logo
DATABASE RESOURCES PRICING ABOUT US

autoportal.iol.pt Cross Site Scripting vulnerability

Description

Open Bug Bounty ID: OBB-1159591 Following coordinated and responsible vulnerability disclosure guidelines of the **[ISO 29147](<https://www.iso.org/standard/45170.html>)** standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence. Affected Website:| **[autoportal.iol.pt](<https://autoportal.iol.pt>) ** ---|--- Open Bug Bounty Program:| **Create your bounty program now**. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| **[XSS (Cross Site Scripting)](<https://www.owasp.org/index.php/Cross-site_Scripting_\(XSS\)>)** / CWE-79 CVSSv3 Score:| 6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N] Disclosure Standard:| Coordinated Disclosure based on **[ISO 29147](<https://www.iso.org/standard/45170.html>)** guidelines Discovered and Reported by:| **Yashodar ** Remediation Guide:| **[OWASP XSS Prevention Cheat Sheet](<https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.md>)** Export Vulnerability Data:| Bugzilla Vulnerability Data JIRA Vulnerability Data [ Configuration ] Mantis Vulnerability Data Splunk Vulnerability Data XML Vulnerability Data [ XSD ] Vulnerable URL: ![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAAAjCAIAAADNIk3yAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAK30lEQVR4nO2cX0gU3RvHJ1110zH/tK7/SQ1EJCzCFiMr07AQESMVAispMRMTERH1ojYJDbMiCenCwCKoiwrxIkykYBEJNV1tMVvUdFHbZDWVzbZ1dX4Xw2+Yd2bO2WnXsfV9n8/VnLPnPOd7vs+ZPbtnVndQFEUAAAAAgAS4/W0BAAAAwL8W2GMAAAAAqYA9BgAAAJAK2GMAAAAAqYA9BgAAAJAK2GMAAAAAqXDdPSY6Onp4eBhVBBxgW3u4rcU7yfDw8NWrV6WLv7a2du7cue/fv4ts/1/OBfCnuOge8+nTp42Njf379wsWAQfY1h5ua/HOU1BQEBUVJV18Dw8PT0/PyspKMY3/47kA/hQ7e8z09LSvr6/gS8vLyw0NDaiik3R0dGRlZaGK4tlcVc6MgnIS47DIBiL1OOyh8zgwBQ7SiRepzeGF5PDcmREXFhZGRkbKy8udiWZXW3l5eXd3t5hem5ILqW0HXAgKy9TUFEmSYl7CtHQAlUrV1dWFKopnc