Open Bug Bounty ID: OBB-1173348
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:
      a. verified the vulnerability and confirmed its existence;
      b. notified the website operator about its existence.
Affected Website: |
entrecidadesdistancia.com.br |
Open Bug Bounty Program: |
Create your bounty program now. It’s open and free. |
Vulnerable Application: |
Custom Code |
Vulnerability Type: |
XSS (Cross Site Scripting) / CWE-79 |
CVSSv3 Score: |
6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N] |
Disclosure Standard: |
Coordinated Disclosure based on ISO 29147 guidelines |
Discovered and Reported by: |
g0bl1nsec |
Remediation Guide: |
OWASP XSS Prevention Cheat Sheet |
Export Vulnerability Data: |
Bugzilla Vulnerability Data |
JIRA Vulnerability Data [ Configuration ] |
|
Mantis Vulnerability Data |
|
Splunk Vulnerability Data |
|
XML Vulnerability Data [ XSD ] |
|
Vulnerable URL:
![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAAA3CAIAAABVZQ1/AAAACXBIWXMAAA7EAAAOxAGVKw4bAAAMDElEQVR4nO3db0wTZxwH8BO6WeUqgi0i1gGGKDEGiRLEhTnDC+cMMV2m8YXOP5GgL9AYokSNy6ov/MPmkrlFfeEW5wt9syymL4wxRpOONItjeGKHpBoDtVSCBSlWLVjpXlx2ud3zPHdH26OVfD+veNrnfvd7fvccj3fF67R4PM4BAAAYICvdCQAAwJSFNQYAAIyCNQYAAIyCNQYAAIyCNQYAAIyCNQYAAIySEWtMaWnp/fv3WU2AZGA6TTIUHOTSv8Y8ePBgfHx82bJl1CZAMjCdJhkKDgoaa0xvb6/FYqG+FQ6HT548yWrq53K5NmzYwGrql3ACJNaoe3t78/LyJhRnQv3Vg6gcC0kKiyDtXXOnkyaBZBKYTskM2aBypXcO6NyvaIoVHJKX+HXM8PDwiRMnWE39UrXGJJwAqbi4OBQKpSRUCunJKoVF0L/TTJbwdMpMaZkDOvcrmmIFh+Sl+V7Zs2fPfD7fmjVrqM00mj59erpToEhLVplZCj0yZzqlULoOh579TsmCQ5J0rTE//PBDaWnpnDlzvvrqq3A4zHFcOBwuKSmJRCLTpk379ddf5c3vv//eYrF8++23c+fOzcvL2759+5s3b1iRXS7X2rVrP/jgA7I5Ojq6a9cui8VSXFz8zTffvHv3jvvv0vjMmTOlpaV5eXlbtmyh5iN2O3nypM1mmzdv3s8//8wK+O7du8OHD8+dOzcnJ2fTpk2Dg4Pc/y/A+/r6PvvsM4vFsnjx4itXrkiZ//XXX6tWrZoxY4bNZtu0aVNfX596f+rexTiffPKJxWKZP3/+l19++fDhQ1YQxW0BckNFEahJsgooIqtB7pQ6apUIHMe9evVq9+7dNpttwYIFx44dIw9lTk7O5s2bBwcHDx48aLPZ5syZs3PnzlevXlHnzOnTpxVTi3q4FdOJmljCI1KUhXVrhRqcla2CcXOAY59HesarUjHNgmtWm7qhzmobUXBInvYaE4lEBEHweDx3794NBoOHDh3iOC43N7e7u5vn+Wg0unXrVnnziy++iEQid+/ebW9vb29v7+joaG1tZQVXuVF2/Pjx169fd3Z23rhxw+12X7hwQcqns7NTzMfv9x85coTMR+zW3d3t9XovXbpUW1vLCtja2nrr1q1bt275fL6ioqKuri5Fhk1NTbNmzerq6rp+/bp85nV0dDQ2Nvb393u9Xrvd3tTUpN6fNZz6+vodO3b4/f62trba2lqz2awSRI7ckCwCNUlqAUWa1WCNWj3Cvn37gsFgR0fHjRs3XC7XuXPnpEMpCEJbW5sgCMFgsLy8PBQKdXZ2/vnnnz09PfLEJJFIpP0/8qlFHm7u/9OJNbTERqQTKzg1WwVD5wDHngbJzAHNgmtWW08CKowuOCQirqqnp4fjuJGREbHp8XgWLlwovcXzvLyn2BQ38fv94uu///57VVWV+LPf7y8pKZE2iUQiPM8PDQ1Rm1arNRKJiD8LglBdXU3m09bWRs1H7CaFUglYUFDQ0dFBjloMFYvFzGazfCyzZ88mq/T48ePCwkL1/tS9Dw0NmUymaDQqj8YKIh8gdcM4cVDIJFUKSK2GZkDFi2SEWCzG8/yTJ0/Epsvlqqmpif93jIaHh6VMsrKyXr9+LTY9Hk9ZWRk5OurUoh5uxXSiHmjqiBRDVp8hUpM8RtTgrGwVDJ0DcdXzSM94yYDxiRdcnox6wVnVntBgEys4JM+kuQjxPC9dqBYVFQ0NDWluYjabFyxYIP5cXl7u9/ulzT0ej9Tt5s2b1dXV0mWvvPnixYtQKFRSUiK+NT4+bjKZyHzsdjsrH57n5RfU1IDhcHhoaKiiooI1kIGBAY7j5GOR3rp3715LS0tXV9fY2Nj4+Pj4+LhKf9Zw8vLyNm7cWFNTU1dXV1RUVFVV9emnn6rsVELdkOxGTZJVQM1qsAJKqBEGBgbGxsZKS0ul4YjnvJhJbm6ulMmsWbNmzJghNouKiqgfMrOmluJwc/+fTipDS2BE+rGCk9nabDbp5+fPnxs9BzjGNEhmDugpuHq1dSaQQG4pKTgkRnuNSaHs7Ox58+ZJTZUbZdFoNCsrq729XVpasrKS+vMElYDZ2dkJBHQ4HA0NDRcuXDCbzYFAYN26dYnt/erVq3///bfX6w0Gg83NzR9//DH1HhGJ3PDHH39MJkmRejX0BEysnilH/oETNTFDR6S//oIgJBA/o+aAnoLrTCZjCw6JUL/M0X+VyrpXdu3aNelemVwsFrNardItFEUzHo/zPK//HkWcuFdGXkFTAxYUFAiCwNqL4gr62rVr4u4GBgZMJpPUXxAE8XVWf9beFQRBsNvtrCAqtwXEDRV9qEmqFJBaDc2AikzICCr3ylQyUTSlF6lTi6wMOZ2oB1pPiagbjoyMZGVlye81kceIVS6V4yjP37g5QMaRV1v9jFCZ+ZoF15kMuSGr2okNlkrlzIUkJb7GRCIRk8nk8/kUTfEXwcaNGwOBgNfrraysdDqdUgTp9rHb7V66dKn0uqIZj8f37NlTU1Mj/huttbX1+PHj+vOhzipqwBMnTlRXV3d2dgYCgaamJrfbrdjc4XDIxyI/Fc+dOzc8POzz+RwOh/Q6qz91711dXevWrbt9+3YoFPL7/Q0NDfX19awg8qxYGyoOCpmk+