Open Bug Bounty ID: OBB-1158445
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:
      a. verified the vulnerability and confirmed its existence;
      b. notified the website operator about its existence.
Affected Website: |
zonasporta.com |
Open Bug Bounty Program: |
Create your bounty program now. It’s open and free. |
Vulnerable Application: |
Custom Code |
Vulnerability Type: |
XSS (Cross Site Scripting) / CWE-79 |
CVSSv3 Score: |
6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N] |
Disclosure Standard: |
Coordinated Disclosure based on ISO 29147 guidelines |
Discovered and Reported by: |
Teamhash |
Remediation Guide: |
OWASP XSS Prevention Cheat Sheet |
Export Vulnerability Data: |
Bugzilla Vulnerability Data |
JIRA Vulnerability Data [ Configuration ] |
|
Mantis Vulnerability Data |
|
Splunk Vulnerability Data |
|
XML Vulnerability Data [ XSD ] |
|
Vulnerable URL:
![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAAA3CAIAAABVZQ1/AAAACXBIWXMAAA7EAAAOxAGVKw4bAAARK0lEQVR4nO2df0xT1xfAn9BhKeV3qfzalx8jYBbDmDEMFzVkLsvimGMMHWInzBHGCCojjKAzG8MFFcaiJCPG6cL8w/2IIYYsjJnOmMqIIjZdrawiuNLVgggMsLDCCu/7x81e3t6P29efVHY+f/Xe3nvOuefd19N333vnriJJkgAAAAAAD+C33AYAAAAAKxaIMQAAAICngBgDAAAAeAqIMQAAAICngBgDAAAAeAqIMQAAAICn8N0Yk5SU9Ouvv/IVAedYRjc6p1pIL0wbF7sLF+IJYM4DKwAfjTG3bt1aWlp65plnOIuAcyyjG51TLaQXpo2L3YUL8QQw54GVgZ0YMzw8HBwczPnV9PT00aNH+You0tHRsX37dr7i44V7PeMKyI3UMR0eHg4PDydoR5mqcRT6POGcM/QjyGiA0Y7pxTcoF7s7Z4MnoPQ+evTowIEDCQkJgYGBaWlpx48fX1xcFC5HiM2uTFFv+gR4HHH+OmZqaqqhoYGv6CIrKca41zOusIxuRKofPHhQVFQ0Pj5OEMTQ0NDu3bvxP5dCemEG5WJ3Vyx3HcqwvXv3Go3GS5cuGY3G1tbWrq4utVotXE5CQgIyG4PvTFFgBUJiMRgMUqlUyFeYlo5iNpvDwsIWFhY4i48dbvSMK1BuNJlM69evJ0nSZDJlZmaiD4waR6GPkZLGVk2S5FdffZWSkiISiTIyMrq6ujDa8b34BuVidyds8ASU3rm5OZFINDU15VF1rkxRH5negM8i6Drm5MmTSUlJkZGRb7311vT0NEEQ09PTiYmJFotl1apVX3/9Nb34+eefBwcHNzU1rVmzJjw8vKio6K+//kJybty4sXnz5uDg4Li4uDfeeOO3337jVNfR0fHSSy898cQT7OKqf4MazM7Ovvvuu1FRUU8++eQnn3yC/mCiS/jm5uakpKTw8PDdu3cjy5EZGzduDAwMjIqK2rFjx/379/nMQ0I4x4JRevTo0aioqJiYmLNnzzIchdFOsbi4ePDgwTVr1gQFBe3YsWNiYkLIGIOCgt58882JiYkPPvggKioqMjLy7bffnp2dZXs1Li7u5s2bBEHExcVdv34dfWDUEATx008/2Z0YnG0oaZwHdGlpiar38/Pj0263F9+gXOzuhA1CsOtMRgNKL1IqEonYXTjnCXsG0pcBOScze4o6ai1C+GzkOwVGRkZeeeWV4ODgpKSk5uZmatFyfn7+nXfeCQ4OTkhI+Pjjjz19BQm4F/unisVi0Wg0PT09vb29ZrO5traWIIjQ0FC9Xi+VSq1Wq0KhoBdff/11i8XS29vb19fX19enVqsbGxuRqJycnOLiYqPR2N3dvWnTJrFYzKkRs1Bm/YeampqCggJUuX//frPZrFaru7q6Ojo6WltbKcu1Wi2y3Gg0Hjp0CNWr1erS0tLR0VGdThcfH19RUYExj28sGKV6vV6n07W1tW3atInhKIx2isbGRqVSqVQqBwYGYmNj+/v78eo0Gk13d7dGozGbzWvXrh0fH9dqtdeuXTMYDNSQ2V61S3Fx8datWxk/3BQ3btzYunVrcXGxEFGU6gcPHly5cuXbb78Vi8UXLlxoa2vD/F4I6WV3oczp7q5YzgbjTE5PUnqDgoK2bdtWUFDwyy+/0P8xEDzzhGDNQHoXzsnMnqKOWkuXL2Q28p0CFRUVAQEBg4ODSqXy3LlzlNj6+vq5uTmtVtvV1aVSqU6dOsXraMAHwV/mGAwGgiBmZmZQsaenJzk5mfqKc60MdTEajai+vb19w4YNJElOTk6KRCKr1crWYjQaExMT0WeLxSKVSicnJzmLCJ1O97///W98fJwkSZvNJpVK7927h77q6OjIyspiW97d3U1ZTmdwcDA6OprPPL6x4JUyrMUsJlDa6cjlcrVaTa/Bq6MWUrq7u/38/Obm5lCxp6cnJSUF40Y8FouloaEhIiJi586dAwMDVP3AwMDOnTsjIiIaGhosFovdMbJVC1ldEdILMygXu7tiOZ8otjM5PcnWOzMzU1tbm5qaKhKJUlJS6urqbDYbyTVPSK4ZaPfEZI/LIWsZ8oXMRjrUKWCz2cRiMTXJ29vbw8LC0GeZTEZp1Gg0zi3nAsuFY/djDAYDdeAxMUYsFlP1/f39crkcfS4oKMjIyKiqqvrss8+uXLlCtbHZbGazGX1ub29/4YUXqK8YRcTzzz9/8eJF9NlsNgcEBFBfDQwMoCmLsVytVr/44ouxsbEymSwiIoKqZ5vHNxaBSjkdxacdMTU1JRKJ0I8IhRNjZBQ53SiEycnJ3NxckUhE1YhEotzcXMYdAsyPr3OqhfTCtHGxu3AhMhp8NRQMZ3J6EqPXarX29PRkZWUdPnyYc56QXAdCyInJefgEWkuXL3A2cp4CjEne39+P6icnJwmCoFwaERFBmQ08Fnj1/ZhvvvnmzJkz6enpCwsLVVVV+/btQ/X+/v4xMTHos90nyr744ovk5OTXXnvNaTNyc3O3bNmiUqk0Gk1nZ6dd89wLn3Y6/v7+7lXq3BNlQ0NDFRUVKpWqvr6eqqyvr1epVOXl5UNDQ55TLaSXkIUyV1QIEaKhwVeDYDuTz5N8elevXr1x48aWlpbvv/8e1bh9njhhrRMIOQUorFarn59fX18fcqlWq2U4FvB18CHIuesYgnZJfvHiReqSnI5Go4mPj2dU2mw2mUxGXS8ziiRJmkymtWvX0pcCMOtInJaPjY3R/5VrNBrGlQTdPL6xCFTKdpQQ7XK5XKPRMNzi0BgZRbYbhVBWViaVSquqqtCaJJ3x8fHKykqpVFpWVoYX4pxqIb0wbVzsLlyIcPicyfYkWy99YYokSZVKhVZ92fOEtHcdw3diMnoJt5Z0/DqG7xRAa2UGgwHV09fKpFIpe1UQeFxwPsZYLBaRSEQt11JFNJXz8/NNJpNOp8vIyKirqyNJsr+//+WXX758+fL4+LjRaCwpKcnJyaEkoxshKpVq3bp1VCWjSJJkXl7ehQsXqDv/qLKkpGT79u1Go1Gn061fv76lpQVvuVwub21tnZqaGhgYyM3NRfWc5vGNRaBSTkdxaqffB2poaMjMzNRqtSaTCf2XdGKM9CLbjUJQKBTUCc+JwWBQKBRUkfNOm3OqhfTCtHGxu3AhwsE7k+5Jhl69Xi+Xy0+fPm02m6emptC3DQ0NJM88sRtjOCczY4oKt5Z0PMaQPKcASZL5+fm5ubkGg0Gn06Wnp1P1ZWVlWVlZOp3ObDY3NjbW19fz2Qb4IM7HGJIk6+rqJBJJW1sbvdjc3CyVSo8dOyaXy8PCwvbs2YPu+y0sLNTV1aWmpgYEBMjlcoVCMTo6ytBSXV196NAhSj6jSLK2hUaVFoultLRUJpPFx8dTd0QxlqtUqg0bNojF4ujo6KqqKlTPaR4Swh6LQKWcjmJrZ/Sy2Ww1NTUymUwsFufm5qL/ko6OkV5ku9Ht8A3cOdVCemHauNhduBBPwNbb2dmZnZ0dEhIikUjS09NPnz6N6jnnCT7G8E1mknUuC8eJGMN5ApIkOTo6mpOTI5VKExMTjx07RtVbrdbKysr4+HiJRLJt2zZ3XVwC3sFOjHECV97JSk1NvXbtGl/R+6yM98uW0Y3OqRbSC9PGxe7ChXgCz+l9vCYzuoBbbisAN8DxbtcycufOHUwRcI5ldKNzqoX0wrRxsbtwIZ4A5jxCo9EkJycvtxWAG/DRvMveAXKne43FxcXjx4/fvXvXvY1hA4iVxJEjR86ePfvw4cPr168fOnSorKxsuS0C3MB/N8ZA7nRv4u/vv7S0VF1d7cbGsAHECiM7O7u1tTU+Pl6hUOzfv7+oqGi5LQLcgP0Y42hq8YSEhEePHrkiQUimcXZG8aampqeeeurPP/+02xIh8BUKuVy+evXqZ5999scff8Q3ptStYnHy5EkhfX2K999/PzAwEGWfc4vAmpoak8lEzwZGEMT8/PyuXbvYKjgbM1hJybm9APvE9DU2b9588+bN+fn5u3fvHjhwYLnNAdyE3Ts26IFCvV4/NjamVCqzs7N7e3sduufjqAQhNycZbZRKZUhIiFarpbcZHR3ds2dPX1+fVCodHBwsLCykvxedmZl56dIljIqWlpbExESlUjk2Nnb+/PmIiAj0eKgQw6z/hv0+to8zPj7u5+en0WhsNhvnQ8luwWq1Zmdn5+fnO3cvmnEE7R5QAAC8j50Y43pqcSckOBpjjEajTCY7f/48u5ndpO4YFbGxsZcvX6aKJ06coL/Q44rxvo93RmEwGD799FPndK2wDSAAYKViZ62ML7U4O4U4wZNsHJOcnDNlNzvTOJ75+fm8vDyFQrFr1y4++xGcSd35xE5PT5vNZnra2i1btlCpbTEbB/DBl3Sd4UOBWwbwaeE8BJxiMUOYmJhg7NSAH4LAzQXYJCQkfPjhh3i/8YHZAELIrgQAAHgHOzEGk1qcnUKcM9k4RgJnym52pvEoFnQh5eXlfX19nI+guJLU3WKxiMViehAKCQmZmZmhN+DcOAAvk+Exdo3ALQP43MKX751TLN8QIiMj6Ts12B2CwM0F3AvmZgx+VwIAALyK3SsdztTinEnsOZON80kg+VN2MxZPTCyoNqdOnUpNTS0sLMzLy+Oz325Sd/rOAphe9+7do+dqI3g2DkBf0ZPvVlRUUPWMpOuMGoe2DOB0C+ch4BSL3/uA8+VtviE4ms6dgRNrZfgNIPh2JQAAwPs48J4/PbU4+3eBL9k4nwRMym6B92NEIpFcLtfr9aOjo1KplL5ZAB5G7nT6zgIUJpOJngidJMnBwUEqWzs+VahEIqH/9KPfPkySDwqHtgxgw3cIOMXazfzBGWPwQ8CkD8HgRIwRsgEEe1cCAAC8jwPv+VOpxRUKRUlJCWcbfLJxuoTy8nKUspu6VcO3fy1jcYwgiIcPHxIEsbS0dObMmbS0NIIgampqqqqqBC6PMJZZ6DsLUKCVor///ptaLpuZmQkJCREi38/PLy4uTkhLV2C7ZXBwkPBkvnffwe5Ty0NDQx999BFjVwIAALyP/fdjGDdR0JO47GahoaERERGcb1lzSoiJiZFIJJOTk3H/wP6hR2hYoHqJRPLqq6+iz9XV1WNjY5ib4RSLi4s//PCD3RcpQkNDY2Nju7u7qZru7u6nn37arnxXkMvlAQEBv//+Oyrq9frExES+xmy38B0Ch8T6PowjyD6g7733XkZGRnR09MDAwMGDB5fJTAAACMJujLlz505ycvKXX345MjIyPT199erV8vJyvouYysrK0tLSW7du3b9/f9++fVevXsVLQFczt2/fHhkZaWpqOnLkCJIjk8msViuVSiSOBVt1YGBgfX394cOH7b5l1tPTEx0dnZSURNXMzs5yPsBWW1u7d+/en3/+eWJi4rvvvqurq6upqcELp5j/NwL3fvf39y8oKKisrPzjjz9u375dV1dXWFjI15jTLZyHwCGxvg/jCLIPqMVi0el0zc3NkZGRy2QjAAD/YHc1jTO1OOcaOmeycT4JJDZlt91M45wGZGRk1NbW4ofDzp2OuR/Q0tKSnJwcEBCQkZHR2dnJ14VxP4bt5BMnTgi5H0M6uGUAG75DwBb7+N6PsbsBBAAAvsMqkrUpy8omLS3t3Llzzz33HFUzPDy8bt06H0+zAVAwjiD7gAIA4Dv4Vm5/L8CZO724uNjrhgBOAhtAAMBjxH/uOobN/Py8SCT6LzyOBQAA4GUgxgAAAACe4r+7fwwAAADgaSDGAAAAAJ4CYgwAAADgKSDGAAAAAJ4CYgwAAADgKSDGAAAAAJ4CYgwAAADgKSDGAAAAAJ4CYgwAAADgKSDGAAAAAJ4CYgwAAADgKSDGAAAAAJ4CYgwAAADgKSDGAAAAAJ4CYgwAAADgKSDGAAAAAJ7i//tXqbRzbf26AAAAAElFTkSuQmCC)
Mirror: Click here to view the mirror
Coordinated Disclosure Timeline
Vulnerability Reported: |
10 May, 2020 17:00 GMT |
Vulnerability Verified: |
11 May, 2020 08:20 GMT |
Website Operator Notified: |
11 May, 2020 08:20 GMT |
a. Using the ISO 29147 guidelines |
![](/images/done.png) |
— |
— |
b. Using publicly available security contacts |
![](/images/done.png) |
c. Using Open Bug Bounty notification framework |
![](/images/done.png) |
d. Using security contacts provided by the researcher |
![](/images/done.png) |
Public Report Published |
|
[without any technical details]: |
11 May, 2020 08:20 GMT |