1U5MwqmjcVicTK4mC4Oe7gp4OdoF0nFi9Hm8EJyviM7wuauZ8cib1YuJLUdcB1c8azs27dver0+JSVFsPjvw8vLS+oh/rqHzsxRavFb4P9mIZPJYmNj/2K0TczFNrIdcAZRe8yDBw+io6N37959/vz55eVlgiCWl5ejoqLMZvOOHTuePHnCLt67d8/X1/fOnTvBwcEBAQEXL1789esXHae/v//o0aO+vr7h4eFnz579/Pmz4HAdHR3p6ekeHh78Yn9//+HDh3fu3BkUFJSbmzs7O0vwvndPT08HBATwRRIE8fPnzytXrgQFBUVGRt68eXN9fZ3pLiiY355u3NDQEBQUFBoa+vjxY/4ogiJRsMULysN35Mvm62F7iJns79+/L1++7Ovru2fPnhs3bjCjC2Ztdnb21KlTPj4+e/fuvX//Pm04KhGcesGAGNM464Hh7du3mIAEQayvr9fU1AQHB/v4+OTm5i4sLPDTx9Ym3lJmaDZi8s43mS+JM+KrV6+Y7uHh4R8/fqSvv3796uPjMzQ0RBDEwsJCQEDA+/fvMfbyK9nRMLAny7kZt9J2Qc8B18f+HmM2m7VabW9vb19f39zcXHV1NUEQfn5+Y2NjJElaLJb8/Hx28cyZM2azua+vb2BgYGBgYHBwsLGxkQ6VmZlZUFBgMBh6enqSk5PlcrngiJiHMYODg0VFRUajUafTRURElJaWYpRzRBIEUVZWNjc3Nzg42NnZ2dHR0dLSwsxRULBge7PZPDY2ptPp2trakpOT+aP8kUg2KHkoBGXz9XA8RE22rq5udXV1ZGSks7NTo9E8evSIrhfMWmlp6a5du8bGxrq6utra2kROEBMQYxr/AUB/f39aWlpBQQEmIEEQjY2N3d3d3d3der0+LCxsdHSU4KXPMUsLCgrS0tI4b9Bi8i5oMl8S54YStDE6Orq2tpZ+TnP9+vWMjIwTJ06g3BB563Hg+MzJxRbbLug5sA3AH6VNTU0RBLGyskIXe3t7Y2JimJcEn8fQXQwGA13/+vXrxMREiqIWFxdlMpngIazBYIiKiqKvzWYzSZKLi4uCRTbj4+MhISGCSvz9/fkibTYbSZKTk5N0saOjIykpCSNYsD3dmKMHc2qMEsnvi5GH6igom9+F7SGml0KhMJvN9LVWq1WpVBQiazabTS6Xs4PQhqMSwa7HLAO+aRRvAej1+ry8vMDAwPr6elotJqBSqRwcHOSbxk4f55mEeEvr6+sDAwPz8vL0ej1mCpyOfJMFVxSFeB7DwWq1xsXFqdVqhUJhNBpRbojxnDMK32fqn7nYetvteg64JjK7mxBJksy32rCwsMXFRbtd5HJ5ZGQkfR0XF2cwGAiCCAgIyMnJSUpKSk1NDQsLS0xMPH78OBO2t7eXvu7q6lKpVPQZC784NDRUVVU1OjpqtVo3NjY2NjbsimGYn5+3Wq3R0dGMMHpxowSj2pMkyegRxDGRGHkoBGXz4Xgo2OvHjx8mk4n5gezGxoZMJiMQWZufnycIgh1EzARpUMsAZRpHfHx8fGZm5uTkpJ+fHz7g8vLy4uJiQkICRwA+fSIt9fHxqampKS4uvnTpUnx8/NraGmYKDCiT7a4oFB4eHg8fPjx58mRzc3NwcDCBcANz66Hg+0z8Mxdbb7ug54Drs6XP/J8/f97a2pqQkGC1WisqKq5du0bXu7u7h4aG0tf4Xy1nZ2cfO3ZMo9Fotdo3b95spXjxuJpIMT82tVgsbm5uAwMDWq1Wq9WOjIxotVr6JVTWHEYwIMo0jvi6ujqNRlNSUjIxMYEPSOPu7u6kWhQTExOlpaUajaauro6usZt3jMkOYzQa3dzcjEYjUyPoxp8mUdBnTi623na+58A2AP81R+QxFIU+K2tvb2e++bLRarURERGcSpvNplAomPMiTnF+fl4mk7Ej0GJWVlbc3NyYA72enh5nzsoYwaizMv7BBbsSJVLqszK2z5xZsz3E9CJJknPEwYfOGuesrL29HZ8IzGkPHRBlGkc8jclkKi8vJ0myuLgYFZC+ViqVWq2W/SpfCebQBmUpRVHFxcUkSVZUVJhMJrpGZN75JttdGBj3lpaWQkJCXrx4ERgYODo6incDX8kfheOzYC4EY0pkO99zYFvg+B5jNptlMhlzMMoU6RWTk5MzMzOj0+kOHDigVqspihodHT19+vS7d+9MJpPBYCgsLMzMzGQi0we7Go1m3759TCWnSFGUUqlsaWlZWlrS6/XZ2dmMGJVKVVhYaDQa9Xp9cnIySmRhYWFWVpbBYNDpdAcPHmxubqb+v8T5ggXbC97wnFEERa6srMhksrGxMZvNRrH+OIAdUFAepiNKNlsPx0NMr+Li4qSkJJ1ONzc319jYWFdXh8ladnY2Owg+Eew5ogIKmsZfAOyJ5Ofn49dVfX29SqUaGRmZmZmhP/+KebOzaylFUfn5+VNTUxxJYvLONxm1hTAjGgwGuVwuaEJJSUleXh5FUbdu3UpJSUG5gb/1aMbHx5kkCvrMycXW2y7oOeD6OL7HUBSlVqu9vb3b2trYxbt375Ikefv2baVS6e/vf+HChdXVVYqirFarWq2OjY319PRUKpX5+fn0U0r2KJWVlbW1tUx8TpGiKI1Gk5iYKJfLQ0JCKioqGDHj4+OpqakkScbHxzc3N6NEms3moqIihUIRERGhVqvp254enS9YsD3qHYE9CkpkdXU13Qb1t2+C8vAdBWWz9XA8xPSyWCzl5eURERHe3t4ZGRn0J1ZU1mZmZtLT0729vWNiYpqamvCJYMtGBRQ0jb8A+GDWlc1mq6qqUigUcrk8OzvbZDLZfbMTYylKid28C5qM+ZpCj9ja2iqXy/lPuQcGBkiSpD/+WyyWqKiop0+fCrqBsYjh5cuXCQkJGJ85uXAd2wEXx84e4wDO/GlubGzshw8fUEWJ2KZ/SyxSNsdDKSbL+eSxiWzNAmBw2ZVQVlaWmpoqXXx6i2ptbcW0kS4XLms7sCnY/13ZVvLlyxdMEXCAbe3htha/iTQ1NTn/6wAMXl5ez549O3LkCKYN5AJwDFf8XzIAALDx8PA4dOiQpEPgNxgAcBjYYwAAAACp2EFR1N/WAAAAAPw7ge8xAAAAgFTAHgMAAABIBewxAAAAgFTAHgMAAABIBewxAAAAgFTAHgMAAABIBewxAAAAgFTAHgMAAABIBewxAAAAgFTAHgMAAABIxf8A3FICSATwRiYAAAAASUVORK5CYII=) --- Research's Comment: ![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAAA3CAIAAABVZQ1/AAAACXBIWXMAAA7EAAAOxAGVKw4bAAAPBElEQVR4nO3df0wb5f8A8FtFKKUtINAB6xggAlkWJNgQ0I7htjhSG6yMMYIoMxIwBBGbSSooVqbAmDNaGUGiZhKDxsyGELKgqdMgkoUhq9hhRdJBB6VjBSkrXYdAv3888XLf9u56/OhgH9+vv+7Hc+97P8/d9ek9V44dTqcTAwAAALyAtdUJAAAA+J8FfQwAAABvgT4GAACAt0AfAwAAwFugjwEAAOAt0McAAADwFuhjAAAAeAv0MQAAALzFcx8zMTHB4/HWEdpqtTY0NKxjw81CTGDdtaCy6QE97oXJHj2WuTdpM0xgrbVz8dprr/n7+3/xxRfrrhQeYR3bbtzExERwcPCW7BpPYLOOBSnST4DvvvsuMDBwdnYWX/LEE0/U1NRgGHb79u1XX311z549/v7+CQkJp0+fXllZQWVoVoHtzsmAw+FgUszF+Pg4l8tdx4abhZjApidzb2rnshePB4JJVus7mpsIT2AjB8hisbBYLK1Wu7y87FxXpVwi3Hvj4+NBQUFbsmvcphwLKlRxJBJJRUUFmlar1ZGRkTabzel05ubmymQyvV4/MzOj0WgyMzMHBgZQMZpVYJvzYdIP+fn5eburA0xsyoHY8qO5KQnYbDYOh/Poo4+uO6ZLhP+mLTkZPvjgg5SUlMrKyqioKIVCUV9fHxAQcOfOnc7OTovFEhgYiGHYoUOHDh06hMrTrALbH9OxMpfbZ+Jt/pUrV/bv38/j8Xbt2nX06NE//vgDwzCr1RodHW2z2Xbs2OEyFrG4uFhaWhoWFrZ79+533nkH3fOi+GfOnNm5c2dwcHBRUdGdO3dQ+bt377700ks8Hm/Pnj1vv/32ysoKKnz27NmYmJjg4ODnnnvOarW6pE2awEcffRQTExMSEvL888/jm7jHd2+EK1eupKen+/v7h4WFHTt2bGpqCi0/ffq0e8KkFTx+/Ph7772HB0xPT0dZMdk78UAQp+lb4Nq1ayEhIT///PNGghDLBAQEHD9+fHZ29vXXXw8LCwsJCXnxxRcXFxdpao1h2I7/j+E4DFWDI7Ozs8SDi8dEEw0NDWFhYREREZ999hlVC7tEIM3/+vXrAQEBV69eReWDg4N//PFHj3nSt+rU1NSRI0d4PF5CQkJHR4dLtHPnzh05cgSframpKSoqompbmksS9+yzz545cwZN//bbb35+fngypaWlpaWlaxoTm56efvrpp3k8XkxMzNmzZ/HdkbYwzSdAQkJCSUmJQqFoa2vj8/mojqurqxiG+fiQfOulWQW2v0145i+VSk+cOGE0Gvv6+sRiMZvNxjAsMDBQr9dzuVyHw1FYWEgsX1FRYTKZhoaGenp6urq6Wlpa0HKbzTYwMDA4ODg4ODg0NNTU1ISW19XV2e324eHhnp6e3t7e1tZWVHh4eLi/v39gYMBoNFZXV7tk5Z6AzWbTarVoE5PJpFAoaOK7GBoaKikpMZvNOp1OKBSWl5ejgIP/IiZMWsG8vLzOzk5UYHp6WqvVymQyhnsnRd8CVqs1JyensbFx//796w6Cl9FqtX19fVqt1mQyJSYmWiyW4eHhy5cvj4+P45tQHVbHv6qqqvLz8xnWjrTBcSEhIVRnl81m0+v1Op3u/PnzYrEYo2hh9wju+cfExFRXV1dWVmIYVltbK5FInnzySSZ50rRqeXk5n88fGRm5ePGiex8jk8l6e3tv376NZru6unJycmja1iOpVKrRaNB0d3f36upqT08PmtVoNO7VoVdeXu7r6zs2NqbRaNrb2/HlpC1M8wmAYVhtbe2lS5eqq6tVKhVaEhAQIJFI8vPzf/nlF/yLi8dV4D7gcTQNDaq6DK3iQ8lzc3M+Pj6ko+Gko7HLy8tcLtdgMKDZrq6utLQ0VBjDMKPRiJar1WqRSISmQ0ND0XCt0+nUarWpqamo8MLCAlrY19cXGxtLn4DLJv39/fgm7vHpG2RsbCw8PJwqYaoK2u12Pp+Pyre0tGRnZzPZO9UoOVUL4GUkEklZWdma2oS0GVGZ+fl5vAyLxbLb7XgzxsXF0dQap9PpoqKiLBYLTY2ongGgBqevCJpG2c7NzRFLUrUwMQJV/ktLS4mJiUqlMjQ01Gw2k6bnkidNqy4vL7PZbOI54/48Ji0t7cKFC3h6DoeD5pIhvSSJTCYTh8NBl2dqaqpcLi8oKECF+Xz+2NgY82OBksfTICbPpIXd5efnR0VFEZcsLCwoFIr4+HgfH5+4uDilUok/KqNZBba5jd5+BgcH5+bmpqWlHTx4MDIyUiQSHThwgKb8zMzM0tJSTEwMmk1MTETXJIZhbDZ79+7d+HKj0Yhh2N9//22xWKKjo9Hy1dVVdMvM5XLx23yhUDg3N+cxVeImkZGRaBOq+C6uXr1aVVU1MjKytLS0urqKbt5JE6aqoL+/v0Qi6ezsfOWVV9Rq9YkTJ5jv3WN1XFqgpqamp6fn008/3UgQYhk0Do7K8Pl8f39/NBsZGWmxWGhqjSspKVGpVCEhITabjUntSBucCS6XSxwyYtjCVPk/+OCDzc3Nhw8fVqlUO3fuZJgnVavOzMxgGEY8Z9wDymSy7u7uo0ePdnd3SyQSPz+/6elp+ralERERER8f39/fv3fvXpPJVFtbGx8fv7KyotFoDh8+vKbRp5mZmdXVVWIaaGJ95/Dvv//e09MjFAo/+eST0tJStBCNczY0NNy9e3doaEguly8vL586dYp+FdjmNmGI86uvvvr11191Op3JZJLL5Y8//vjHH3+88bCIw+FgsViDg4P4ictisZaWlrwa372YTCYrLi5ubW1ls9mTk5NZWVnr2FdeXl5zc3NhYeHAwIBarWa+9zWx2+1qtfrrr78uLy/PycnBu4ctdO7cudjY2GeeeYb5JpvS4NhmtLDZbGaxWGaz2at54nJyctAQX3d3N/oiskESiUSj0RgMBqlUGhgYmJyc3Nvbq9FoJBLJxoNj623hiooKuVyekZGRm5ubl5fn8iTJz88vPT1dpVIVFha6dCQ0q8D2xPR6e+ihh+x2Oz5SPDk5SVz72GOPFRUVvfHGG59//jn+1IGUQCDw9fW9fv06mtXr9fg3IIfDcePGDTQ9OjoaFRWFYVhERASHw5mbm9v1r4iICKaVY4BJ/Fu3bplMprfeeuvhhx/etWsXeuBElTBNBSUSiVarbW9vP3z4MPqe643asVgstVp97Nix1NTUN998c4PRGKKp9dTUVHNzMz7szgRVg68Dwxamyt9qtZ48ebKjo6O1tRX9mGUjeQoEAgzDiOeMe5lHHnlEIBD88MMPly9fRt0AVW70lyQOPZLp6urKzs7GMEwmk3V2dv70009r7WMEAgGLxZqYmMDTQBPrOIe//fZbg8Fw8uTJAwcOiMXi2tpatNzlWQsaJ/S4Cmx3HkfT8EHV1NTU4uJis9k8OjoqFovRaOzIyEhWVtalS5csFovRaCwuLpZKpWhDm83m4+MzOjrqErC4uDg7O9toNOp0upSUFJVK5fx3JD03N3dyclKn0yUnJyuVSlT+5ZdfTktLQ/dJTU1NdXV1TEaiXRKg2cQ9vnsogUDQ0tIyPz8/Ojoqk8mCgoJoEiatIFJQUMDn87/55ht8Cf3eFxYWfHx89Hr98vIyzYg5Xh3icr1ez2azh4eHiQGZBKEq716GOEtV65ycnAsXLuBP/okBibUjTpM2OE1ixOcx7g8AqFrYpTBp/mVlZXl5eU6n8913383MzHS6IT0xaFpMJpMRzxnS87a2tjYpKQm/jmjalvSSJE1SIBCgpzKTk5N8Pj85OdmlBWiOBQ79kcr4+LhOp0tKSvJ4BZF+Atjt9ujo6C+//BLNjo6Ocjic4eFhvV4vEAja2tpMJtP8/Hxvb+++ffvq6+udTifNKrD9raGPGRsbO3jwIJfL3bt3r0qlQmfY0tKSUqmMj4/39fUVCASFhYXER6NKpZLD4Zw/f54Y0GazlZSUhIaGCoVC/Nkd2ktjY6NAIAgKCnrhhRfwB8sOh6OyslIoFHI4HIlEYjAYGPYxxARoNnGP7x6nt7dXJBKx2ezw8HC5XI