.wrapper { display:none; } .footer { display:none; } body { -ms-overflow-style: scrollbar; overflow-y: scroll; overscroll-behavior-y: none; } .errorContainer { background-color: #FFF; color: #0F1419; max-width: 600px; margin: 0 auto; padding: 10%; font-family: Helvetica, sans-serif; font-size: 16px; } .errorButton { margin: 3em 0; } .errorButton a { background: #1DA1F2; border-radius: 2.5em; color: white; padding: 1em 2em; text-decoration: none; } .errorButton a:hover, .errorButton a:focus { background: rgb(26, 145, 218); } .errorFooter { color: #657786; font-size: 80%; line-height: 1.5; padding: 1em 0; } .errorFooter a, .errorFooter a:visited { color: #657786; text-decoration: none; padding-right: 1em; } .errorFooter a:hover, .errorFooter a:active { text-decoration: underline; } #placeholder, #react-root { display: none !important; } body { background-color: #FFF !important; }

JavaScript is not available.

We’ve detected that JavaScript is disabled in this browser. Please enable JavaScript or switch to a supported browser to continue using openbugbounty.org.

2022 © OpenBugBounty

Open Bug Bounty selected among the
Top 5 Bug Bounty programs to watch
by The Hacker News

All Open Bug Bounty emails are sent only from openbugbounty.org domain being digitally signed. All others are fake. Learn more.

For Researchers

Report a Vulnerability Report and help remediate a vulnerability found on any website	Write a Blog Post Write a blog post to share your knowledge and get kudos
Browse Bug Bounty Programs Browse active bug bounty programs run by website owners	Ask a Question Ask questions and share your improvement ideas

How it Works

Download presentation and learn
how our platform works

PDF, 1MB

For Owners

Start a Bug Bounty Start your bug bounty program at no cost and leverage crowd-security testing	Ask a Question Ask questions or let us know how to make Open Bug Bounty even better
API Request National CERTs and law enforcement agencies may request our API

How it Works

Download presentation and learn
how our platform works

PDF, 1MB

Hall of Fame

Top Security Researchers They make Web a safer place by reporting and helping remediate vulnerabilities	Acknowledgements Website owners share their experience of collaboration with the researchers

How it Works

Download presentation and learn
how our platform works

PDF, 1MB

About

About the Project Read about Open Bug Bounty history, values and mission	Latest Reports Browse the most recent vulnerability submissions
Contact Us Get in touch

How it Works

Download presentation and learn
how our platform works

PDF, 1MB

Forum
Blog

OpenBugBounty.org > OBB-1247099

Are you sure you want to delete the vulnerability?
Yes No

apps.tga.gov.au Cross Site Scripting Vulnerability
Report ID: OBB-1247099

Security Researcher devl00p Helped patch 85653 vulnerabilities
Received 11 Coordinated Disclosure badges
Received 36 recommendations , a holder of 11 badges for responsible and coordinated disclosure, found Cross Site Scripting security vulnerability affecting apps.tga.gov.au website and its users.

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:

a. verified the vulnerability and confirmed its existence;
b. notified the website operator about its existence.

Affected Website:	apps.tga.gov.au
Open Bug Bounty Program:	Create your bounty program now. It's open and free.
Vulnerable Application:	Custom Code
Vulnerability Type:	XSS (Cross Site Scripting) / CWE-79
CVSSv3 Score:	6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N]
Disclosure Standard:	Coordinated Disclosure based on ISO 29147 guidelines
Discovered and Reported by:	devl00p Helped patch 85653 vulnerabilities Received 11 Coordinated Disclosure badges Received 36 recommendations
Remediation Guide:	OWASP XSS Prevention Cheat Sheet
Export Vulnerability Data:	Bugzilla Vulnerability Data JIRA Vulnerability Data [ Configuration ] Mantis Vulnerability Data Splunk Vulnerability Data XML Vulnerability Data [ XSD ]

Vulnerable URL:

HTTP POST data: