logo
DATABASE RESOURCES PRICING ABOUT US

gabba.up.pt Cross Site Scripting vulnerability

Description

Open Bug Bounty ID: OBB-1159175 Following coordinated and responsible vulnerability disclosure guidelines of the **[ISO 29147](<https://www.iso.org/standard/45170.html>)** standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence. Affected Website:| **[gabba.up.pt](<http://gabba.up.pt>) ** ---|--- Open Bug Bounty Program:| **Create your bounty program now**. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| **[XSS (Cross Site Scripting)](<https://www.owasp.org/index.php/Cross-site_Scripting_\(XSS\)>)** / CWE-79 CVSSv3 Score:| 6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N] Disclosure Standard:| Coordinated Disclosure based on **[ISO 29147](<https://www.iso.org/standard/45170.html>)** guidelines Discovered and Reported by:| **DkilerS2 ** Remediation Guide:| **[OWASP XSS Prevention Cheat Sheet](<https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.md>)** Export Vulnerability Data:| Bugzilla Vulnerability Data JIRA Vulnerability Data [ Configuration ] Mantis Vulnerability Data Splunk Vulnerability Data XML Vulnerability Data [ XSD ] Vulnerable URL: ![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAAAjCAIAAADNIk3yAAAACXBIWXMAAA7EAAAOxAGVKw4bAAANJklEQVR4nO2cb0xb5RfH71hhHdzi6NrCoMaWmc4sDolOwiKaZVum2Qipc4MNq+simbgwQhqcSIwiKpsMpvKC8AINmkWnMUtDdJkGF9MQMoE1d7XBrumW0rFSTSmluWMdlt3fi5s9ub/7r6Vr14Ln86rP0+ee55zvOe3pfVpYRVEUBgAAAABJICPVDgAAAAArFugxAAAAQLKAHgMAAAAkC+gxAAAAQLKAHgMAAAAkC+gxAAAAQLJIix6j1WqvXr0qNPwvkJ4hp6dXiWJlR5dYrl69+tZbb7EmEyigVqu9cuXKoUOH/v7774QYBNKH1PeYP//88969e0899RTv8L9Aeoacnl4lipUdXcIxGo0ajYY5k0ABaVPPPPNMVlZWc3PzgxsE0oooPWZyclImk/E+NTc3d/LkSaFh7AwODlZVVQkNY0TITxH/UwKvSvGF/CDEIgvyanZ29siRI0qlsqio6J133vn333/j3gs9npyczMvLi8v3xJDYMovDTmrDjwqzUGdmZmw2W1NTE3MBEnBycnLVfTIzM7ds2fL999+jZVzFTp8+vXHjxtnZWa6ppqamoaGh5AUFpIT472OCwWBHR4fQMHYS0mOWC7wqpWfIyCuj0biwsEAQxKVLl0ZGRt5///1Uu5YA0lPz9IFZqCRJZmdnr1mzhrmAKSCO4+FwOBwOe73e9957r6Gh4eeff+Y1+9tvv3388cdms5nZYpEpuVxOkmRS4gFShyS1209PTzudzu3bt/MO/wukZ8jIqzt37litVofDkZOTg2HYmTNnamtrl3TDKpFIdDod6zFz8uGTnpovI7gC0h1IqVTW1NQEg8He3t69e/eyrrp58+bBgwf7+vq2bNkiYgpYYcR0H/PFF19otdr169e/9tprc3NzGIbNzc1pNBqSJFetWvX1118zh2fOnJHJZKdPn87Pz8/Lyzt8+PCdO3eELA8ODu7evTszM5M7nJ6e3rt3r0wm02q13d3d6IPP2NjYtm3b1q5dq1QqDxw4cOvWLWTt008/5d2Ud17EDsa5x0eHG/S8eHRCa1iicUMeGxt7/vnnZTJZUVHRK6+88tdff2EYdvfu3TfeeEMmkz322GMffPDB4uKiiP/01idPnlQqlRs2bPjyyy8xDFtcXHz33Xfz8/NzcnIOHDgwMzMjlFZuXtauXXvz5k26wWAY5nK5CgsLMQy7devWiy++mJOTs3Hjxs8++0zk5KeoqOjKlSusx0VFRX/88Qc9+csvvwhdy1rAq09NTc0nn3yCFm/bto3WVqh+WJrfvn37zTffVCqVjz766Icffri4uEhr2N3drdVq8/LyXn31VZY4CO61QnlBislksk2bNn377bfiIQuVEG9+xUPIycmpqamZmZl5++23lUrl+vXrjxw5cvv2bZFdeAuVCetly6KsrMxut7Mm7969u2/fPoPBcOjQoRhNRS0MYFkQvceQJEkQxMjIyOjoqNfrbWlpwTDskUcecTgc9D2ywWBgDl9++WWSJEdHR8fHx8fHx61Wa2dnp5BxkYOyhoaGrKwsl8s1NDT0zTffoDVWq/Xo0aM+n89ut6vV6oaGBuTn+H2YmwrNC9mJRZCo0fGuYYnGDbmystJoNHo8nuHh4YqKCqlUimFYe3v7/Py8zWa7ePGixWLp6+uLqoPD4bDb7QMDAxUVFRiGdXZ2Dg0NDQ0NOZ3OwsLCiYkJobQK5YXm2rVrzc3NXV1ddHZyc3MdDsevv/46MDCA1ig5RNXTaDTu3LkT9SEmY2NjO3fuNBqNIvpUV1ebzWZ6wfT0NEEQer0eE64fVnSNjY1er9dqtV68eHFwcLC3t5cWx2az0eJ4PJ7W1lZez3mvFcoLrdjExMSFCxeYPUZIMaEy4+ZXKASCIIaHhwmC8Hq9TzzxhN/vt9lsly9fdrvdKKLYC1VIQC5yuTwUCrEmjx07Nj4+Xl9fH7spkcIAlhOUKG63G8OwUChED0dGRoqLi9FTOI4zV9JD+hKPx0PPnz9/fuvWrfRjj8ej0WjQJSRJ4jgeCAS4w0gkIpVKb9y4gYysW7eO657L5SooKBDZVMQZXjvccNCQdiAWgyJrWGaZIQcCAYlEEg6HWdYUCgVJkvRjgiDKysqi6oAkpVGpVFarleshb1opTl5opqamiouLz507R93PDjNAlJ0pDlxvWZAk2dHRIZfLq6urnU4nPel0Oqurq+VyeUdHBx2+kD7z8/O5ubm0M729vVVVVZRo/bDKDMdxtGxwcLC8vJwlzvDwMG/N817L8g3lZamKidczMzUiIQSDQRRCRkbG/Pw8PRwZGXn88cdFdmFFKlK03GcpxosFPdvX16fT6Wpra/ft28dcKW6KtzCAZUf0HsP7Vsv7FOoxUqkUzU9MTKhUKvpxJBLxer3oqfPnz+/YsYN36PV6s7KymEbQvlarddeuXYWFhQqFQi6Xo7d+3k1FnOG1EzVwEYPMxUJrWGZZChw8eLC0tNRkMnV1df3+++8URQUCAQzDFPeRy+Xi/nNf8MFgUCKRRCKRWKLj9YqmvLy8p6eHfuz1elkB8n4CWBKBQECv10skEnookUj0ej16l6Th6oPmad927dp19uxZSrR+RMrM6XQWFBTEWPO811ICeVmqYiL1zMrvUkOgYitmkR7DKo+oPUYikahUKofD4fP5cBxnJi6qKYpTGMCy46H+fczq1as3bNiAhvH9okyv17/wwgsWi4UgiAsXLsTtTKLsPAiskL/77rv+/v6SkpKFhQWTyXT8+PFwOJyRkTE+Pk4QBEEQNpuNIIg4/F+9enXcXmEYNj09bbPZjh8/HvXaOM7KMAy7fv16Q0ODxWJpb2+nZ9rb2y0Wy7Fjx65fv46WcfWh5+njstnZ2dHR0agllOxflC21ruJTLIVEFTAQCOTm5qLhvXv3+vv7N23alJ+ff+LECZPJFLspbmEAyw/xFhTffQzGuAE3m828x1ORSEShUKB7fO5QKpW63W56iM4W/vnnH+YnGoIgeI+w0KZC80J2EKFQKCMjg3lgIr4RSzShNazDFmbILAiCUKvVFEXhOM466RLXgftJUKVSEQTB8lAorbxeRSIR5gzr5MdsNj/IWVl9fT2O4yaTye/3M+f9fn9TUxOO4/X19dyrkD4URYXDYblc/vnnn6OjGKH64ZYZ70FTLDXPe61QXpaqmEg9s/K71BCo/7+PiaVQxYuW61JfX9+ePXt4n52fn1er1f39/bGYEioMYHkRf48hSVIikaBzUjSkC3f//v1TU1N2u720tLStrQ1ZQOfpFovlySefRPOsIUVR+/fv1+v1brfbbreXlJSgfVUqVW9vbzAYdDqder2e+WrhbiriDK8d5nF/WVlZXV2dz+dzOp0VFRXiGzGvFVnDFI0V8sTExEsvvXTp0iW/3+/xeOrq6iorKymKqq+vLy8vt9vtXq+3s7Ozvb1dXAduj+no6CgrK7PZbFNTU/SnQpG0chPBio5Gr9czA3yQszKDwYCaARe3220wGChhfWhqa2tzc3N/+OEHNMNbP9zo6urqqqqqPB6P3W5/+umne3p6RMQJhUISicThcNBnj9xrKYG8LFUxkXrm5ndJIVCcHhO1UD0eDzpS4wpI70X/fYzf7z937pxCofjpp5+YzzLXf/XVVwUFBaFQiGvK5XIx/RQvDGC5EH+PoSiqra0tOzt7YGCAOezu7sZx/NSpUyqVat26da+//jr6spFprbm5ubW1FZliDSmK8vl8lZWVOI5rNJpTp04x3wS3bt0qlUoLCgpMJhPzvbWzs5O1qdA8rx1WsC6Xa8eOHTiOb968uaenh7kRNzru5z5eBZiisUJeWFhoa2vT6XRZWVkqlcpgMPh8PoqiwuFwU1OTWq3Ozs7es2cP+twnogMriZFI5MSJEwqFQiqV6vV6v98vklZuIrh5pyhqampq9+7d2dnZxcXFXV1dD/59TFSE9KExm804jjN15q0fbnQkSR49elShUKjV6ra2tkgkIl7zLS0tqOa511ICeaHuK4bjuE6ni6pYLGUWdwjMHhNLoYbDYalUSvcbroB0o6KRSCSbN2+mfxjCDITlcGlpaUtLC9fUjz/+WFJSIiILsByJ0mPigLequOh0usuXLwsNWTgcDu5X6ykhlujiUyBNiMMrbgdKN1D9pKfmXGIsoYe2S2NjI/3lfAIFZJkKh8MajYY+RgNWEin7O/9r166JDFkQBFFcXJxkjx424iGnivT06gFB9bMio3sIdHV10T82SaCALFNr1qw5e/bsc889lyj7QJqQ4v8lI8JHH31UWFhYVVV148aN1tbWlfFvsoCHBtRPAsnMzHz22WeTvQs0mBVJ6v+3vxDbt2/v7e1Vq9UGg6GxsfHw4cOp9ghYTkD9AEA6sIqiqFT7AAAAAKxM0vc+BgAAAFjuQI8BAAAAkgX0GAAAACBZQI8BAAAAkgX0GAAAACBZQI8BAAAAkgX0GAAAACBZQI8BAAAAkgX0GAAAACBZQI8BAAAAksX/ACZyvFLqCKRxAAAAAElFTkSuQmCC) --- HTTP