Open Bug Bounty ID: OBB-1122419
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:
      a. verified the vulnerability and confirmed its existence;
      b. notified the website operator about its existence.
Affected Website: |
automoviles.com.py |
Open Bug Bounty Program: |
Create your bounty program now. It’s open and free. |
Vulnerable Application: |
Custom Code |
Vulnerability Type: |
XSS (Cross Site Scripting) / CWE-79 |
CVSSv3 Score: |
6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N] |
Disclosure Standard: |
Coordinated Disclosure based on ISO 29147 guidelines |
Discovered and Reported by: |
geeknik |
Remediation Guide: |
OWASP XSS Prevention Cheat Sheet |
Export Vulnerability Data: |
Bugzilla Vulnerability Data |
JIRA Vulnerability Data [ Configuration ] |
|
Mantis Vulnerability Data |
|
Splunk Vulnerability Data |
|
XML Vulnerability Data [ XSD ] |
|
Vulnerable URL:
![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAAA3CAIAAABVZQ1/AAAACXBIWXMAAA7EAAAOxAGVKw4bAAAP3UlEQVR4nO2df0wb5R/Hb4yxAsev0pYf7aSdEwkhSCapLEGdDHWphFTGmD9QUMlkCxrEH1lZRERlE8UomcQ/1Az+0RglhBAzCWpsCEFAdmKD2DDWVSzNLAzwwNIV7vvH5Xs57+65HrSlG/u8/upzvedzn+fzecZnfe7u/eygKAoDAAAAgCAQFmoHAAAAgG0L1BgAAAAgWECNAQAAAIIF1BgAAAAgWECNAQAAAIIF1BgAAAAgWNwQNUan0/3666+oJhByICMAAGyO0NeY3377bX19/a677hJsAiEHMgIAwKbxUWOuXLkSExMj+NXi4uKZM2dQTen09PQUFxejmtLZtAP+wMRHJFA3O+yMvPTSS5GRkR0dHRuywA4OO2IJCQmBdVW6GyKEZCIBwLaFEsVms+E4LuUrkTPF0ev1fX19qKZ0Nu2An7jd7hBefQtgMuJyucLCwgiC8Hq9G7LADg7z2WazxcfHB9xbcehkibONUwkAW094aCvc7Oys1Wo9ePCgYPOmYPfu3aF2IYiwM0KSZFRU1CYWzcLDw9PT0zmf2Qe3jO2dLAC4AZF0P+ajjz7S6XSJiYlPPfXU4uIihmGLi4tarZYkyR07dnR0dLCbH3zwQUxMzHvvvZeUlJSQkFBRUfHvv/+iLPf09Dz00EO7du3iN0dGRg4cOBAZGalUKo8ePfrXX39hvOUOZr2F4w+GYcvLy88//7xSqdyzZ8+bb765trZG921tbdXpdNHR0ceOHZubm3v11VeVSmViYuIzzzyzvLxMm+X3xTDs2LFj77zzDnPpAwcOdHR0iCy/rK6uPvfcczExMWlpaW+88QZtZGRk5N57742JiVGr1UeOHPn99985vdbW1kwmU1JSUnR09NGjR+fm5lAuSR8OO1yCqfn4448ffvhh5rTTp09XVFRwMjI3N+czwqiDarX6l19+oQ0yn9Vq9c8//0wf/O6771AzhHMCKoD8uNGDPXPmjFKpTElJ+eyzz/hLdvxQ8CcSAAD+4LvGkCRJEMTg4ODw8LDD4Th16hSGYXFxcZOTkziOu93u8vJydvPRRx8lSXJ4eHh0dHR0dHRsbKylpQVlXORmzNjY2PHjx51Op8Vi0Wg0NTU1Ik5y/MEw7MUXX3Q4HGNjYxcuXOjp6Wlvb2fGMjAwQBCEw+HIyMhwuVzj4+NDQ0M2m62+vp62Jti3rKysu7ubPmF2dpYgCKPRKOJSU1PTysrK+Pj4hQsXzGbzJ598gmFYUVFRZWWl3W4fGBjIz8+XyWScXi0tLf39/f39/VarNTU1dWJiQsQlicNhI5gao9FoNpv/+ecfJgslJSWcjCQmJkqJsOBBn1RWVh46dIipQ2xGRkYOHTpUWVlJN1EBFIwbSZKTk5MWi+X8+fP5+flSQsGfSAAA+IX4UprNZsMwbGlpiW4ODg7u3buX+UrwfgzdxW6308e7urpyc3Ppz3a7XavVMl1IksRxfH5+XrDJZmpqKjk5WfCizJo++yuv14vj+PT0NN3s6enJy8ujHVtYWKAPDgwMhIWFraysMEPbt28fqi9FUSsrK7GxsfS42tvbi4uLOaPmLOIrFAqSJOnPBEHo9fr5+fnw8HDxWwIqlWpsbIxz0J/hsBFJTV5e3tdff80MhHaSkxGfEUaFzickSTY3N8vl8rKyMqvVSh+0Wq1lZWVyuby5uZmOpEgA+XGjB8ueTpzbQqhQwP0YAAggvn/H4DjOrDCkpqbOz8/77CKTyfbs2UN/zsjIsNvtTPfBwUHmtL6+Pr1ezzxcxGlevHjxwQcfVKvVSqVSr9e73W6f12W4evWqx+PR6XSMD/TfFBzH4+Li6IMajSY2NjYyMpLxzeVyifSNjIw0GAz0T5murq6ysjIRB65du+ZyubRarVKpVCqVBQUFNpstISGhtLQ0Ly/v5Zdfbm1t/emnnzi9FhcX5+fns7OzAzgcDqjUGI3G3t5eDMN6e3sNBgN934KTEZ8uofz0SXR0tMlkmpqa8ng8mZmZ9MHMzEyPxzM9PW0ymaKjozEMQwUQFTccx0UeXUOFAgCAALKl78fs3LkzJSWFaYo/tWw0Gu+77z6z2UwQxLfffruVfqKgl8uuXbs2PDws/oC12+0OCwsbHR0lCIIgiPHxcYIgMAz74osvPv300+zsbI/HU1dX98ILL/D77ty5M1gDQFNSUkIHube3l79QtgVcunSppqbGbDY3NTXRR5qamsxm88mTJy9dusScJhLAkMQNAABxglJj3G73n3/+SX+2Wq233XYb/5y1tbXe3l7mTxin+ffffzscjtdff/32229Xq9XMsrtcLl9ZWWHuHMzMzAg6oFKpIiIiLl++TDcnJye1Wq1E50X6GgwGgiA6OzsLCwvF37RISUmJioqan59X/x+muN59990VFRUmk+nzzz9nbvDQxMXFyeVy/hv1/gyHAyo1d9xxh0ql+v7774eGhgwGA8bLiBSXNu3niRMncnJykpOTrVaryWSiD5pMJqvVqlKpcnJyTpw4wZzMDyAqbpsLBQAAgUR8KU3k/gdJkuHh4czqOdOkl0dKS0tnZmYsFktOTk5jYyNjgVlMN5vNWVlZzHFOk6IolUrV3t6+sLBgtVqNRiNzXb1eX1VV5XQ6rVZrfn4+yp+qqqri4mK73W6xWPbv39/W1iYyFk6T35c57YknnoiNjf3qq6848VlaWgoPD5+cnGTeHamurs7Ly7NYLA6Ho6WlpampaWJi4vDhwz/88IPL5bLb7VVVVUVFRZywNDc36/X68fHxmZkZ+v/1/g+HYr3EI5KahoaG7OxsxiV+RjhXFIySSOhEKC8vt9lsqG9tNlt5eTlFUSIB5MeNf1uFfz9GMBSciQQAgD9svsZQFNXY2BgVFXX+/Hl2s7W1Fcfxs2fPqlSq+Pj4p59+mrkRzbb2yiuv1NfXM6Y4TYqizGZzbm6uTCZLTk6uq6tjrjs1NVVQUIDjeGZmZltbG8ofkiSPHz+uUCg0Gk1jY6PX65X+R5nflzmtu7sbx3HBEZ06dYodDbfbXVtbq9FooqKiDAbD9PS0x+NpbGxMT0+PiIhQqVTl5eVOp5Pi3Ut/7bXXFAqFTCYzGo0ulwvlkvThcB5MEEwNRVH0ah7jPz8jnCsKRkkkdP6DCiAlFDefNUYkFJyJDQDAptlBUVRgfxhduXIlKyuLWc5Cceedd3Z2dt5zzz2CTSAYiKdmeXlZoVA4HA76Pvn2zojEWQoAgJ+E7D3/P/74Q6QJbD19fX35+fnMg1iQEQAA/CfEusug6n+DsLi4eO7cOfqB7JBnIeQOAAAQKEJZY0DV/8aBuS0R8iyE3AEAAAJI4GtMWlqaxGXuQKn6b4hAifBvgZh/wEXmRVKzurr6zTff7N69m52F1dXVxx9/XGSYwQhCQKaBT8fS0tJmZmaCreEfwo0MAOAGIZS/Y0JSY24iFhYWmpubt/iiTBZWV1cPHz7s9XpFTk5LSxNUEwiIA/4gxbGQhBcAbjVCVmO2gar/9oOdBafTWVhY+P7774t3CaxafgCnwY0g4x/ajQwA4EbAd43hq6nzVdMxtCg9ChFVf0F9eJQYOyakos/WvU9ISHjyySfpLQkY3n33XY4d1K4BGIbNzs4+8sgjMTExOp2utbWVvejBtyPuP98+ylWOyLyI/D4DSv+fkymR4bCzkJaWdvr0afEksgclqLovXbSf74CgQSka/hhvf1IpGv7SXb18