Open Bug Bounty ID: OBB-995800
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:
      a. verified the vulnerability and confirmed its existence;
      b. notified the website operator about its existence.
Affected Website: |
indegy.com |
Open Bug Bounty Program: |
Create your bounty program now. It’s open and free. |
Vulnerable Application: |
Custom Code |
Vulnerability Type: |
XSS (Cross Site Scripting) / CWE-79 |
CVSSv3 Score: |
6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N] |
Disclosure Standard: |
Coordinated Disclosure based on ISO 29147 guidelines |
Discovered and Reported by: |
geeknik |
Remediation Guide: |
OWASP XSS Prevention Cheat Sheet |
Export Vulnerability Data: |
Bugzilla Vulnerability Data |
JIRA Vulnerability Data [ Configuration ] |
|
Mantis Vulnerability Data |
|
Splunk Vulnerability Data |
|
XML Vulnerability Data [ XSD ] |
|
Vulnerable URL:
![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAAA3CAIAAABVZQ1/AAAACXBIWXMAAA7EAAAOxAGVKw4bAAARFUlEQVR4nO2df0xT1/vHj1ixwq0IloJQw485MIYgMYSRBTeGBg1rSIeMMddpdWYS4hgjukVMGEODDNFsjJFlwUTNMv3DGUOIYYawpTFMEVllhGGHnXZd7RQQXFXA6v3+cb6fk/u599zbW2wpH3hef/Wce+5znvOcQx/uufA+C1iWRQAAAADgB4IC7QAAAAAwZ4EcAwAAAPgLyDEAAACAv4AcAwAAAPgLyDEAAACAv4AcAwAAAPiL2ZtjEhISrl+/LlYEfAUEFgAA/zFLc8xvv/327NmztWvXUouAr4DAAgDgVzzkmNu3b6tUKuql8fHxw4cPixWfk9bW1vz8fLHiDCAxcIlbwsPD/eSPnyCBvX///o4dOyIjI2NjYz/55JMnT55Mw9pHH320ZMmSkydPenUXCfXMB1DmLPt2bQPAvGL6zzFjY2O1tbVixeck4DkmLi5ueHh4JnsMCCSwRqNxamrKbDZ3dnZ2dXVVVVV5a2pkZKSxsfHy5csGg8EPnvoFmbPs27UNAPOK2bhXdufOHYvFkp2dTS3OGIsXL57hHmcYEtjHjx/39vZ+++23sbGxycnJx44dO3v2rLfWXC5XSEjI2rVrFy5c6NWNCoUiKSmJ+2EmmfOzDACBRVaO+fLLLxMSEpYvX/7uu++Oj48jhMbHx+Pj410u14IFC06ePMktHjt2TKVSHTlyJCoqKjw8fPv27Y8fP8Z2rl69un79epVKFRsbu2XLlt9//53aXWtra25u7qJFi3jFN95448iRI7jy+vXrixcvxs4ghHbv3r1v3z7pBi+++KL07VwfuBs4KpXq6NGjCQkJ4eHh77zzDrkLIfT3339v2rRJpVIlJyd///33pH5ycvK9995TqVRxcXGffvrp06dPEUJ37tx5/fXXVSpVQkLC0aNH8b7Q119/vWnTJnLjgQMHtm/fzgvI06dP9+/fHxUVFRoa+uabb46MjCCEHj58uHv37sjIyJUrV3722We4C663oaGhb7311sjIyL59+yIjI5cvX75jx46HDx8K47xkyZK//vorNDQU1w8NDcXExMifL4TQyMgIdz1QfRPzOTY29tq1a/jDlStXcMsff/xRrC9eAzEnhUHDwTl8+HBkZOSKFSuOHz/O3SvDn4XrlrfUpb0CAIAPK8mtW7cQQkaj0eFwDA0N5eTklJSU4EuDg4MMw0xMTLjdbm7RarUihAoLC20229DQUEpKSnV1Nb5Fo9G0tLSMjo5ardZjx45ZrVZqp3l5ed99952w2NLSkpubiysPHTqkUCjOnDmDi4mJiZ2dndIN9u7dK307b+AMw5AIbNu2zeFwWCyWrKys0tJS0kyv13NHumzZMlxfWVlZXFxstVoHBgays7ObmppYli0oKNDr9U6nc2hoKDU1FTe22+1KpfLBgwf4xpSUlPPnz/MCUltbm56e3tfXZ7fby8rKTCYTy7I7d+7U6XQ2m62/v3/dunWNjY3EW4PBYLfbsbdqtRpPH35kKSsrE4szmdaYmJju7m6x+VILEK4Hqm9iPlOJjo7Oycnp6ekRXuru7s7JyYmOjsZFsUUlDBqZSqfT2d7ePjg4SGaZhI66bnlLHQAA+cjKMeQbsKurKzExkVwiP5+s4EvZZrPh+nPnzqWnp7MsOzo6qlAoJiYmhL3YbLb4+Hj82eVyMQwzOjoqLDocjpCQEGwhIyOjoqJi69atuMelS5dOTU1JN7DZbNK38wbOHQ6JwKVLl0gE3G63UqnkjpTkGLVa7XK58Gez2ZyRkYEbk29AbuPMzMyzZ8+SToUh0mg0vb293Bq3280wDLHW2tqamZlJvB0bGyPeBgUFPXr0iEzfqlWrqHHG2O32xMREnHrF5ssugBcxMd/E6qm4XK7a2tqIiIiioiKLxYIrLRZLUVFRREREbW0tDq/EohIGDQeHO2RhjhGuW1aw1AEAkI/nHMNLJOSbUSLHKJVKUj8wMKDRaPDn4uLitLS0ioqKhoaGn3/+mbRxu90OhwN/PnfuXE5ODrnEK6alpXV2djqdTq1WOzY2ptFo3G53S0tLQUGBnAYeb6cORywCDoeDN1J8aXR0FCFEfs2PiIjQaDQOhyM4OFjYmGXZuro6o9HIsmxTU1NRURHPk7GxMYVCwfsNmmfNYrHg3+slvOUVeYHFZGZmcp8txOaLCulazDexeglGR0f1er1CocBFhUKh1+tJBpVwkho0Yarg5RixdQs5BgCmjWLmduUQOn369LVr1/r7+x0OR0VFxcsvv/zVV18hhBYuXLhixQrcRvovyvLy8jo6OqxWq06nCwsLS0tLM5lMHR0deXl5chp4vN0nTExMBAUF9fT0KBT/H96gIKn3XgUFBVlZWQihtrY2o9FIbePti3SPCP9U786dO319fb/88gupoc5XZGQkz9S9e/d86xvm5s2bVVVVJpOppqYG19TU1DQ0NJSWltbU1LzwwgsSTuJLPg8aAABeI52Cpvccgzh7DufPnyd7DlzMZrNWq+VVut1utVpNtlN4RZZlu7q6MjIy8vPzL1y4wLJsc3NzWVlZdHQ0eQySbuDxdupwxCLA2ys7f/48ucQwjHB3S6lU3rp1Cxe5e2Usy6akpHR0dCxbtoxsynHRaDRms5lnTWyvTM5zjDCwuFLsDRnLma+Z2SsrKSlhGKaiomJ4eJhbPzw8XF5ezjAMeS9IdZKlBc3jc4zYuoXnGACYNtPPMS6XS6FQkL1yUiTvTu12e39/f1paGn53OjAwsHnz5s7OzuHhYZvNtmvXLp1ORyzjLXWTyZSSkkIqeUWMRqPRaDS4vd1uX7p0aVpamvwG0lfJzr6cHMP+550/GSm5VFJSkpmZiX+5rq+vr6mpYVm2sLBQr9ffunWrv7+fvPPHVFVVpaamCgOCqa2tzcjIwK+v9+zZg9/579q1Kz8/X/jOX06OoQaW16n0fAnhdk31TaJeiMFgIPmY2pfBYJB2Uhg0OTlGuG5ZwVIHAEA+088xLMtWV1eHhIScOHGCWzx69CjDMHV1dRqNZtmyZdu2bcPvnKempqqrq5OSkoKDgzUajcFgcDqdvF727t1bWVlJ7POKmK1btxYWFpJieno6r410A4mrvG8cOTnGbrfn5uYyDJOUlNTQ0EAuTUxMlJeXa7XakJCQvLw8/Mu70+nU6XQMw8THx9fV1XHtmM1mhBCJJK9Tt9v98ccfq9VqpVKp1+vxr/Yul+v9999Xq9Varba6uhq/e5CZY6iB5TWWmC8q3K6pvknUTxsJJ4VB85hjqOsWw1vqAADIZAHLsr7dfLt9+3ZKSsq///47jXuTk5NPnTr10ksvUYtziRs3brzyyiv//PMPLj58+FCtVjscjpkRU5nDgZ02z7NuAQAQY0bf+Xvkxo0bEsW5hNlsTkxMJMWLFy9mZWXNmFrXHA4sAACzigBrycwrAf+DBw8eP3783r17V65cqaysLCkpwfXj4+P4r5YD6x4h4LMQcAcAAPAVgcwx803APzs7u7m5WavVGgyGsrIyohlDXgAE1j1MwGch4A4AAOBDfJ9j4uLiZG5qB0RceRqi/b6ys379+mvXrk1OTv7xxx8ffvghqZ+cnPzhhx+E4owBkZTnzsLk5OTbb78tMUxfBVPMgWkjxzFeeOWv22m48b947gMA+IRAPscEXMB/lhMQSXkyC5OTk5s3b3a73RKN/XECgk+WgRzHQLEfAGaAgOWYWSLgD3DhzoLT6dy4cWNDQ4P0Lb7VxvfhMpgNov2BPbYAAGYDnnOMUDtdqJGORPTnJRAT8EeSqvXUIwOEQvrSgvwIoc8//5xnh7e7wt3coGryi9mR9l9oX8xVnqS8nCMAhP1SZ0piONxZiIuLO3DggPQkcgdF1diXL9EvdIBqUI5iPxIczSBHsV++q3/++WdoaOivv/6KEBoZGQkPD//pp5+ot1CPLQCAeYXnHKPT6YxGo81mu3TpUlZWllKpRAi5XK7BwcH+/v4TJ05gra36+vqOjo6Ojg6LxRITEzMwMIAQihRAzEpslJWVlTkcjt7e3vb29tbW1ubmZlzvcrm6u7t7enp6enp6e3vr6+txfU1NzaNHj/r6+trb200m0zfffIMb9/X1dXV1dXd322y2yspK0pfL5er5D1w7YuzZsyc4OHhoaKijo+PUqVMe7Yj5LwbV1bCwMCIpbzAY9Hq9yWQiLwxaW1sLCgp4dqj9CmdKbDjCSfEK6joxGo0bNmzA37M8rl69umHDBp4+G9cBqkHqMhOOkQt12fDC65WrCQkJlZWV5eXlCKGqqqq8vLzXXnsNSa52AJi/SP+LJlU7XaiRztKk1FlxbSsJAX9p1Xqq9LpQSF9CkF/Mjth/yItp8ovZ8VZJTNpV7i3SRwBQ+xXOlMQRA1S1f2mpLnJVTGNfpkS/0AExg3IU+9n/lmkQWza8oXnl6tTU1OrVq6urq9VqNVEWEFvtADCf8fA/mOHh4YWFhZmZmTk5OTExMenp6a+++ipCiGEY7h7L+Pj46Ohoamoq7/bY2Fiq2YsXL2ZkZBAL3OLdu3enpqYSEhLwpdWrV+OvCYSQUqlcuXIlqbfZbAih+/fvDw8Px8fH4/pnz55htWOGYcg2jlarxXr7EnbEuHv37rNnz7j+SNuR8F8MCVe56PX6tra2LVu2tLW15eXl8d43iPXLmymJ4fAmxSvE1kloaOj