POST data: ![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAAAjCAIAAADNIk3yAAAACXBIWXMAAA7EAAAOxAGVKw4bAAALkklEQVR4nO3cb0wT5x8A8Ec8sMIVobYFocsAl7osisQowUwXM40zSkjjFJR1s0ajaJCQBp0jy4a4oUGcbi8aXqBBY/wXYxoyDS7MLA0hDrE5a4O1QVMrFjSlFHJixerze/Fkl/vdXVv+dZ34/by6Pvfcc8/3e8d926fADIwxAgAAAKIgLtYTAAAAMG1BjQEAABAtUGMAAABEC9QYAAAA0QI1BgAAQLRAjQEAABAt71iNyc7Ovnv3bqxnES3TO7opd/fu3T179ggapyqHZJzXr19v3br12bNnkx8QgPfTu1Rj7t279/bt28WLF8d6IlExvaOLBoPBkJWVxW+Zqhxy48THxyckJFRVVU1yQADeW/+hGvP48WO5XB6mQ0tLS1FREUJocHBw+/btKpUqMzPz22+/ff369YTPxd9ITU2d6NynABfduERM2riGim0GIhoaGjpy5AjZHhgYsNlslZWV/A5cDh8/fjzjH/Hx8YsWLbp06RLXTZy0Y8eOzZ8/f3BwUDAOQqiysrKtrS16QQEwvf2HakxE3E++wWAYHR1lGObmzZsdHR0//PBDrKc2BSZWY94rfr+/rq6ObLMsm5iYOGvWLH4Hfg5pmg4EAoFAwOPxfP/99+Xl5deuXZMc9s8///zpp5/MZjNXYvnjKBQKlmWjEg8A7wEq1hMYq76+PqfTuWrVqpcvX1qtVofDkZSUhBD65ZdfSktLube3Y0RRlFarldyICS66WE1gGhDnkFQglUpVUlLi9/tNJtOGDRsERz158mTLli2NjY2LFi0KNQ4AYMIif465ffv2ypUr5XJ5Zmbml19+ef/+fYTQq1evduzYIZfLP/zwwx9//PHNmzdc5+XLl8+ePVulUm3evPnp06dkXeLIkSMqlWrevHmnTp1CCL158+a7775LS0tLSkravHnzwMAAd7pff/01Ozt77ty5X3/99dDQENfe0tKydu3a+Pj42bNnP3nyhBQYhFBPT09GRgZC6OnTp1988UVSUtL8+fNPnDgRftknMzPzzp07go2///6b7L1x40b4nPA7iPNTUlLy888/cx2WL19+5swZhFBfX9+GDRvkcnl2dvbx48f5M+SiQwi9ePFi9+7dKpXqgw8+OHToEMktSePx48ezs7NTU1O/+uorfnI4ksdKXhfSTpIml8sXLFhw/vz5MCGTCRw7diwtLS01NXXbtm0vX77k2gXXN2IISUlJJSUlAwMD+/fvV6lUc+fO3b59+4sXL8KcaGhoKCsri2XZGTNmkHwK8HMolp+fb7fbBY2vXr3auHGjXq/funXrWMaJeGMAAAQi15jCwkKDweB2u9vb21esWCGTyRBCtbW1IyMjNputtbXVYrE0NjaSzlarddeuXf39/Xa7XaPRlJeXI4RYlnU4HHa7vbm5ecWKFQih+vr6tra2trY2p9OZkZHR3d1NDmdZlmGYjo6Ozs5Oj8dz8OBBbhqSS0kPHjyoqqpqaGhACJWXlycnJzscjj/++KO5uZnroxKJGLLBYFi9ejWpPQK3b99evXq1wWAIk5/i4mKz2Uz29vX1MQyj0+nIDBMSEnp6etra2s6ePcsflh9dRUWFx+OxWq2tra0tLS0mk4lLjs1mI8lxu93V1dXi6YU6VvK6cEnr7u6+fv06v8ZIJo1l2c7Ozq6urq6uLqvVWl9fz01McH3DhMAwTHt7O8MwHo/n448/9nq9Npvt1q1bLpeLi0jyRHPmzHE4HGQFTK/Xi2MPv9ioUCiGh4cFjXv37u3q6iorKxvjOGFuDACANByWz+ejKCoQCAjalUoly7Jkm2GY/Px88bE9PT3p6ekulwsh5PP5+LvUarXVahX0Jz2Hh4fJy46OjpycHLLNsixN04JBent7c3JyLl68iDEOBoMymcztdpNdV69eTUlJ4boJhA+ZnK6urk6hUBQXFzudTtLodDqLi4sVCkVdXR0Xu2R+RkZGkpOTyWRMJlNRURE3w0ePHolnyI8uGAzSNM11a2lpKSgoECenvb2dJMflctE0TRpDHStArst4k0YmwO+8dOlSbmL8SxM+BL/fz4UQFxc3MjJCXnZ0dHz00UdcN/GJBMHyt7HoDhHsJS1cdGRvY2OjVqstLS3duHFjqHEEQ0neGACAMCLUGIzxli1b8vLyjEZjQ0PDX3/9hTH2+XwIIeU/FAqFWq0mna1W65o1azIyMkh7SkqK+Kfd7/dTFBUMBgUnEvTkPxSuXr36+eefC/oXFBT89ttvZNvj8chkMm5Xd3c3d+yE+Xw+nU5HURR5SVGUTqfjHpEccX5II5nbmjVrzp07R2aYkJAgOUN+dIJuTqeT1INQyeG3hzoWS10XPM6kuVwuQWdy0cXXd7whiCOSPBEOW2MEd0jEGkNRlFqtdjgc/f39NE1zF058p4mHEtwYAIAwIq+VXbhwoampKTc3d3R01Gg07tu3LxAIxMXFdXV1MQzDMIzNZmMYhnTW6XSfffaZxWJhGOb69ethhp05c+bYP2yJly/6+vpsNtu+ffsiHjuBtTKE0MOHD8vLyy0WS21tLWmpra21WCx79+59+PAhv6c4Pwghslw2ODjY2dkZ8bfF/oXfKBv7dSEmlrQYiphDn8+XnJzMvXz79m1TU9OCBQvS0tIOHDhgNBrHOI74xgAAhDOuisQwjEajwRjTNC1e7Hr+/Dn/zR3DMJKfYzDGarWaYRhBY6j3ucFgUKlUcmsvRDAY5LcIln3MZvNk1srKyspomjYajV6vl9/u9XorKytpmi4rK5M8kMtPIBBQKBQnT57k1mHIDF0uF3nJLUwJoguz0BTxc0yoYyWvy3iTJljCMpvN3FqZ4PqONwRxRJInwqE/x4jvEPGsGhsb169fL7l3ZGREo9E0NTVJ3mn8zqFuDABAKBFqTHd397p1627evOn1et1u986dOwsLCzHGZWVlBQUFdrvd4/HU19fX1taS/mq12mQy+f1+p9Op0+lC1Zi6urr8/Hybzdbb20veFeLQzyCLxbJw4ULx3ATfguh0uk2bNvX29trt9ry8vMmslen1eq4YiLlcLr1eT7ZD5QdjXFpampycfPnyZe7ATZs26XQ6l8tlt9tzc3NDRbdz586ioiK3222325csWULW3EIlZ3h4mKIoh8NB1h4lj8VS12W8SSOPfn7nmpoa8cQmEILgZagTYYxZlqUoinwR4na7uSU1cQ7Jucjfx3i93osXLyqVyt9//52/l9//9OnT6enpra2t4jutp6eHm2f4GwMAIBahxoyOjtbU1Gi12oSEBLVardfr+/v7McaBQKCyslKj0SQmJq5fv55762exWJYuXSqTydLT041GY6gaEwwGDxw