m92shrk+U+OWv6RALWeDQ0NGzZs8Pv9Xq93+fLlZ8+eVT+UiqYUnzW1yMNNTidqYtQRjYyMmEym7u7uWCymsmF1dXVDQ0N/f7/P56utrRWzVWxLLZeeX3mGzgH14mueEdSAOgtO3VZPwanVnoSCQ/ISX2Pi8bjT6Zw5c+alS5fkzTNnzvA8f+rUqYKCgtmzZ2/btk36IFce7cCBA0eOHJFCKZrxeDwaje7fv99ut8+cOXP9+vXiP5F05kOdVdSAsVispaXFarWazWaHwxEKhRR7CQQCa9eu5Xl+0aJF3333nbQ7t9tdVVVlNpsLCwubm5ul11n9qXsfGxtzOp2LFi368MMPCwoKtm7d2t/fzwoiz4q1oeKgkEmqF5CshqK/ZkBqPSORSGNjo9VqtdvtTqdT/HWgc40hL09bW1sVU4s83OR0oibGOo6HDh2Sasja8PHjx3V1dTzPL1my5OzZs1Ly8m2pwXX+yjNuDqgXX/OMoAbUWXDWWaNZcFa1jS44JG9aPB5P7c233t7epUuXvnz5Ur3b4sWLL1++vHLlSmoTIBmYTpMMBQeWtK0xAAAw5aX/ucsAADBVYY0BAACjJP5sfxH5IPHi4uIkb5RN9HndGfX8eQAAkGh/HjM6OqryyFWDPn1R32ny/QEAYBJo3yt7L54njwUGACADTeBeWaY9SJxMksxQfEvnFw0AAEBqTeAz/0x7kLieDMVd6/yiAQAASDH1/6Ip/RfZTHuQONmfmqHKFw0AAIDR9D53OdMeJK4/Q9bT4AEAwGgTuFd29erVixcvVlRUjI2NNTc37927l+zjcDhWr17tdrsFQbh+/bqesJoPEtcfUE+GAAAwaSb2/TErVqxYsWIFx3Hr16+vr69XfFnF8+fPg8Hg119/LTap3zEll5ubm5+ff//+/WXLllE7TDQgmeGBAwei0ejTp0/FSxmfz/fRRx9pBgEAgJTQex3z8OHDzz///M6dO4ODg0+fPv3pp58qKys5jrNardFo9NGjRxzH2Wy2/Pz88+fPh8PhR48eOZ1OzbD79+9vbGx88OBBX1/f3r17//jjD/m7KgFHR0d1ZshxXHNzc19f3z///ON0Ouvr63UOGQAAkqR3jSkrK6upqdmzZ4/4UUc0Gr148SLHcTk5OUePHq2srBT/dvm333775ZdfCgsLV69evXDhQs2wLS0ta9asqaurKysrCwQCS5YsUXSgBuzt7bVarToz5Hm+qqpq+fLltbW1FRUVLS0tOocMAABJSv1zlyefyrMG8BBoAIA0wjMxAQDAKO/9GvP27VuPx2O329OdCAAAKE3s78oyUGNjo8vlEj96AQCAjDIVPo8BAIDM9N7fKwMAgIyFNQYAAIyCNQYAAIyCNQYAAIyCNQYAAIyCNQYAAIyCNQYAAIyCNQYAAIyCNQYAAIyCNQYAAIyCNQYAAIyCNQYAAIyCNQYAAIyCNQYAAIyCNQYAAIzyL5k60OmgR35nAAAAAElFTkSuQmCC)
HTTP POST data:
![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAAA3CAIAAABVZQ1/AAAACXBIWXMAAA7EAAAOxAGVKw4bAAAOYElEQVR4nO2df0wb5R/Hb6ywptwyKKXrNtzKYnB/kNpNxKmYNMwsSMjSTES2NKPOBRnZakPQDFxIRdMttWhilsU/mEFD4j9mIcQ/0OAvJAtjSDqoXa2sdoXVmpWG6U0PLN73j0vue9712qftrj/o5/VX7/o8z70/n+fz9HN3z93TTRRFYQAAAAAgAgWZFgAAAABsWCDHAAAAAGIBOQYAAAAQC8gxAAAAgFhAjgEAAADEAnIMAAAAIBaQY7DKysqbN29mWgUgFjdv3jx9+nSMAv/888+xY8d+//13xAYhYLIH6IvsJ99zzPz8/L///vv4449nWgggFkajUa1WxyhQWFhYVFTU3d2N0hoETPYAfZETJJZj7ty5U1pamsRh7t+/f+HCBbqFrVu3JtFCDEmpNDg6OnrkyJH0aGCcELedpP2cCihWxDUhG2CLXF5enpubM5vNzLerq6vHjh3jWGo2m8fHx1EaT1vAILr6+++/379/f3Fx8dNPPz0/Py+eHjHIlcGbE2GfvVCJ4PP5SkpKEqrCVMRxnP5MkmQSLaC0nAS1tbVfffVV6jJQjIorlSmQtJ9TJK4VKXo7PbBFcgSTJKnT6ZqbmzlWoNuVtoBBlKRSqUZGRsLhsMViqampEU+PGOTK4M2JsM9aMnCvbMuWLQ+xNYlEUlVVlVzd3377zePx6HS61GU8FKMYW1IxKhUebtdkIcFg8Pnnn7fb7clVz7aAwTAsEonU1NSUlpbW1NSsra1lXE9CbKTBCwgSNwstLS0dPnwYx/Gqqiqr1cqcX5MkefLkSRzHd+/e3dfXF4lEKIqanp6uq6vDcXznzp1Hjx51uVwURa2srDCHGxgY4Jxj2u12tVpdUlJy/PjxlZUV+iuCINrb2xUKRUVFhcVioRtHYWxsDL3ARx991NLSwmxGFR+JRM6dO6dUKmUyWXNzcygUomVbrVaFQqFSqQYHB/knzjabTalUlpSUnDhx4q+//uI4YWhoCEUqokXsMogmMDqjWpGKCUJ1+YejBHqZHRUymaylpSUUCnV3dysUCrlcbjQaCYJAFxn1DJS/U+hElWMgO2Ay7mqavr4+jUbT2dmp0WicTifn2xgeFgrgQCDQ2NiI47harbbb7bHHO2JnoZBQnGe2L4CEiJ9j9Hp9c3Oz3+9fWFiorq5mYq63t7e1tdXr9bpcLp1Od+nSJYqilErl4OBgOBz2er3vv/++1+ulC7vdbhzHSZL0er3sn2MMw06cOBEIBDweT11dXWdnJ/3VyZMnm5qa/H6/0+k8cODAhx9+SO9X8OCoValU9fX1MzMzfEOmp6fr6+tVKhWzp7GxcXh4mNmMKt5qtdbU1MzNzS0tLZlMpomJCUZ2MBgcGxtzu92cHINhGNtjFouF4wR6fMaQimgR3yhEE9jO51uRiglCdfmHE+pluqTBYFhaWqKjQqFQGI1GOkh0Op3JZEIXmXSO4UcL9d+AybiraWw2G47jMpksEAjwwyOGh4UC+OjRo3q9PhgMLiwsaDSa2OMdsbOo1EZu1O7IYF8ACREnx0QiEalU6vf76c2rV68yMadQKJiTFIfDUVtbGw6HJRJJ1JubnJMFZieGYX/88Qe9OTk5uXfvXvqgOI4z+Wl0dPTgwYP05yUenAMRBGG1WuVyeUtLi8fjoXd6PJ6Wlha5XG61WhnNBEHgOB4Oh+lNIfFKpXJ2dpZjC4ZhTMWoRrE9xtwl5/yQRZXKR6gY3yh0E2JbkYoJQnX5hxPqZbokc0U7OTlZUFBAn1FSFHXt2rVHH30UXWQSOSZqtFD/DZhscDVFUYODgxqNJhgM6nS6hoYGiqIWFhaUSiWKh6Pqocc7UyX2eKeQO4tKduQKdUdm+wJIiDg5JhAISKVSZtPlctExFw6HMQxjTknkcjkd2a2trVqttqury263f/fdd0xFoRzD7jlmojsQCBQVFTH7PR4P53QyLuFwWK/XSyQSelMikej1emYk0Fy9erW+vp69hy9+ZWVFIpFwTl5i/0L5fD6Ox5gxHzVSOVIRLRIyCtGE2FakYoJQXX5FoV4WigrOJqLIJHJMVMdSvIDJuKsp1s9oIBBQKBRWq3Vqakqr1dLfInqYvYdTJe54R+wsdBDjPBv6AkAkyTl/kiQLCgpmZmYcDofD4Zibm3M4HBiGffbZZ/S51draWldX19mzZ5NrX4hyHvwyt2/fPnPmzMTERH9/P72nv79/YmKis7Pz9u3bTDH+g49C4jdv3vxwrYghFb1YVKOy1oQcIqpjMV7AZNzV9+7dC4fD+/fvxzBsx44dQ0NDfX19Nputrq7uoR9aaLyjk9zIxdAGb/r7AkiA2CmIc69sZGSEOTHBcZx/KcrG4XBUVFTQnxO6jknlXllHRweO411dXfQUH0MoFDKbzTiOd3R00IdQKBTMIWKIVyqVDoeD/VXc6xiMdcU9MjIidMUtJBXRIr5R6CbEtiIVE4Tq8g8X404O4nUMisjk5mP4jo0dMBlxNT022beV2tvbMQxjZv4RPczeQ7fp8/no/ex7ZVHHO/p1TNIjl0pw8KahL4CEQJ3zX1pacjqdWq2WCZqOjo6DBw86nc5AIGCz2fr7+10uV0NDwzfffBMKhfx+/6lTp5qamujCBEFIJBKPx4OSYyiKOnXq1JEjR/hz/nExGAzMCOHj8/kMBgNFURMTE9XV1eyvhMRbrdba2lp65pA+yULJMWyPMTOHjBNQpCJaxDYK3QQKYbAlZ4JQ3aijNGovJ5Rj4or0+/3sGyAcSxkWFhb4d3UYx1K8gMkGV1MU1dnZ+cwzzzidzlAoNDQ0RD8rdf78+YQ8zNnT3Nys1+t9Pp/T6WTP+fPHO3pnoYAe5xnvCyAhEnt2mfMso9lsrqiokMlkjY2NXq93bW3NYrFUVVUVFRUplUqDwRAMBpl2LBaLTCbjP7vMFGBHZNLPLiPS3d3d29vL3iMkPhKJvPnmmwqFQiqV6vV65tlldl1+4rx48SLnCUi2E0R6AhLdBCreYEvaBKG6UXNMjCdr2Q0K5RgUkSRJck72o4r5/PPPNRpNDN9yAiYbXE1RFEmS586dU6vVUqn0wIEDw8PDXq9XJpPRv6eIHubsCQaDTU1NOI6r1eqLFy/GGO/8plKfj0EhO/sCECKx9/w3DFVVVVNTU2K0vAEuq1MxIW3mox/IZDJxHu7gQJKkWq2mX9kRQqSAyfJocbvdzLx39pCffZG7SNI28ZNV/Pzzz5mWAKQJu90ee4J6y5Ytw8PDzz77bIwy+RkwDodj7969mVbBJT/7InfJ93WXswdYgl4kCgsLn3zyydhlYieYvOKdd965cuXKvXv3rl+/3tvb29HRkWlFQG4DOSZbgCXogWxAp9Ndvny5oqLCYDCYTKa2trZMKwJynCTur7FnydK8PDDiPdOVlRWr1ZoGPanAFhkKhQoKCtjvKpMk2drayjF2dnYW8XXUd99998yZM6nI20iuBgAgU+TYdcyePXtCoVDcYvQPXxr0pAJbJEEQMpmMWf91dXW1oaEhEolwqsjlcoIgUBpP/a81NpKrAQDIFMnkmMwuQZ8PC3FnyRL0+eBqAABEJX6O+fLLLzl7du3a9eOPP9Ifrl+/LlQsRjs3btx47rnntm7dumvXrhdffPHWrVsYhq2vr/f09Gzfvr24uPill15aXl6m/6LuwoUL5eXlO3bsuHLlCvtP6+jP77333vbt20tLS9va2v7++28Mw+7fv69WqwmC2LRp0yeffBJVm1Bd/hExDHvw4MFrr71WXl7+yCOPvP322+vr60zJgYGBysrK4uLil19+eXl5+Y033igvLy8rK3vllVcePHiQkEg2e/bseeutt+J2TVTfYhg2Ojp6+PDhwsLCbHA1AAD5TPwcYzQaDx06RCeV5IrduHHj0KFDRqOR2dPU1GQ0Gv1+/+TkZF1dnVQqxTDMZrONj4+Pj497PJ6dO3e6XC4MwwiCcLvdTqdzaGiIvxATQRDT09MzMzMzMzOzs7M2mw3DsG3btjFrcRsMBiFtUetGPaLJZAoEArOzs2NjY6Ojo5cvX2ZKOhyOyclJh8MRCAT27dsXCoXm5uampqZ8Pl9vb29CIpOD71vsvzfKssHVAADkL3FnbFJZgj7qutzZsIq+UF3+EfNkCXrxXA0AQD6D+lxZckvQCy2TnvFV9IXq8ivmyRL04rkaAIB8BmnOP+kl6IWWSc/4uugbgFxZgh4AgHwmfo45ffq0VqtVqVQej6enpyehYj09PR6PR6lUarVazkvsTzzxRFtbW09Pz8cffzwyMrJt2za5XJ7oe+kkSS4uLtKfPR7P7t270bUh1lUqlUVFRb/++iu96Xa7Y78pmbTIRInq2/X19S+++ILz1HLGXQ0AQN4SP8cQBOF0OgcGBsrKypIoVlZW9sEHHzidTubFjlu3br3wwgvffvvt8vLy4uLipUuXtFothmFms7m9vX1+fv7u3btnz5794YcfUAzo6uq6e/fuTz/9ZLFYmpqa6J0KhYIkyV9++SW2tqh1OWzevLm1tdVsNi8uLtIljx8/jiIsIZEFBQX8t2H4RCIRieT/S8zxfXvt2jWVSlVZWUlvZo+rAQDIU9J/ey4bVtGHJehz5Q8LAADIaTZRFJXpNJckd+7cqa6u/vPPP9NcV6QDvf76606n8+uvvxYqsLq6um/fvvPnz7/66qtCZR577LFPP/30qaeeSlKuAGlzFwAAG4w8Xds/C4El6AEA2Hjk2HplGxhYgh4AgI0H5BgAAABALHJ4PgYAAADIcuA6BgAAABALyDEAAACAWECOAQAAAMQCcgwAAAAgFpBjAAAAALGAHAMAAACIBeQYAAAAQCwgxwAAAABiATkGAAAAEAvIMQAAAIBYQI4BAAAAxAJyDAAAACAWkGMAAAAAsYAcAwAAAIgF5BgAAABALP4H+WFto8cIuNkAAAAASUVORK5CYII=)
Screenshot: ![entrecidadesdistancia.com.br vulnerability](/twimages/screen-1173348.jpg)
Mirror: Click here to view the mirror
Coordinated Disclosure Timeline
Vulnerability Reported: |
26 May, 2020 19:24 GMT |
Vulnerability Verified: |
26 May, 2020 19:40 GMT |
Website Operator Notified: |
26 May, 2020 19:40 GMT |
a. Using the ISO 29147 guidelines |
![](/images/done.png) |
— |
— |
b. Using publicly available security contacts |
![](/images/done.png) |
c. Using Open Bug Bounty notification framework |
![](/images/done.png) |
d. Using security contacts provided by the researcher |
![](/images/done.png) |
Public Report Published |
|
[without any technical details]: |
26 May, 2020 19:40 GMT |
Vulnerability Fixed: |
5 July, 2020 19:30 GMT |
— |
— |