+/ftLSkp27ty5Zs2aJ0+eIITWrFmj0+msVmtYWBjXCNcBqkGxZcYbIw+Z0+2Vq4sWLWpqatq4cWNjY2NUVBSuFFvtADCf8bxXdvr06ZaWltTU1KmpqYqKig8++ECspVBKXWz3wId/UUaE9M1ms9ls7uvrw9pfc4+CgoILFy4ghNra2oQbZc/Pc/5Bl9g6uXnzJpak5Er0m0ym0tLSmzdvSjggZtB/iv3yXUUIOZ3OoKAgp9NJamCvDAAoePXUg7XTqfsnQil1VmT3QFrAX+ZeGVd6XSikL30kAdXOgwcPgoKCuHtW3L0yoSa/mB0x/8Xsyz89gZU8AkBsr4xnQWw4VLV/qg9yrhKNffkS/WIO8AzKUexnxffKJBT7vTpNYGxsLDo6+syZMxEREQMDA7gS9soAQIiHHEPVTqf+VFP156l4FPAXU61HItLrQiF9jzmGaicjI2PXrl1Op9NisWRlZZFbqJr8EnbEFOyp9uWfnsB6OgJA2C91pqjDEVP7F1rg9kiuimnsy5ToFzogZlCOYj8ryDFyFPvlu8qybGlpKT6x9NChQ9nZ2WJ3AQDgIcdQtdOpP9VU/XkqHgX8JVTrqdLrQiF9jw8H9fX1QjtDQ0M5OTkMw6xZs6axsZHcQtXkl7AjpmBPte/V6QnSRwAI+6XOFHU4VLV/qnvUorcHAQjhOSBmUI5iP/vfOcbniv09PT0Mw+Bno4mJifj4+FOnTnllAQDmD97tlfmEpKSky5cvixXFmCVnEQ4ODpJj3mcel8ulVCp5f0P1PJDhyJwFHj6clOk54JFZsmwAYN4SAG3//2kBf54m/wzj8yMAyHACPgsBdwAAAH8wu86PmZ0cPHgwJiYmPz/farVWVlZWVVUFxA18BEBxcfFz2vHVcJ48edLV1aXVap/THwAA5jKBfpCSSwA3PUwm07p164KDg1etWvXFF18ExAeWZYODgwsKCoT/lugtvhqO0WiMiIg4d+7cc/rjV2CvDAACi+/PWgYAAAAATIDPwQQAAADmMJBjAAAAAH8BOQYAAADwF5BjAAAAAH8BOQYAAADwF5BjAAAAAH8BOQYAAADwF5BjAAAAAH8BOQYAAADwF5BjAAAAAH8BOQYAAADwF5BjAAAAAH8BOQYAAADwF5BjAAAAAH8BOQYAAADwF/8HBcDTca7BreUAAAAASUVORK5CYII=)
Screenshot: ![indegy.com vulnerability](/twimages/screen-995800.jpg)
Mirror: Click here to view the mirror
Coordinated Disclosure Timeline
Vulnerability Reported: |
16 October, 2019 18:48 GMT |
Vulnerability Verified: |
16 October, 2019 18:59 GMT |
Website Operator Notified: |
16 October, 2019 18:59 GMT |
a. Using the ISO 29147 guidelines |
![](/images/done.png) |
— |
— |
b. Using publicly available security contacts |
![](/images/done.png) |
c. Using Open Bug Bounty notification framework |
![](/images/done.png) |
d. Using security contacts provided by the researcher |
![](/images/done.png) |
Public Report Published |
|
[without any technical details]: |
16 October, 2019 18:59 GMT |