4oFQqZTKZTqcj7wpDPYOqqqqqq6sFIwieUBjj3t7etWvXJiYm5uTkNDQ0TP77mLEIlR+Msdlspmma+04bY9zf319YWEjTdFZW1tGjR0NFx7Lsrl27lEqlRqOpqakhxSPMA/rgwYOJiYnNzc2hjsVS14W0k6TRNK3VasMnjUzg6NGjarU6JSXlm2++IaFJXt/xhoD/v8ZInoioqakhwQYCAZlMRuqNOIekUBEURX3yySfkd0P4sQjmnJeXl5+fL77Trly5kpubGyotAIDwxrdWFhNarfbWrVvjOkRcgf5rHA4H+Sp7AtHFhORzObYnqqioIN/PT1UOxeMEAoGsrKympqbJDw7A++kd+Dv/Bw8exHoKU49hmJycHDRNo/t3NDQ0kF82maociseZNWvWuXPnPv300ykZH4D30DtQY6aNw4cPZ2RkFBUVPXr0qLq6enr8m7UYio+PX7ZsWbTPAgUGgMl4l/4n5rtu1apVJpNJo9Ho9fqKiopt27bFekYAABBdMzDGsZ4DAACA6Qk+xwAAAIgWqDEAAACiBWoMAACAaIEaAwAAIFqgxgAAAIgWqDEAAACiBWoMAACAaIEaAwAAIFqgxgAAAIgWqDEAAACi5X/+sWlQvULEdAAAAABJRU5ErkJggg==) --- Research's Comment: ![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAAAjCAIAAADNIk3yAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAGUUlEQVR4nO3cX0hTbxgH8HdT5lwbbstNa6fyD0SESNCICpUQgrQRQRldjCYFQ8IyTjcmFIOi1sKbkJKIqAi6q668iv6MbtQfc5LldEM8s835J2s01nGrnd/FocN+un+aR8Xf93O18+w5z3nf3Ty85z1nEo7jCAAAgAikaz0AAADYsNBjAABALOgxAAAgFvQYAAAQC3oMAACIBT0GAADEgh4DAABiQY8BAACxrGSPYRhGpVLlHs9gZmamqalJo9FIJBKJRLJly5a2trb5+fnF1UZGRhoaGoqKikpKSs6dOxcOh/9yFn8jHA7funVrDQcAALCurNN1jNVqjcVibrebZVmWZd+9ezc0NGS32wkhO3bsmJ2dFTIbGxspivJ4PC6Xi2XZlpaWtRs1+f79+82bN9dwAAAA64pkBf9LhmGYqqqqHz9+5BhPJx6PKxSKYDCo0+mEYG9vr9VqHRwcTM6cn5/v7u4+e/Ysv7L5+PFjY2PjxMTE381j+ZY6UwCAjS37OmZycvLo0aMqlaq8vLyzs1Oj0fDx/v7+AwcOFBYW6nS6pqamQCDAx2/fvl1SUqLRaCwWy8+fP4U6KeMpi4RCIZlMxjeY3t7eyspKjUbT09Pz5csX8t97ZQUFBW1tbfxhPB5/9uxZfX29ULm2tlalUhkMhhMnTgwPDydPasENN4Zh+Hnx8Tt37qScQvK5i3PC4XBZWVkkEpFIJE+ePMnl1wcA2Niy95jW1laZTObz+V6/fv306VMh7nK5rFZrKBQaGhqiKKq1tZUQEolE/vnD5XI5HA4+OV08ZZFEIiGVSoWrnzp1anR01OVyJRKJdIN8+fKlQqHo6+t78OABHzGZTM3NzX6//8OHDzU1NXK5PMdfJBKJ9PX1LR5q1pyioiKPx6NUKlmWNZvNOV4OAGAj4zL69euXXC4fGxvjD1+8eKFWqxen+Xy+0tLS8fFxQojf7xeSjUYjx3Hp4imL8PlKpZLjuGg0KpVKZ2dnOY578+YNf2nh22TRaNTpdFZVVXV3d3McNzc3l5+fz7JsunktKDI+Pi