logo
DATABASE RESOURCES PRICING ABOUT US

guiadaculinaria.com.br Cross Site Scripting vulnerability

Description

Open Bug Bounty ID: OBB-1118983 Following coordinated and responsible vulnerability disclosure guidelines of the **[ISO 29147](<https://www.iso.org/standard/45170.html>)** standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence. Affected Website:| **[guiadaculinaria.com.br](<http://www.guiadaculinaria.com.br>) ** ---|--- Open Bug Bounty Program:| **Create your bounty program now**. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| **[XSS (Cross Site Scripting)](<https://www.owasp.org/index.php/Cross-site_Scripting_\(XSS\)>)** / CWE-79 CVSSv3 Score:| 6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N] Disclosure Standard:| Coordinated Disclosure based on **[ISO 29147](<https://www.iso.org/standard/45170.html>)** guidelines Discovered and Reported by:| **KhanJanny ** Remediation Guide:| **[OWASP XSS Prevention Cheat Sheet](<https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.md>)** Export Vulnerability Data:| Bugzilla Vulnerability Data JIRA Vulnerability Data [ Configuration ] Mantis Vulnerability Data Splunk Vulnerability Data XML Vulnerability Data [ XSD ] Vulnerable URL: ![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAAA3CAIAAABVZQ1/AAAACXBIWXMAAA7EAAAOxAGVKw4bAAAU/ElEQVR4nO2df0wT5x/Hb1CxlFJ+lcovEYiiYYYxQhgadUyII5WQ6hAZY4qMKCNICEGGZGOMOWSIxrGEGOISNGQzxrCOGMIMMQtjhIF2J2tY7ZBhrYVhRWAVKxbu+8fz3eV2v3pgK6if11/3PPe55/k8z32uT++55973CkEQGAAAAAA4AZeldgAAAAB4YYExBgAAAHAWMMYAAAAAzgLGGAAAAMBZwBgDAAAAOAsYYwAAAABnsSzGmPDw8Bs3bnAlAUAgEDkAsNxY+jHm999/n5+ff+2111iTACAQiBwAWIbYGWNu377t6enJumtqaur48eNcSeG0tbWlpaVxJZchPH3CZe/j4+OM2hfqifCSl5xFOIMix3n94ySexsnFHfvgwYMDBw74+/sHBwd/9NFHT5484Spn0aG7hD1PVr0I55+LgHnuWPx9zOTkZE1NDVdSOM/dGLNmzRqz2bzUXmCYoz1ZPu1aHMzIed5b5CRycnJmZ2dxHL969WpPT09lZSV0FOA8lniubHR0VK/XJyYmsiaXLStXrlxqF/6PYz1ZPu1aKFyR8/y2yEk8evRIo9E0NTUFBwevX7/+1KlTly5dwl6gjhKJRJGRkdQNYGkRNMZ89dVX4eHhfn5+77///tTUFIZhU1NTYWFhFovllVdeOXfuHDV56tQpT0/PEydOrFq1ysfHZ//+/Y8ePeIqua2tbceOHStWrKAld+3adeLECZR548aNlStXonoxDDt06NC6det49h45coT/8CNHjlB9GB0d3blzp6enZ3h4+MmTJ9H9Ne2umXrfTd3V39+/adMmd3d3f3//PXv23L17F+XfvXv37bff9vT0XL9+/bfffkuWw2U/Nzd39OjRVatWeXh47Nmz5/79+zwOUDNp80InT54MDw/38fF57733yCazVorsjx8/7u/vHxgY+M0339Bq5HKVhOkzhmEPHz48dOiQv7//6tWrP/vss7m5OZpvHh4ee/fuvX///pEjR/z