5/lDQ1NbknTFpBpLOzk8vl4iWZ7F2hULhXgUkf43Q6KyoqMjIyiNG818dQ1drlO41LQLx2LtPuDU6TGH0fQ9XCLoXd8x8cHORyuegRvcPhiI6Obm9vdwlOdWJQtdjk5ORTTz3F5XLj4+Pff/990vNWq9ViGEa8aqjalvSSdFdQUJCbm4vPikSi6upq9xagOhY4s9kslUq5XG50dHRjYyOTK8j9E6Curs7lhy2VlZWo/7548WJmZiafz+dwOElJSW1tbXgZmlVgm9vhdPsUcDExMbFv3z78ltxL7s1eANj+FhcXQ0NDTSbT1r5pht6ff/6ZkZFx8+bNrU4EbHfwTkwAtpfvv/9eLBZv5w4GwzCtVhsbG7vVWYD7gIfflf3zzz/9/f1CofDeZAPAf5zVam1ubmb+x6r30qlTpyIjI7Ozsw0GQ3V1Nf6sHgAaHu5jSkpKysvL6+vr7002APzH4Y/3tjoREpmZmS0tLUKhsLCwsKKiAr0DBgB6np/HAAAAAOsDz2MAAAB4C/QxAAAAvMVDH0Pzyn33943TFKaKTJxFP6RZUxAAAADbmef7GKpX7pO+b5yq8JpsShAAAABbj/5PNNf0Bnua9/OTRqb6S3XmQQAAAGxnnt+7vKY32JMWxjAsLCwMD3jr1q117BEAAMB95x79+1L0CiYAAAD/KZ6fx6zpDfakhTEM20WAltC8mZwqCAAAgPsLo98uy+Xyqampa9euKZVKqVSKYdgDDzyQn59fWVl548YNtLygoICqMCkejycSieRy+c2bN//66y+FQkG/RwAAAPcdz30Ml8sViUQpKSlisTgpKamqqgot//DDD8PDw1NSUrKysrKzs8vKymgKk+ro6DAYDHFxcTKZLC8vz+MeAQAA3F88vEtmTa/c35T388NL/gEA4H8G/J0/AAAAb4E+BgAAgLdAHwMAAMBb4N3+AAAAvAXuYwAAAHgL9DEAAAC8BfoYAAAA3gJ9DAAAAG+BPgYAAIC3QB8DAADAW6CPAQAA4C3QxwAAAPAW6GMAAAB4C/QxAAAAvAX6GAAAAN4CfQwAAABvgT4GAACAt0AfAwAAwFugjwEAAOAt/wf2UFFNj3TjfQAAAABJRU5ErkJggg==) --- **Screenshot:** ![autoportal.iol.pt vulnerability](/twimages/screen-1159591.jpg) **Mirror:** [Click here to view the mirror](<http://1159591.openbounty.org/mirror/>) ### Coordinated Disclosure Timeline Vulnerability Reported:| 12 May, 2020 13:12 GMT ---|--- Vulnerability Verified:| 12 May, 2020 13:25 GMT Website Operator Notified:| 12 May, 2020 13:25 GMT a. Using the ISO 29147 guidelines| ![](/images/done.png) ---|--- b. Using publicly available security contacts| ![](/images/done.png) c. Using Open Bug Bounty notification framework| ![](/images/done.png) d. Using security contacts provided by the researcher| ![](/images/done.png) Public Report Published [without any technical details]:| 12 May, 2020 13:25 GMT