Open Bug Bounty ID: OBB-1158949
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:
      a. verified the vulnerability and confirmed its existence;
      b. notified the website operator about its existence.
Affected Website: |
hugogloss.uol.com.br |
Open Bug Bounty Program: |
Create your bounty program now. It’s open and free. |
Vulnerable Application: |
Custom Code |
Vulnerability Type: |
XSS (Cross Site Scripting) / CWE-79 |
CVSSv3 Score: |
6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N] |
Disclosure Standard: |
Coordinated Disclosure based on ISO 29147 guidelines |
Discovered and Reported by: |
Yashodar |
Remediation Guide: |
OWASP XSS Prevention Cheat Sheet |
Export Vulnerability Data: |
Bugzilla Vulnerability Data |
JIRA Vulnerability Data [ Configuration ] |
|
Mantis Vulnerability Data |
|
Splunk Vulnerability Data |
|
XML Vulnerability Data [ XSD ] |
|
Vulnerable URL:
![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAAA3CAIAAABVZQ1/AAAACXBIWXMAAA7EAAAOxAGVKw4bAAANWUlEQVR4nO3cf0wb5R8H8BsrrNDrNhgFVrrQokFCDC4GCUZUZAuaSQhGBjFBxyaZbEFCCM7BHxPRsIkwIzHEGExwMXF/TLMQY+ZCZtIQsgxkt9ogqx2yyqAu5WduG3Yd5x8XL/e9e+5aoMev7/v1V+/pc899ns/zXB/6tHQLx3EUAACABiLWOgAAANi0sMYAAIBWsMYAAIBWsMYAAIBWsMYAAIBWsMYAAIBW1u8aY7PZbty4oXQIGwJGbcO5cePGsWPHtGv/4cOHb7zxxt9//x1ifUyhjW6drjG//fbb4uLiU089RTyEDQGjthFVVFRYrVbt2o+MjIyKiqqvrw+lMqbQJhBkjbl9+7bRaCQ+NTc3d/r0aaXDFerp6SkqKpIcqgSjtTW8tMRaRbKM667tqM3MzBw+fNhkMiUnJ7///vsPHz5c/RgkQkzFsm+lZadauOLU1JTD4aitrV1hg+qx1dbW9vb2hnKW5HVg5ZdWEd5XMBAs/33M7OxsS0uL0uEKEdeYcDUOq2NtR62iosLv9zMMc+XKlf7+/lOnTq1VJIKUlBSfzxe0WnhvpVAIV2RZNiYmZtu2bZpeLi4ujmXZUGqGZQqt27T/n1iPe2WTk5MulysvL494CBvC2o7agwcPhoaGvvrqq+Tk5CeeeOLs2bMXLlxYk0gktH75Di+dTpeWlrZWTYVxCm2stG8yIa0xn3/+uc1m27Vr15tvvjk3N0dR1NzcnNVqZVl2y5Yt33zzjfjw7NmzRqPx008/TUxMjI2NPXTo0IMHD/h2BgYGnn/+eaPRmJyc/Prrr//+++/Ey/X09BQUFERGRhIP5cFQsrfDt2/fjo2N5R9PTk6++uqrRqPRZrO1t7cL5ffu3XvnnXdMJtOePXs+/PDDR48eqdcXI56r1Dv1XqtErhShkkePHjU0NCQmJhoMhoMHD05NTSk1wl+0vb3dZrMZDIaysrKpqan33nvPZDLt2rXr8OHD9+7dI17ik08+kQwr39Tp06dNJtPu3bu//vpr4qgpnUjsuFLGiB0cGBh49tlno6OjTSbTwYMH79y5Q1FUdHT0X3/9ZTAY+BPdbrfZbKYo6s6dOy+//LLBYHjsscc+++wz4uAS/fzzz8JjYnjy2OSZEXeZfyy/TSR3luTS4hjkvZb4559/3n77baPRmJKS8sEHH4iHXhyV+Irff/+9uIXk5ORff/2Voqg///zTYDBcv36doqipqanY2NhffvlFZaTk5UJToedZPIVCnxLhSjuES/A1hmVZhmH6+/uvXbs2MTFx8uRJiqJ27NgxMjJC0/TCwkJ5ebn48LXXXmNZ9tq1a4ODg4ODg0NDQ62trXxThYWFFRUVHo+nr68vNzdXr9cTr6iyUUYMRl11dXVUVJTb7e7t7T137pxQXlNTMzExMTQ0dOnSpZ6ens7OTvX6YsRzlXoXYq9DvIqK1tbW3t7e3t5el8tlNpuHh4dVGuEz2dfXxzDMxMREenq6z+dzOBxXr14dGxtrbGyUt8+y7OB/xMPKsuzIyIjT6ezu7s7NzeULJaNGPFGJUsaIHRwaGjp69KjX63U6nRaLpbq6WtLazZs36+vr29raKIqqrq7evn37yMjI5cuXu7u7hTomGeGpgYGBffv2VVRUqIdHjI2YGXE+5beJ5M6iKKqiomLfvn2SF+igvaYoqrm5+f79+w6H49KlS3a7/csvvySOl+TmJY6IzWZrbGzkP6c5derUgQMHXnrpJZWRWsacl+dZPIWWNCXCknYIG07V2NgYRVHz8/P8YX9/f2pqqvAUTdPimvwhf4rH4+HLf/jhh6ysLI7jpqendTrdwsKC/Coej8dqtfKPWZalaXp6elp+uKRgdu7cyXFcIBDQ6/Wjo6NCMEI5TdNCeU9PT05Ojkp9cfvEc5V6p9LroJETI5TUF0tISBgaGhKXqDRCUdTs7Cxf3tfXFxERcf/+fSGxjz/+uDxO4rDy5cJ48eSjRjyR2HGVjMk7KOF2u5OSksQl4+Pjqamp58+f5/4bXHEk/BX5ahIcx7lcrtLS0ri4uJaWFpZl+ZpK4cljk2dG3GWltMgzw7JsS0tLXFxcaWmpy+VS6bXkxPj4eCFshmGys7OJUXH/e/MqzS6/35+ent7U1BQfH+/1elVSsdQ5T8yzeAotaUqEK+0QLrqgixBN08I7TbPZPD09HfQUvV6/Z88e/nF6errH46EoKjY2tqSkJCcnJz8/32w2Z2Vlvfjii0Kz/f39/OPLly9nZ2cLmxiSw6UGc/fu3cXFRZvNJgQjlPv9fnE5P/mU6kvalJ+r1DuVXgeNnBihkrm5uenp6czMzBAboWl6x44d/GOLxbJ9+/bo6Gj+0Gw2Ez8jJQ4r35Rk00kyakonEilljNhBiqKuX79+4sSJ4eFhv9+/uLi4uLgofrakpKS2trasrIzPBkVR4kiEasnJyfJIMjIyCgsLR0dHhUQphacUmzwzYiGmxWAwNDQ0VFVVHTlyJCMjg/+CnHqvKYqamZnx+XzCt5AXFxd1Ol0oUSmJjIz84osv9u/f39HRkZiYqJQKlXIlxDyLp9BSp0RY0g7hsqqf+X/33XddXV2ZmZl+v7+uru7dd9/ly7du3bp7927+8cb9RplS75TKtbB161btGg/dCkdNJWPyDhYXF7/wwgt2u51hmJ9++kn81OTkpMPhCCXhxL2y5uZmu91+/PjxW7duhRKedsm/detWdXW13W5vbm7mS1R6zVtYWIiIiBgcHGQYhmEYh8PBMMwKw/B6vREREV6vVygJy5wn5lkyhZY0JWB9UX+bo7ShQXyKuFd28eJF4d2oGMMwFotFUhgIBOLj44W9HcmhSjDz8/MRERHCNlpfX594r2xsbIwvD3GvTF4/6F5ZKL0jlqtEvoy9MoZhJPkMpRFxJuWHQiFxWOXxyEeNeKJSx1UyJu/g3bt3dTqduLK4kUAgIITByfbKLl68qL5XxnGcz+erra2labqqqkoemzg8eWzyzKhs2ohvE8mJVVVVNE3X1dX5fD71XktOpGlavrVInD+h7JXNzs4mJSWdP38+Li5ueHhYJRVBy+VXkeRZMoVUGtQu7RAuy19jWJbV6XTCBrFwyI9iSUnJ+Pi40+ncu3dvU1MTx3HDw8OvvPLKlStXfD6fx+OprKwsLCwUWuY3W+12+5NPPikUSg7VXxmzs7MrKyu9Xq/L5crNzRWeKikpKS4uHhsbczqdmZmZQnllZWVRUZHH43E6nU8//XRHR4dK/fn5eZ1ONzIyEggEiOcq9U6pXLy5rBQ5MUJJJOJ2WlpasrOzHQ7H+Pg4/2evUiOhrzFC+0rDKr8z5aNGPFGp4yrzhNjBhISEzs7O2dlZl8tVXFwsWagkm/jFxcXiSIirmtzY2Fh5eTn/WCk8eWyhvNgR0yK5s8rLy4U/egTEXkvmRlVVVU5OjtPpnJiYaG1tbW5uJo6X+Ioej0ev1xOTcPz48dLSUo7jPv7447y8PJVUqN/pHMe53W5i5oU8S6bQkqZEuNIO4bL8NYbjuKamppiYmO7ubvFhe3s7TdNnzpxJSEjYuXPnW2+9xX+Y7Pf7m5qa0tLSoqKiEhISysvL+U8OxVepr69vbGwU2pccqgfjdrvz8/Npms7IyOjo6BCe8nq9hYWFNE1brdYzZ86I18ijR4/Gx8dbLJampib+tlSpf/LkSaGz8nOVekcsl3REKXKlCIVIJO0EAoETJ07Ex8fr9fri4mL+z15iIyGuMZKbk6bp1tZWybDKb2niqMlPVOq4yjwhdtBut2dlZen1+qSkpLq6OvU3ZOPj4wUFBTExMampqW1tbSGuMWJK4cljC/piR7xNeJI7S06p1+JZurCwUFtba7FYYmJiDhw4wL8tUPprnb9iV1eXXq+Xv84ODg7SNM3/+b+wsGC1Ws+dO7ekOS9u7cKFC5mZmSpJlkyhJU0JTdMOyxBkjVmGlbzlTEtLu3r1qtLhyo2MjCQkJGhXHzgNRk0jxC3B1bz6+tyZqampyc/P1659fonq6upSqaPdFFq3ad/Egn+vbDXdvHlT5XDlGIZJTU3Vrj5QGowarKa2traVfztAxbZt27799tvnnntOpQ6m0GayvtYYLXz00Udms7moqGh0dLSxsTHo71YttT7AZhIZGfnMM89oegn1BQY2mfX4e2XhlZeX19nZabFYysvLa2pqDh06FN76AACgZAvHcWsdAwAAbE6b/30MAACsFawxAACgleBrDPGnxQEAAIIKvsYQf1ocAAAgqOBrjNvt3r9/f0FBQVlZ2R9//LEKMQEAwOYQ6vfKZmZmjhw58uOPP/I/LQ4AABBUSJ/5y39aHAAAIKjga8yxY8f27t2blJTkcrkaGhpWISYAANgcgv+WDMuyTqczJSVlFaIBAIDNBP/nDwAAWsH/YAIAgFawxgAAgFawxgAAgFawxgAAgFawxgAAgFawxgAAgFawxgAAgFawxgAAgFawxgAAgFawxgAAgFawxgAAgFawxgAAgFawxgAAgFawxgAAgFawxgAAgFawxgAAgFawxgAAgFawxgAAgFawxgAAgFawxgAAgFb+BQ1COngdRHoVAAAAAElFTkSuQmCC)
Research’s Comment:
