OpenBugBounty.org > OBB-2615021

Are you sure you want to delete the vulnerability?
Yes No

snigurivka.mk.gov.ua Cross Site Scripting Vulnerability
Report ID: OBB-2615021

Security Researcher devl00p Helped patch 89476 vulnerabilities
Received 11 Coordinated Disclosure badges
Received 37 recommendations , a holder of 11 badges for responsible and coordinated disclosure, found Cross Site Scripting security vulnerability affecting snigurivka.mk.gov.ua website and its users.

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:

a. verified the vulnerability and confirmed its existence;
b. notified the website operator about its existence.

Affected Website:	snigurivka.mk.gov.ua
Open Bug Bounty Program:	Create your bounty program now. It's open and free.
Vulnerable Application:	Custom Code
Vulnerability Type:	XSS (Cross Site Scripting) / CWE-79
CVSSv3 Score:	6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N]
Disclosure Standard:	Coordinated Disclosure based on ISO 29147 guidelines
Discovered and Reported by:	devl00p Helped patch 89476 vulnerabilities Received 11 Coordinated Disclosure badges Received 37 recommendations
Remediation Guide:	OWASP XSS Prevention Cheat Sheet
Export Vulnerability Data:	Bugzilla Vulnerability Data JIRA Vulnerability Data [ Configuration ] Mantis Vulnerability Data Splunk Vulnerability Data XML Vulnerability Data [ XSD ]

Vulnerable URL:

HTTP POST data:

Research's Comment:

Screenshot:

Mirror: Click here to view the mirror

Coordinated Disclosure Timeline

Vulnerability Reported:	11 May, 2022 09:56 GMT
Vulnerability Verified:	11 May, 2022 10:10 GMT
Website Operator Notified:	11 May, 2022 10:10 GMT

a. Using the ISO 29147 guidelines
b. Using publicly available security contacts
c. Using Open Bug Bounty notification framework
d. Using security contacts provided by the researcher
x. Using Twitter notification
Public Report Published [without technical details]:	11 May, 2022 10:10 GMT

Vulnerability Fixed:

25 May, 2023 15:59 GMT

Public Disclosure:

10 June, 2022 09:56 GMT

For Website Operators and Owners

Please read how Open Bug Bounty helps make your websites secure and then contact the researcher directly to get the vulnerability details. The researcher may also help you fix the vulnerability and advice on how to prevent similar issues:

How it works and what's next

For remediation best practices, please also refer to OWASP remediation guidelines. More information about coordinate and responsible disclosure on Open Bug Bounty is available here.

DISCLAIMER: Open Bug Bounty is a non-profit project, we never act as an intermediary between website owners and security researchers. We have no relationship or control over the researchers. Our role is limited to independent verification of the submitted reports and proper notification of website owners by all reasonably available means.

snigurivka.mk.gov.ua

Website Overview and Rating

SSL/TLS Server Test:	A View Results
Web Server Security Test:	C View Results
Malware Test:	Click here
Domain Health Report:	Click here

Latest Submissions

OBB-ID	Reported by	Status	Reported on
OBB-2745614	devl00p Helped patch 89476 vulnerabilities Received 11 Coordinated Disclosure badges Received 37 recommendations	unpatched	09.07.2022
OBB-2734943	devl00p Helped patch 89476 vulnerabilities Received 11 Coordinated Disclosure badges Received 37 recommendations	unpatched	06.07.2022
OBB-2710364	devl00p Helped patch 89476 vulnerabilities Received 11 Coordinated Disclosure badges Received 37 recommendations	unpatched	02.07.2022
OBB-2697303	devl00p Helped patch 89476 vulnerabilities Received 11 Coordinated Disclosure badges Received 37 recommendations	unpatched	29.06.2022
OBB-2637835	devl00p Helped patch 89476 vulnerabilities Received 11 Coordinated Disclosure badges Received 37 recommendations	unpatched	06.06.2022
OBB-2629075	devl00p Helped patch 89476 vulnerabilities Received 11 Coordinated Disclosure badges Received 37 recommendations	unpatched	26.05.2022
OBB-2621613	devl00p Helped patch 89476 vulnerabilities Received 11 Coordinated Disclosure badges Received 37 recommendations	unpatched	19.05.2022
OBB-2619065	devl00p Helped patch 89476 vulnerabilities Received 11 Coordinated Disclosure badges Received 37 recommendations	patched	16.05.2022
OBB-2616966	devl00p Helped patch 89476 vulnerabilities Received 11 Coordinated Disclosure badges Received 37 recommendations	patched	13.05.2022
OBB-2615021	devl00p Helped patch 89476 vulnerabilities Received 11 Coordinated Disclosure badges Received 37 recommendations	patched	11.05.2022
OBB-2611426	devl00p Helped patch 89476 vulnerabilities Received 11 Coordinated Disclosure badges Received 37 recommendations	unpatched	07.05.2022
OBB-2598221	devl00p Helped patch 89476 vulnerabilities Received 11 Coordinated Disclosure badges Received 37 recommendations	unpatched	04.05.2022
OBB-2537810	devl00p Helped patch 89476 vulnerabilities Received 11 Coordinated Disclosure badges Received 37 recommendations	patched	21.04.2022
OBB-2521624	devl00p Helped patch 89476 vulnerabilities Received 11 Coordinated Disclosure badges Received 37 recommendations	patched	17.04.2022
OBB-2510589	devl00p Helped patch 89476 vulnerabilities Received 11 Coordinated Disclosure badges Received 37 recommendations	patched	14.04.2022
OBB-2490149	devl00p Helped patch 89476 vulnerabilities Received 11 Coordinated Disclosure badges Received 37 recommendations	patched	10.04.2022
OBB-2485405	devl00p Helped patch 89476 vulnerabilities Received 11 Coordinated Disclosure badges Received 37 recommendations	patched	08.04.2022
OBB-2472941	devl00p Helped patch 89476 vulnerabilities Received 11 Coordinated Disclosure badges Received 37 recommendations	patched	05.04.2022
OBB-2458810	devl00p Helped patch 89476 vulnerabilities Received 11 Coordinated Disclosure badges Received 37 recommendations	unpatched	01.04.2022
OBB-2454253	devl00p Helped patch 89476 vulnerabilities Received 11 Coordinated Disclosure badges Received 37 recommendations	unpatched	30.03.2022