnROrn7n9spyc3NxHC8qKhoaGqIdGhoaKiwsxHE8NzeXcOo6BkVLb28v6mfuldHQarVyuZx5fgRrwDOXyWUfwEdxPseYzWaxWExuAZNN9LbcvHlzf3+/TqdTKBTl5eXkGcitW41Gs2zZMrKf1kTIZDKZTIam9Pf3BwcHKxQKgUftDqBuImdmZgYHB3/zzTdkT25u7qpVq9C3s6qqqoqKCqY1WO3AOjEvLy89PZ0giP37969duxaNrKysTExM7Ojo6O/vz8/P12g0qD87OzstLc1gMOh0uhUrVqCtGFJbHvOyimYaVqlUUqeTDmWVy6VnYmJidna2yWTS6/VJSUlO5BimtvzTqXYW4h3qdLvW488xXMFM/DeKmHrKZLKampqRkRG9Xq9UKkl9WPvHxsbEYnFXV5fADSWESqUicwArvb29KpWKcCrHEASxefNmpVLZ29ur0+ni4+NpH/ednZ3JyckXL14cGhoyGAzZ2dmpqanM8yO4Ap4Jl90AX8T5HEMQRHl5eUBAwMmTJ6nN6upqHMcPHjwok8nmzp375ptvkvcSqWfbvXt3aWkpeSpaE5GZmbl582aymZCQQB3Df5R/AG1d9fX1OI6TehIEYbFYCgsL5XJ5QEBASkoK+rrKtWNOtQNzYmtrK47j6LuwxWKJiYk5deoUQRA2m23v3r1SqVQikSiVSvJ7qNlszsnJkUqlcrm8vLzcZrMxPx2qqqqY5mXVmWnY/v7+jRs34ji+ePFitVpN/dJAk4v6WfXs7u5et24djuNLly49evSoEzmGqa3dCxHSzkK8w3qXCL1mBif/XNZgZtWQpqdGo0lISJBIJBEREUVFReRgrv7i4mLqG8q9OJdjTCZTamoqjuMxMTEHDx6krddqtZaXly9evNjPz08mk6lUKvSTFtZ3ClfAM+GyD+CLPEYQhHs33/r6+pYtW/bPP//wD1uyZMmpU6eeffZZ1ibgLsCwVAQGp9PjZzbXr19fs2bNX3/9Nd2KAL7ElN7zp3L9+nWeJuAuwLCAu9BqtYsWLZpuLQAfY/rrLs9g2tvbd+3axTNgcnLytddegy+GgNfy0UcfnThxYnBw8PLly6Wlpbm5udOtEeBjQI7xIFlZWTExMTwDZs+e7efnt3v37qnSCAAcY+3atTU1NXK5XKVSFRQUbNu2bbo1AnwNt9/hQT/FoXHkyBG3C/JOUNldgiCGhoZEIhHtd0cWiyUjI4N6O7StrY3/MWbqj8KduPnpypN9vs70hqIrjnuUvQbMMDxyPwbHcVoVcfJxuRkPyjElJSVmszkgIIBa6XZiYiI5OVkqlVLHh4WFmc1mz+nziFd099FQfMS9BswkPPV+gyriTEwm04YNG1QqFVmgUwhQ0d1Fpmv5LjruEfcaMGOwfz+GWfJdSBF1Gqy1vlk7ucTRhvFIYVZiFygIE1zznEsQtbT7t99+S1MvOjr6vffe4zcUs1S7uyq6O1R434mK7lxucmNFd7suczoauZR3JRqdc5xH6/Bjgh0n3GsYlOIHeLGfY1hLvgspok6DWeubtZNLHG0YV+VznsrtQgRhgmueswqi/ceBcDeQ8JdqFziMq6K78ML7zlV0Z3WxGyu687jM9WhkVd7FaGTC47gpqMOPCXaccK9hUIof4If/dg1rGateezXYMUpZXKlUmp+fz1rrm9nJI442l7WaUy9v5Xa7gsiRdmuecwki/nunl/W2LVedNwRXqXYaTlR0F7g0wtmK7qxuItxX0Z3fZazRyBqKrKqyKu9iNLLC6ripqcNPOOI457xGQCl+gIGdHMNa8t1uIYqAgABqIA4PDwupJilQHA+9wiq3cwlijuSqscEliHA5xyCYpdpZcaiiu/DyIc5VdGddiBsrujvhMtZQZFWVVXkXo5EHmuOmrA4/IcxxDnmNgFL8AC8eeT5GJBJFUWDdF3YR4bsTPkdPTw+qGEgt1S5wWEVFhUajycvL6+np8aiSZ86cqa2tjY+Pt1qtRUVFb7/9Ns9g1oruTPcplco1a9ZoNBqtVtvY2OgWPacgFDEHo5HpuCnzGuaI4wR6DfOM44AZg53flclkMj8/v5s3b8bGxmIY1tXVxf9QoYsIF6fValn7LRbLrVu3Fi5ciGGYXq9//PHHXRTEhUBBjrJr167Tp0/n5OTo9fp58+Y5OqykpCQnJ2f//v0KhUKlUn3++edO6CCTyUQiUV9fX3R0NIZhXV1drMNWrly5cuVKDMPQn1uzPkkaEhISFhbW3t6+fPlyaj/TfYODg0aj8f3330dN5i93pzgUHZLIFY1MWB03lV7DBDhOuNcwAY4DHnXsXukwS77bvXhHN72p3LhxQ8hemRBxPAis3M4liDmSZ6+MVRBBKe1uMBio+2lcq+7u7qaKsFuqXeAwZkV3h4oiO1HRnctNbqzo7qjLWEORVseaOpKpkivRyAq/45he418grcnvNcIRxwn3GgGl+AFe7OcY/lLzBFvQMzNZWVmZwBxjVxwPAiu3cwlijuTJMTwl31Fp99raWolEwrxvTxNx7ty5+Ph4IatzDudyjBMV3bnc5MaK7o66jOs5f+E5xpVodAXncgy/1whHHCfcawSU4gd4cX9t/2lkyiqxCxT0zjvv6HS6H3/8kWvAxMREXFzcvn37duzY4W4d3QZUdPdFwGuAl+ADdTV8F7Vazb9TP2fOnNOnTz///PNTppITQEV3XwS8BngJUHfZg3R2dn755Zc8AyYnJ48dO+aFXzb5K7rDfxZ4J1CHH/BCIMd4EN+t7c9f0d131zWzgTr8gDfi9js8XDda3S7IO3F7bX9vgFwUwbYu5qIIYf9ZwBUntENyuby4uNhqtXpgZQAAeBaPXMcwfzD66JQwQh/HGIZx1fa32WzU8Z6u7e8WyEVhjHWxLgoTti6eOCEPjY+PNzY2Xrp0if+JVAAAvBNP7ZXN+S/MZ4YfQVBtf7VaPd2KuBMXF8UTJ6jH39//6aefVqvV586dc5PKAABMHVDb39tr+3vVourq6tyyKEeRSCQWi8XFkwAAMPVAbX8fqO3vPYtSqVTuWpRwRkdHy8vLU1JSnJsOAMB0wn+7Bmr7T3ttf69aFNe6+J+cZy1ozxonrIf8/PwyMzNR0XsAAHwLO89g3rlzx2q1opqAGIbFxcWh9z+O4+T/9Mnl8uHhYeqsgIAA6rOHAQEBY2NjOI4zq97SOnnE0eZGRUWxKiyRSFCdSjTdYDA4JAiNDAkJIZcWHBzs7++PmpGRkWTJPy5BLhIYGFhSUpKbm/vWW28tXbp0cnJypi4KY4sT6mt0qKmpqbi4uLa2llQYAAAfwiPP+aOC6tSesbEx94pglk8fHBx0r4jpoqenp6yszG5tf9+CdVHMOGEe2rZtm1qtrq2t5f/7AAAAvBM792PI8uaoOWW1/e2K0zJA/ajkPnotpLa/XUFcCBTkKLt27VIoFBEREXq9vqSkxCFZvrUo4ezbt6+qqmpiYsItygAAMJXYyTGzZs3KyMgoLCy8devW77//Xl5enpmZKeS8E//l4cOHQmYJFxfFgDxUVFR0+/ZtND01NdW966LCKkgqlVoslj///FMkEjGfGmFis9nE4v+/mjSbzTqdrrq6mvbnMV6yKAzDnFgX16IEsnXr1uDg4JMnTzoxFwCA6cX+78qOHDkSERGxYsWK5OTktLS0vLw8u1PMZrPkvwj/gHBCHBUcxxMSElasWJGUlBQfH793794pFhQYGLhv3z6FQvHDDz9gGIY+l3nQarXUy4WvvvoK/ceUdy6qrq5OJpM5ui7WRTlEaWnpwYMHyRs5AAD4DNP9owN3MjX/7SFcUEFBwbp163gGWCyWmJiY2tpa12W5jnBBblkXAACPAlDb34PMjNr+TGbqugAAcDtQd9mDzJ49+5lnnuEf44sfxDN1XQAAuB3IMQAAAICnmFH/tQwAAAB4FXAdAwAAAHgKyDEAAACAp4AcAwAAAHgKyDEAAACAp4AcAwAAAHgKyDEAAACAp4AcAwAAAHgKyDEAAACAp4AcAwAAAHgKyDEAAACAp4AcAwAAAHgKyDEAAACAp4AcAwAAAHgKyDEAAACAp4AcAwAAAHgKyDEAAACAp4AcAwAAAHgKyDEAAACAp4AcAwAAAHgKyDEAAACAp/gfSZrLGHOaDgkAAAAASUVORK5CYII=)
Screenshot: ![vertexco.be vulnerability](/twimages/screen-992281.jpg)
Mirror: Click here to view the mirror
Coordinated Disclosure Timeline
Vulnerability Reported: |
12 October, 2019 20:12 GMT |
Vulnerability Verified: |
12 October, 2019 20:25 GMT |
Website Operator Notified: |
12 October, 2019 20:25 GMT |
a. Using the ISO 29147 guidelines |
![](/images/done.png) |
— |
— |
b. Using publicly available security contacts |
![](/images/done.png) |
c. Using Open Bug Bounty notification framework |
![](/images/done.png) |
d. Using security contacts provided by the researcher |
![](/images/done.png) |
Public Report Published |
|
[without any technical details]: |
12 October, 2019 20:25 GMT |
Vulnerability Fixed: |
22 November, 2019 18:45 GMT |
— |
— |