![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAAA3CAIAAABVZQ1/AAAACXBIWXMAAA7EAAAOxAGVKw4bAAAPLUlEQVR4nO3dfUwb5R8A8FttoHRteRmcvI0BIiyGIEFCykQkbtlIrbUiQ4I4FiWwEILYLATZnHVDxthLNuwIIUh0MWwuSAgxBg3iggsahliRYa2kg67UbgMCrLCKzPv98cTL/e6tR6Eb+/2+n7/ax+e+932eu+uXe9m5iSAIDAAAAPAC0cNOAAAAwP8sqDEAAAC8BWoMAAAAb4EaAwAAwFugxgAAAPAWqDEAAAC8BWoMAAAAb4EaAwAAwFvc15jJyUm5XO5B6Pn5+ePHj3uw4HqhJuDxKLise0C3axGyRrd9PEh7cnJy06ZNv/76K639888/DwwMXG0o1uGsNiuUEs25c+c83ijvvPOOn5/fp59+6sGyazc5ObnamVz3BNZlu3Dh+in4+uuv/f39Z2ZmyJZnn3320KFDGIbdvXv37bff3rZtm5+fX0JCwokTJ+7fv8/TDjYuQgCXyyWkG83ExIRMJvNgwfVCTWDdk3kwo6Otxe2GEJLVarfmxMQEhmH79++ntSuVyoCAgFWFoq59LVsH9Xf9t5WVFcKjfXV6elokEhmNRhThwZuYmPBgJtfXumwXLjxxVCpVRUUF+tzZ2RkeHu50OgmCyM3N1Wq1JpPp9u3bvb29WVlZg4ODPO1gwxILqUO+vr7eLXRAmHXZEB4EEYvFly9frqurCwsLQy0//PCD0WiUSCQPYO2rCuVBfKfTKZVKn3766fVI6lH1sI7xM2fOpKSkVFZWRkVFVVdX19XVbd68+d69e11dXdPT0/7+/hiG7dy5c+fOnRiGcbWDjUzotTLaWTP17P7atWvPPfecXC6PiIh49dVXf/vtNwzD5ufno6OjnU7npk2baJcgFhcXS0tLQ0JCtm7d+sEHH6BTXRT/5MmTjz/+eGBgYFFR0b1791D/v/7666233pLL5du2bXv//ffv37+POp8+fTomJiYwMPD111+fn5+npc2awLlz52JiYrZs2fLGG2+QizDjMyfh2rVr6enpfn5+ISEhe/funZqaQu0nTpxgJsw6wNdee+3DDz8kA6anp6OshKyduiGon/ln4Pr161u2bPn+++/XEgSRSCRqtdpgMJAtZ8+eLSgoIL+yDhnDMNrlLIHXXrhm2y0yPvpw/PjxkJCQsLCwjz/+GHVgzvbMzAxtP2GO5caNG5s3b/75558xDJuZmQkMDPzuu++E5Mwzw1NTU3v27JHL5QkJCe3t7bRo58+f37NnD/n10KFDRUVFXPPMc2ySXnnllZMnT6LPv/zyi6+vL5lJaWlpaWnpaq+J/fnnny+++KJcLo+JiTl9+jS5RuYM8/wUYBiWkJBQUlJSXV3d0tKiUCjQMP/55x8Mw8Ri+l/AXO1gQ3N7poPOc2lnu9SzexzHW1tbZ2dnLRbLmTNnLBYLajeZTOiCBu0SxJtvvqlWq61W6+joaEpKSmNjI/HvBZnc3Fyr1To+Pp6YmKjX61H/mpqa/Px8i8UyNjaWlZVlMBhQ53379tntdrPZnJGRUVZWxsycmgB5wcdut4+Pj7/wwgsHDhzgis8M1dzc3NbWNjc353A4KisrtVotT8KsA+zo6EhNTUUd7Ha7RCKZm5tzu3auCxdcM0D2mZubi4+Pb2lpYd2a/EFYFxkcHAwKClpaWiIIwmq1KhSKoaEhch9gHTJBEOSFrKqqqvz8fJ7hUPcu5mzzjIK1nRyaw+Ho6ekxmUyoA+ts03ZU1rHU1tZmZmYSBFFWVlZQUMBcNWvOPDOs1WqpOw/tWpnNZpNIJAsLC+hrYmJiV1cXV248xyaptbV19+7d6HNtba1YLL506RL6Ghsbe/HiRSHbhSonJ0er1TocjvHx8aSkJHKNQmaYZnZ2Njg4OCAgYGBggGzUaDRqtfrq1avo0pnbdrBhrbXGzM7OisVi1ovgrDvoysqKTCYj61B3d7dSqST+PRqtVitq7+zsJH+Rg4ODyf3JaDSmpaWhzuQRePXq1djYWP4EaIsMDAyQizDj80/I+Ph4aGgoV8JcA1xaWlIoFKh/U1OTRqMRsnb+GsOcAbKPSqXiKRj8QbgWyczMRD8ZVVVVJSUl5D7ANWTS6OhoVFTU9PS0wBrDnG1mShiGBVOUl5cTjBozOztLW5B1tqlr5xrL8vLy9u3b9Xp9cHCww+FgTZWZM9cMr6ysSCQS6s7DrApKpbKjo4NMD/1Acx07bmuM3W6XSqXoOE1LS9PpdKhSTkxMKBSK8fHxVW0XlD+ZCTV/tzPMKj8/PyoqitqysLBQXV0dHx8vFovj4uL0ej2qT1ztYMNah/OY/Pz85ORknU536tSpK1eu0BakRbPb7T4+PuRXs9lMHo0SiYRsHxsbw3GcIIjZ2Vnqr0lQUBCO40IOKoL3aKHWSGZ8Zqjh4eFdu3aFh4ejPgEBAVwJcw0QTRT6w3PXrl2fffaZkLUL/FEmh4Paa2pqRCJRW1ubZ3PCtUh3d3dcXNzCwkJQUJDJZCL78wwZ2bFjB/ozXOBwmLPNTEkqldooUDmh1hjmvsc129TOPGPp7e3FMIw8RaNhzZlrhtGJLNk+NjbGHGN9fT16zsJgMOTl5fHkJnA7Jicn9/X1ORyOyMjIubk5HMdXVlZaW1tzcnJWW/tpmZD5C5lhppGRkYCAgMTExObmZuZ/dblcAwMDSqXy8OHDQtrBRrMOVzYvXrz4008/jY6O2u12nU63Y8eOjz76aO1hEZfLJRKJhoaGyIuwIpFoeXnZq/GZ3bRabXFxcXNzs0Qisdls2dnZHqwrLy/PYDAUFhYODg52dnYKX/uqLC0tdXZ2Xrp0qby8PCcnB90dXRcvvfRSVVVVXl6eUqlMSEiYnJwUstT58+djY2Nffvll4SsSMtsikSgiIkJ4TGzNs+1wOEQikcPh8DjnVcnJycnIyMAw7Msvv9y/f/8ao2EYplKpent7LRaLWq329/dPTk7u7+/v7e1VqVRrD454NsMVFRU6nS4zMzM3NzcvL492M8nX1zc9Pb2xsbGwsPDYsWNu28FGI/QYQ9fi7969i77abDbqf33mmWeKiorefffdtra2rq4unjg4jvv4+Ny4cQN9NZlM0dHR6LPL5bp58yb6bDabo6KiMAwLCwuTSqWzs7MR/yIfbVoXQuLfuXPHbre/9957TzzxREREBPkwFWvCPANUqVRGo/HChQu7du1Ct1i9MTqRSNTZ2bl37960tLTDhw+vMRqNTqfr6enR6XTURp4hT01NGQyGxsZG4avgmu21EzLbXGOZn58/ePBge3t7c3MzeqplLTnjOI5hGHXnYfZ58skncRz/9ttvf/zxR1QGuHLjPzZJarW6t7e3u7tbo9FgGKbVaru6uq5cueJBjcFxXCQSkX9kmEwm9MGD/fmLL76wWCwHDx58/vnnMzIyjhw5gtoXFxep3dClQp52sHG5PdMhz3PT0tKKi4sdDge6e4nOjsfGxrKzs/v6+qanp61Wa3FxsVqtRgs6nU6xWGw2m2kBi4uLNRoN1z1/m802OjqanJxM3kI/cOCAUqlE50kNDQ1Hjx4VeHGAmgDPIsz4zFA4jjc1Nc3NzZnNZq1Wi66VcSXMOkCkoKBAoVBcvnyZbOFf+8LCglgsNplM6LEFgdfKUKPJZJJIJCMjI9SAa7lWRhCEy+Xq6+tj9ucack5OTkdHB3nnnxqKOjTqZ9bZ5kmJtZ2rA+ts0zqzjqWsrAxdsKqtrc3KymJGZs2ZZ4bRPX9y52Gd+SNHjiQlJZEHFM88sx6brEniOI7uythsNoVCkZycTMuTZ7tQoX+nMjExMTo6Sr3nzzrDXD8FS0tL0dHR6LoxQRBms1kqlY6MjJhMJhzHW1pa7Hb73Nxcf39/YmJiXV0dVzvrYMEGsYoagx7HkslkTz31VGNjI9qrlpeX9Xp9fHy8j48PjuOFhYXUO6J6vV4qlX7yySfUgE6ns6SkJDg4ODIykrxlh9ZSX1+P43hAQMC+ffvQI0wEQbhcrsrKysjISKlUqlKpLBaLwB9HagI8izDjM+P09/enpqZKJJLQ0FCdTodqjEwma2hoYCbMOkCkq6tLJpORPYWsvbq6mjkEITWGIIiKigr0NBS151pqDK2d7M81ZNofNLRQ5NBon5mzLTwl/hrDOtu0zsyxDA0NyWQydIve5XJFR0dfuHCBFpk1Z54Zttlsu3fvlslk8fHxp06dYp15o9GIYRj18OGaZ9Zjk6mgoCA3N5f8mpqaWlNTw8yTa7tQORwOtVotk8mio6Pr6+vdHk2sPwVHjx6lPeRSWVmJSvhXX32VlZWlUCikUmlSUhL5hCRXO9iwNhGMHwKaycnJxMRE8kzcSx7MWgB4hCwuLgYHB9vt9of7phm3fv/998zMzFu3bj3sRMBGBO/EBGCD+uabbzIyMjZ4gcEwzGg0xsbGPuwswAbl5rmyv//+e2BgIDIy8sFkAwBA5ufnDQZDfn7+w06E3bFjx8LDwzUajcViqampIe/VA0Dj5jympKSkvLy8rq7uwWQDAEDI+3wPOxF2WVlZTU1NkZGRhYWFFRUV6B0wADC5vx8DAAAAeAbuxwAAAPAWqDEAAAC8xU2N4XnlPvM14zyduSJTv6LnZ1YVBAAAwEbm/jzG6XQODg4ODQ0NDQ0NDw83NDSg9oqKCrvdPjw83NPT093d3dTUxNN5VdYlCAAAgIeP/59oruoN9jzv52eNzPUv1YUHAQAAsJG5f++yRCLZunUr+rx9+3ar1Yph2O3bt5eXl2NiYsh2VBtYO2MYFhISQga8c+eOB2sEAADwyHlA/9dS9OYlAAAA/1fc349Z1RvsWTtjGBZBgVp4XkjOFQQAAMCjRdCzyzqdbmpq6vr163q9Xq1WYxj22GOP5efnV1ZW3rx5E7UXFBRwdWYll8tTU1N1Ot2tW7f++OOP6upq/jUCAAB45LivMTKZLDU1NSUlJSMjIykpqaqqCrWfPXs2NDQ0JSUlOztbo9GUlZXxdGbV3t5usVji4uK0Wm1eXp7bNQIAAHi0uHmXzKpeub8u7+eHl/wDAMD/DPh3/gAAALwFagwAAABvgRoDAADAW+Dd/gAAALwFzmMAAAB4C9QYAAAA3gI1BgAAgLdAjQEAAOAtUGMAAAB4C9QYAAAA3gI1BgAAgLdAjQEAAOAtUGMAAAB4C9QYAAAA3gI1BgAAgLdAjQEAAOAtUGMAAAB4C9QYAAAA3gI1BgAAgLf8B9B3jNrloRBqAAAAAElFTkSuQmCC)
Mirror: Click here to view the mirror
Coordinated Disclosure Timeline
Vulnerability Reported: |
11 May, 2020 12:42 GMT |
Vulnerability Verified: |
13 May, 2020 08:39 GMT |
Website Operator Notified: |
13 May, 2020 08:39 GMT |
a. Using the ISO 29147 guidelines |
![](/images/done.png) |
— |
— |
b. Using publicly available security contacts |
![](/images/done.png) |
c. Using Open Bug Bounty notification framework |
![](/images/done.png) |
d. Using security contacts provided by the researcher |
![](/images/done.png) |
Public Report Published |
|
[without any technical details]: |
13 May, 2020 08:39 GMT |