9/f38/A4cOPDw4UOMjS+//JIWRUy3kSUtkJj9s3fv3i+++ILctWnTpnPnzrGWxtqE/v7+rVu3enp6BgcHv/POO3/88Qerw9Teo9nzn1BmS5kN4bqmmJcnzyHu7u537tzx8PBAZkNDQ0FBQVTfuEKXC9YwYPYGM5a4upQ1//Hjxx988IGnp+eaNWs+/fRTdFJYCQ4Ovn79Otr49ddf7frPw48//viUBgAmZIyxWCw4jvf09PT19ZlMpvLycgzDvLy8dDqdVCq1Wq3Z2dnU5K5duywWS19f37Vr165du6bRaOrq6rgK55ooS01N7ezsRJmXL1+en5/v6OhAyc7OTpVKxbNXqVTyH65UKqk+FBYWurm5DQ0NdXZ2nj9/3n6fUdBoNAcPHhwbG9NqtSEhIYWFhWSZMplscHCwvb2deqFy2dfV1XV2dnZ2dur1+qCgoMHBwQW5gbBYLAMDA+hMGQyGiooK/kotFotOp9Nqtc3NzVu2bBHYNBJWn4uKikwmk0aj6ejoaGtra2xsJOvCcby7uxvHcZPJtGHDBrPZPDAw0NvbOzIyQrpKa861f6FGEavbdqdYMzIy1Go12h4dHcVxXKVSsZbG2oTU1NScnByDwdDd3b1lyxaxWMx/LhZkz9VSmg3rNcV6efIfQnLz5s3S0tL6+npqJlfociEkdFljiauLWPOrq6tnZmYGBgY6Ojq6urrOnDmDjP0Z2HVYODk5OUlJSWjEotHf35+UlJSTk+PA6l5YCF5GRkYwDJuenkbJnp6eiIgIcpdUKqVaoiQ6xGAwoPzW1ta4uDi0bTAYwsLCyEMsFotUKp2YmGAmTSaTRCKxWq0EQcTHx5eUlGRlZaHCZTKZwWDg2Ts7O8t/+OzsLOmDzWYTi8XDw8Okt97e3qytQ/nMXSRDQ0MBAQFkmdQeII9ltScIQqFQaDQaWs+zOkDNp21Tz1R3dzd5plgrRfZk5/O0i+YqCdNnm80mlUrJzmxra0tISCDrmpycJH1zcXGZmZlByZ6enrVr19IK54oiptvEfyOHq39mZmZQ5BAE0djYmJaWxloaaxMmJiZEIhEKJyGw2vOcUK7rRWBvcF2e/MUajcaIiIgLFy5QfRMYulSYYcBsLBUUS1xdypUvl8stFgvaxnE8Pj6ebAUNfm/5obltsVhqamp8fX0zMjL0ej3K1Ov1GRkZvr6+NTU1pEsADyK7g5BUKiXvo4OCgiYmJuweIhaLV69ejbY3bNhgMBjIw3t6ekizK1euxMfHkzMG1GRgYGBkZGRPT09UVJTJZKqsrIyMjJybm+vs7ExOTl69ejXP3hUrVvAfTp1RGR8fn5+fDw8PJ7212zoqv/32W1lZ2eDg4Ozs7Pz8/Pz8PCoTwzBqD/DbT01NTUxMREdHL6hqJtQzFRISQp4p1kqRPc/CG66jEKw+j4+Pz87OUjsT/dKhury8vEjfZDKZu7s7SgYFBbE+cOaKIqbbtEBixd3dXalUqtXqw4cPt7a2kv9AaaWxNsHHxyc9PT0hIWH79u1BQUFxcXFvvvkmT10LtedqqRAbnsuTv9j09PTi4uK9e/dSM3lClxWBocuMJa4uYs1/8OCB2WwOCwtDpc3Pz4tE///hCg4O5q8aQb2/uXfvHk8mFQ8Pj6NHj+bn5+fm5kZFRT158gTDsKioqNTU1OHhYTKeAX6e6TN/V1fXwMBAMsm/okypVHZ2dl6+fDk1NdXLyysmJqarq4uc6eLfK8TAIahUqm3btnV1deE43t7e/jT2rq6uDnTsaZwUfpTzfF4QAtcioumyBw8e9PX1LXTt4nfffXf27Nno6OjZ2dmSkpLDhw871v4ZMzo6OjAw4Civ7IYBayxxdREz32q1uri4XLt2DcdxHMcHBgZwHEfGAufKcAr8mTRu3bpVWFjY1dVVXV2Ncqqrq7u6ugoKCm7duiWse156+G9zhE8Zcc2VqdVq5r0/QRA2m00ul5OTErQkQRA9PT3x8fFpaWnt7e0EQTQ2NhYVFQUEBJhMJrt7hRiQ9YrF4pGREZQkJwemp6ddXFyoU0/Mho+Pj4tEIrIoHMeRDW3CQa1Wo3wue4IgFAoFjuNUx7gc4JkrYz1TXJUyZzOoOTyukjB95pkr44oiZpLMZI0iptu0yOHpE6vV6uvre/r06d27d7Ma8DSBCo7jISEhhGCQPc8JtXu9COwN2uXJU6zNZqNea1xzZWTo8sAMA2LhscTVpWS+VCplzsgRjp4ro5Gfny+VSktKSsxmMzXfbDYXFxdLpdL8/HwHVveisvgxxmKxiEQicpqSTKLgTk9PNxqNWq02JiamqqqKLIGcae3q6tq4cSOZT0siFAqFQqFAhxiNRplMFhMTI3CvXQPSk/T0dJVKNTIyotVqo6OjyQbGx8fn5eWNjY3p9fotW7awDq4KhaKxsXFyclKv16tUKtJGpVJRe4A6lrDa19TUxMfHDwwMGI1G9L+Jy4Hp6WmRSKTT6Ww2m5AxhqtS/jGG6yjqRDmrz3l5eWlpaQaDQavVxsbGNjQ08PtGS5Llc0UR021a5HD1DyIrK0smk128eJG1yQhmEwYHB1NSUq5evWo2mw0GQ15eXmpqKsENlz3rCeW5XhbaG8wxhusyJP57KqnlcIUuF6xhQD0LBFsscXURV35+fn5CQoJWqzWZTHV1ddXV1fxeLRpqt2RnZ5P/PpmMjIxkZ2c7yY0XicWPMQRBVFVVSSSS5uZmavLkyZNSqbS2tlahUHh7e+/bt498ukstrbS0tKKigiyKlkRkZWWlp6eTybi4OKoN/15+A6onY2NjqampUqk0LCystraWbODQ0ND27dulUmlUVFRDQwPrGNPV1RUXFycWiwMCAkpKSkgbo9G4Y8cOqVQaGRlZX19P5nPZ22y2srIyuVwuFotVKhX638TlQHl5Oep2gWMMa6V2xxjmUTQDVp8tFsvBgwflcnlISEhVVRX6iRE4xjCbU1dXR4siptvMyGHtH4RarZZKpawBScJswuzsbFVVVWRkpJubm0KhyM7OHhsbI7jhsmc9oUJairaZ15TdaQbWy5D1FJDlcIUuF6xhQD0LBFsscXURV77Vai0uLg4JCZFIJEqlknoT5kB4lioAi+YVgiAcO/l2+/btjRs3/vPPP/xm69evP3/+/BtvvMGaXCpu3ry5bdu2v//+e2ndAISzTCLHqQi8pp7yEABwBvbXlTmJmzdv8iSXChzHIyIiltoLYAEsk8gBAICVZz3GhIeHq9XqZSWO+/nnnwcFBaWlpQ0PD1dUVFRWVi61R+zMzc3V19fv3r173bp1jjUGFgfXKqbh4eEXTFrx5Wkp4HCe6RizPNXXExMTi4uLCwoKQkNDi4qK9u/fv9QesePq6jo/P19aWvrDDz841hhYHFxrXl+8n92Xp6WA47H7xGZ6erqoqCg0NFQsFkdGRtbW1qIHuYvg2LFjhYWFaLuhoSEiIsLNzS0mJgYtL+bHUY/jWFfKOoni4mKxWMz68Hlx2Gy22NjY3t5eWr7Vas3MzGQuw2U1pkFddE7tmZ9++ikmJkYikSQkJAwMDDy988LR6XQpKSkymUyhUOTm5pICAYhLly6h9TxqtXrfvn0oc3GxTcKzegIAgKfB/juYubm5BoPhypUrBoOhsbGxo6NDo9Esbjwj35X7+uuvT5061dTUZDQay8rKsrOzf/7558WVuWy5f/9+Q0NDb29vdna2o7TTXV1dr1+/Tnu+/fjx45SUFJvNJsRYOJmZmVVVVUajMSUlJTc3d5EeLwqlUhkSEqLT6TQajdVqzc/Pp+4dGhpCerp6vZ4U1rVarVarVafTeXt7W//lWfoMAAArdubKHj16pFarzWYzEk5ISkpKSkpaXE1U9fXa2tqWlpa33noLw7B33313fHy8rq5u69atiyt5eWKxWCQSCTkx6Dzt9LGxseTk5OzsbFL3c0FwaaHbbLa4uDgfH5+4uLjW1laHuWuPx48fFxUV5ebmonmY8vJymjSDXq/fsWMHhmHodgdlou5F+okvjEw9ALwI8N/moDcrmdJvGRkZx44dI5MJCQloIbzJZFIqlehdE9ri+jNnzmRkZBAEMTk5iWEYVZhSo9HQpDbr6+vDwsK8vb2zsrLQVAlTro75HgZBEH19fQkJCWKxWC6Xo1fJiP8u+a+pqRGy5L+8vFyhUEgkkvT0dLtvfjC9pd61UOfK0EZNTY1cLg8ICDh79iy1BIlEkpGRYTabS0tL5XK5r69vTk6OQN09gTM8HR0dQkojCKKysjI6OrqgoCA6Olqr1TLrYr7SQXD0P8EbGDzMzs6WlZWRE2KEvTkx1tc+qL1NCHiDB+bKAMCB2Jkr8/DwUCqVmZmZv/zyC/UjH1xK6Tw6+eREmcViEYvFVGFKmUw2PT1NJrk06qlwacizqohzyZVziR0tVLWe6a2fnx/12wdUz5li8ovQvV80PHLlNJCkSnNzc0dHx6uvvkrby6Ubz/OxA9bA4NGb+v777yUSSV9fX1NTE5lptVpDQ0NNJhN1g6cVAqX7AQBwFnZHoenp6fLy8sjISJFItHbtWvTXj1UpnUsnn+BWX0cMDw/TNDCYGvXUo4SIShH/qojzyJVziR0tVLWeVVGf9a8xU0x+ZOG696wI/PfNKlfOBIkSjo2NJSYmpqSkEAQxNDSkUCioPvPL