+XJ0dPTFixcxDJubm0tISPjxxx8FuwhuZAAAtxS+a4ygmjpfNV1QXF3JgzErslCG0odHbRkgqKJPkuT4+Di9JYHdbmcL3ZMkOfp/xLceoKmpqYmIiJiamurv7+/s7PRpZ6P69oKuckTmReT3GVD6/5xMoYbDT8qGEJwn0kX7+Q4IGgyehr90V3U6XX19fW1tLYZhDQ0NBoPhgQcewERnOwDcuoi/oimops5XTacQovQzPOjjIqr+KH14ETF2voo+Z0uCgYEB9pYEgnZQr817vV6ZTMb409XVRR9H2RHxX9C+uKvsLoLy+wwi+v/sTKGGw0+KoA8cmG9RqvsSRfv5DqAMStHwp/4rbYCaNnzZAumuejyejIyMxsZGhULBaA2gZjsA3Mr4eAeTUVMvKChITU3Nzc29//77MZ5qOkpcXa1WC5oVUfUX0YcXFGNnVPTp4+vr6+Hh4dh/tyTQaDTsLQk2JOp+9erV9fV1tj/idjahby/iKhtafv/IkSNs+X22nyj9f3amRIYjouTvE9Q8oUX7q6urn3322czMzOvXr2MYlpmZWVRUND09zWxMwHdA0GBQNfw35OquXbvOnTtXWFjY1taWlJREH0TNdgC4lfG9ViZFjp6GL66OWj0I4BNlKBX97Yeg/H4A8fOBLtQ8kSjaz3cAZTB4Gv7SXcUwzOl0hoWFOZ1O5gislQGAABv61UMQhEajEVw/UalUBEFwDgquHni9XoVCwSzX8JtS1sq6u7uZRQ8cx/nrJyLbZQraWVpaCgsLY69ZsdfKGFVg1FoZYwflP8q+xJ09abKysvr7++Pj4xk7DKi1Mo4F1HA4WUBFUuK39DyhKKq6uhrH8bq6Okbck8blctXW1uI4Xl1dzTgm6ADHIH+aCfqAWitjTxtOR+muUhS1sLCQnJz85ZdfyuXyiYkJ+iCslQEAHx81RlBNXfBfNUqUno9PVX9BfXgRMXa+ir7PGiNoB7VrQGlpqdFotNlsFoslOzubXWME7aD07QXtS989geLJ71OsTQEEryuYKcHh8LPA+MOxwL4i8y1KdV+iaD/fAZRBKRr+FK/GSNHwl+4qRVEnT54sKyujKOrtt98+ePAgqhcAAD5qjKCauuC/apQoPR+fqv6C+vAiYux8FX2fPw5aWlr4dlC7BjidzqKiIhzHtVrt2bNn2bVB0A5K317Q/oZ2T+DI7/sU2xfMlOBw+FkQvASqKaK6LxGOAyiDUjT8qf/WmIBr+I+OjuI4Tv82crvdWq22s7NzQxYA4NZhY2tlASE9PX1oaAjVRCG+aLNlTE5OqlSqUF2dJEmZTMZ5hsofmOFIzAKHACZlcw745AaZNgBwyxICbf+bWtWfIIi9e/eG6uoc+X3/YYYT8iyE3AEAAIJByPaPuYl46623UlNTi4uLp6en6+vrGxoaQuIGLb//2GOP+WknUMO5fv364OCgRqPx0x8AALYzof4hJZUQLnqYzeb9+/dHRETs27fvww8/DIkPFEVFRESUlJTwX0vcKIEaTmVlpVwu7+rq8tOfoAJrZQAQWgK/1zIAAAAA0IR4H0wAAABgGwM1BgAAAAgWUGMAAACAYAE1BgAAAAgWUGMAAACAYAE1BgAAAAgWUGMAAACAYAE1BgAAAAgWUGMAAACAYAE1BgAAAAgWUGMAAACAYAE1BgAAAAgWUGMAAACAYAE1BgAAAAgWUGMAAACAYPE/y89KWClu0P8AAAAASUVORK5CYII=)
Mirror: Click here to view the mirror
Coordinated Disclosure Timeline
Vulnerability Reported: |
23 March, 2020 02:04 GMT |
Vulnerability Verified: |
23 March, 2020 07:52 GMT |
Website Operator Notified: |
23 March, 2020 07:52 GMT |
a. Using the ISO 29147 guidelines |
![](/images/done.png) |
— |
— |
b. Using publicly available security contacts |
![](/images/done.png) |
c. Using Open Bug Bounty notification framework |
![](/images/done.png) |
d. Using security contacts provided by the researcher |
![](/images/done.png) |
Public Report Published |
|
[without any technical details]: |
23 March, 2020 07:52 GMT |