4UzzrUDDkpxwYA8L+VZR0zPT2dSCTKy8v5w127dglfDQwMHD582GAw6HS6ffv2sSxLCJHL5du2bROS/X4//zldPGURwdzcnEwm27x5MyGEoqgM4ywsLKytrXU4HPw6RqPRnDx5cv/+/ZcvX+7s7Hz//n3maSZLN9Sl5gAAwPKfKzt+/HhdXZ3T6XS73T09PWIUSb5plvJGWTwe7+/vFw4rKiqCwSD/+fnz5w8fPqyuro7FYjRNX7hwYXkjBACAZcvSY/R6vVQqZRiGP/R4PPyHmZmZYDB49erVyspKg8Eg7HawLCs81jU6Orp9+/YM8XRFpFIp31G0Wi3Lst++fSOEpFwrJBKJgwcP8gkLrkgI2bt3r8ViuXLlyqNHj169epV8olarjUajwgNg/NMEmaeQLJccAADI0mPy8vJMJtOlS5cYhvn06ZPNZuPjOp1Oq9Xev38/HA57vV4hTgihaToQCPDJJpMpQzxdkeLi4lgsNjAwsGnTppqaGrvdPjk52dXVtXh4BQUFR44cOX/+fCAQGBwcbG9vb25uJoQMDw83NDS8ffv269evExMTXV1de/bsIYTwb3ESQlQqldFopGl6amrK6/W2t7cnl005BeHcDDnFxcUsy3q93sy/KgDA/0XWHZtQKGQymZRKZVlZmd1uF/b8nU6n0WiUy+WlpaU0TavVan7H2+Fw6PV6tVp95syZaDTK/dkJXxxPWYSP0zTd0tLCcdznz5+rq6vVanVHR0fKPf/p6enTp0+r1WqKom7cuMEHY7GYzWbbuXOnTCbT6/VmszkUCi040efz1dfXK5XK3bt33717N7m43W5POQX+xHQ5PJvNplAoHj9+vKztMQCADWVp72COjIzU1dVNTU2J1/MEv3//zsvLW4ULJcvlJUq8aAkAkKOl7fm73e6KigqRhrLA6jcYAABYWflZM65fv75169Zjx46NjY11dHRcu3ZtFYYFAAAbQPZ1zKFDh+7du0dRlNlsvnjxosViWYVhAQDABrCS/4kJAACQbJ3+tz8AAGwA6DEAACAW9BgAABALegwAAIgFPQYAAMSCHgMAAGJBjwEAALGgxwAAgFjQYwAAQCzoMQAAIJZ/AZNsfBS138U7AAAAAElFTkSuQmCC) --- **Screenshot:** ![gabba.up.pt vulnerability](/twimages/screen-1159175.jpg) **Mirror:** [Click here to view the mirror](<http://1159175.openbounty.org/mirror/>) ### Coordinated Disclosure Timeline Vulnerability Reported:| 11 May, 2020 19:12 GMT ---|--- Vulnerability Verified:| 11 May, 2020 19:19 GMT Website Operator Notified:| 11 May, 2020 19:19 GMT a. Using the ISO 29147 guidelines| ![](/images/done.png) ---|--- b. Using publicly available security contacts| ![](/images/done.png) c. Using Open Bug Bounty notification framework| ![](/images/done.png) d. Using security contacts provided by the researcher| ![](/images/done.png) Public Report Published [without any technical details]:| 11 May, 2020 19:19 GMT