0ROMjx2wBgaP3tTMzAzSiTlz5gyZabVa5XI5dYPWCbT7GEyAdD8B9zEA4DQWsPbGarX29PQkJCR8/PHHBEFkZmYiNark5OSWlhaCIEwmk5ubG2k/ODhIXvCtra3bt29H20ajUSwWU0seGhoify+45DGo+bSK9Ho9+XUTjUaTnJwcFBSE5pq8vb1NJhO1OqpXrExOTopEItraOa4aBWqG0ubKqCUvQi+SlQX9Mk5MTKhUKqpSIQ1ylDWZTHK5vKampre3l1R7GxkZoXUpOfww+5/gDQy7tLe3x8bGom1Upkgkom5QjXkkUhBCziOMMQDgQBag7b9y5cpNmzY1NDRcvHgRW6BSOlV9Hc0goY8xIKanp2UymXBPeFiQjj3PRM0yUa13Bky5chr37t2bmJh4/fXXMQwLDAxsbm6urKysq6tjfiuTyUK/I8A8BU+ePOnv7ycNIiIiTCYT2sZxvL6+XqVS4Th++vTplJQUHlV2AACWA/bfwXz48CH59W8Mw6xWK1omq1Qq8/Lyzp8/n5ycjJYAKRQKFxeX27dvr1mzBsMwnU6HDpmbm7t8+TL5/ryXl1dQUFB3dzdaV4ZhWHd3d1RUlHCnFQqFm5vbX3/9hb4lpdPp0PeL7t27ZzKZPvnkE2SGHrwrFAoMw+7cuYO+vKTX68lyWH+hvLy8fH19b9y4QX1XlKvG544PP/ywpaXl4MGDer3ez8+P1QbdIvz5559II2Dnzp25ublNTU1arZa0sVqt1C4NDQ3FOPof4w4MjO0UzM/Pb968eXx8HH06jCwcw7Dg4OCZmZnIyEi0sWHDBoGfqCJ5Yc4jADw38N/m6HQ6hULR1NRkMpkmJyfR/HhNTQ3aS1NKJzh08pm6/Q0NDWFhYZ2dnWaz+cKFC76+vkgSnOCeO6KphbNqyBMcivQOkStfqGr98pwr45crJykoKNi8ebNWqzWbzc3NzWhdFpojJXh147k+XsD1AQVWUlNTMzMzjUYjjuNRUVGNjY3krrKyMvR4pqKigjzp1E7gnysjOM4jNbpokQYAwNNg/3lMe3t7YmKiTCaTSCTR0dFNTU3kLppSOsGhk8+q28/1nj/Pby5VLZxr7TKrjr1D5MoXqlq/PMcYgVit1vLy8rCwMLFYHBsb29LSMjw8LJFI0HDLoxvP9fECrg8osDI+Pp6Zment7R0SEkJdIk8QREZGBoqWrKwstVrN7AS7YwxX5FCji7oNAMDT4HhtfxJSJ/9lUF9/qXhK3Xj4gAIAvDw4UROT1MkH9XWACnxAAQBeHhw8xjwvOvnAMwYCAwBeThawdlkIiYmJjY2NISEh2dnZy1knH3jGQGAAwMuJE5/HAAAAAC85Dr6PAQAAAAASGGMAAAAAZwFjDAAAAOAsYIwBAAAAnAWMMQAAAICzgDEGAAAAcBYwxgAAAADOAsYYAAAAwFnAGAMAAAA4CxhjAAAAAGcBYwwAAADgLGCMAQAAAJwFjDEAAACAs4AxBgAAAHAWMMYAAAAAzuJ/c4leNHp85cEAAAAASUVORK5CYII=) --- **Screenshot:** ![guiadaculinaria.com.br vulnerability](/twimages/screen-1118983.jpg) **Mirror:** [Click here to view the mirror](<http://1118983.openbounty.org/mirror/>) ### Coordinated Disclosure Timeline Vulnerability Reported:| 15 March, 2020 13:37 GMT ---|--- Vulnerability Verified:| 15 March, 2020 13:51 GMT Website Operator Notified:| 15 March, 2020 13:51 GMT a. Using the ISO 29147 guidelines| ![](/images/done.png) ---|--- b. Using publicly available security contacts| ![](/images/done.png) c. Using Open Bug Bounty notification framework| ![](/images/done.png) d. Using security contacts provided by the researcher| ![](/images/done.png) Public Report Published [without any technical details]:| 15 March, 2020 13:51 GMT Vulnerability Fixed:| 16 April, 2020 19:48 GMT ---|---