Open Bug Bounty ID: OBB-1173411
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:
      a. verified the vulnerability and confirmed its existence;
      b. notified the website operator about its existence.
Affected Website: |
adunse.com.ar |
Open Bug Bounty Program: |
Create your bounty program now. It’s open and free. |
Vulnerable Application: |
Custom Code |
Vulnerability Type: |
XSS (Cross Site Scripting) / CWE-79 |
CVSSv3 Score: |
6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N] |
Disclosure Standard: |
Coordinated Disclosure based on ISO 29147 guidelines |
Discovered and Reported by: |
ronygigi |
Remediation Guide: |
OWASP XSS Prevention Cheat Sheet |
Export Vulnerability Data: |
Bugzilla Vulnerability Data |
JIRA Vulnerability Data [ Configuration ] |
|
Mantis Vulnerability Data |
|
Splunk Vulnerability Data |
|
XML Vulnerability Data [ XSD ] |
|
Vulnerable URL:
![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAAA3CAIAAABVZQ1/AAAACXBIWXMAAA7EAAAOxAGVKw4bAAAUJUlEQVR4nO2dfUxT1/vAr7VigQtCLeWtamFLJYwhEubQuc2hcciIqxs63NhEZYwxpkiYQzSMMYLI0ChzhCy4oDHKHw4bYowuzDnCGCLWWhsEglix1k4LAqtYCnJ/f5zfbu73vrVUOwWfz1+cp+f1uc85D+fce587jSAIDAAAAABcgOBpdwAAAACYsoCPAQAAAFwF+BgAAADAVYCPAQAAAFwF+BgAAADAVYCPAQAAAFzFM+FjQkJCrly5wpUE7AIaA54rwOAnEU/fx1y9enV8fHzBggWsScAuoDHguQIMfnJhx8fcvHnTy8uL9afBwcHdu3dzJR2nvr5+9erVXEm73fP19XWi0akEq8b4NcN1WXkut+twrtH79+9v3LjRz88vODj466+/Hh0dRfKRkZH169c7WCFr5j/++GPhwoWenp6LFy++evWq413atm2bu7v7vn37uFrv7OxctWrVrFmz/P39N2/ePDg4SP31n3/+CQwM7OzsRMkbN268++67vr6+/v7+n376KS0zk5s3b05jcODAAaZ6qbbBLMIvf4IWsmrVqj179lAlZ8+eDQ4OtltwQksEyRPsuXPLzlOZXM8Czu9jBgYGSkpKuJKO8zg+BsCeV42lpqbabDaNRnPu3Lnm5uaCggIMw0ZGRuLj48fGxhypgStzcnJyYWGhwWCIj4/ftGmTg/3p6+urqKhoaWlZs2YNV56EhASZTNbR0aFWq61Wa0ZGBvXXioqKlJSU+fPno2RiYmJYWFhHR0dLS4vZbM7MzLTbBxzHrf9LVlYWfxFq5uLi4sTERH75E+S9995TqVRUiUqlUiqVdgs+nwY/iSF40ev1OI478hNPTh6MRqOPj4/NZmNN2kWv1/v4+Ey00akEl8b4NcN1sZy7iI+JE40ODw/LZDKLxYKSra2tL774IqqquLjYwQq5MkskEoPBQBDEqVOnIiMjJzoKrtatVuv+/fuHhoZQUqvVymQy8tehoaGIiAjy17t37wqFQvJXjUZDzczfAbtyVtvo7++XSqUdHR38coPBEB0dzd8TBzGZTEKh0GQykZKgoKCGhgb+UhNdIkieoG07t+w8lcn1LODQPubAgQMhISGzZ8/++OOP0Z59cHBQLpdbLJZp06YdPnyYmkRnBd9//72/v7+vr++GDRsePnzIVXN9ff3KlStnzJjBTF68eHHx4sXu7u5+fn5r1669ffs2ynP79u23337by8tr/vz5x44dQ0LaPpTczCL53r17Q0JCfH19P/roI/LM4eLFi6+//rqXl1dwcPD7779/7do1JB8ZGdm8ebOXl9e8efO++eabR48e0fr86NGjHTt2+Pv7e3p6rl27tq+vD8OwBw8efPbZZ35+fnPmzPn2229RKWrrnp6eH3zwQV9f31dffeXn5zd79uyNGzc+ePCAqRPWgaOqdu/e7efnFxgYeOjQIabGWDXDM9I9e/bwXyPWkbLKufRPBeXhMgymjfEUcXd3v3XrlqenJ8rW3d0dFBSEYdi8efN27tzJHAgrXJkzMzMTEhK++OKL/Px8qhp5dNLX10fa/y+//MKq25kzZ27duhVpaXR09OjRo3FxcWS1Bw8ezM3NJXXo5+enUCh+/PFHDMMePnxYVVW1dOlSB8flHKWlpUlJSeQuikseHBx86dIl9PfZs2ftVkvmYRqhv79/bGwsuZW5cOGC1WpdtmwZhmF37tx55513vLy8QkJC9u7dS7UlqsHbnXS0KU+DtfiElh0uuCqhYnedmTLY9zEWi0Wj0TQ3N7e2thqNxry8PAzDZs2a1dHRgfbmKSkp1OSaNWssFktra2tbW1tbW5tarS4rK+OqnOegTK1Wp6enm0wmnU4nk8nIXX9WVpa3t3d7e/vp06ftXmzUf61Wi/rf29ubn5+P5ImJiampqb29vU1NTUuXLhWJREheVFQ0PDys1WrPnDnT2NhYVVVFq7CsrKyhoaGhoaGrqysoKKi9vR3DsC1bthiNRrVafebMmfr6+srKSqr2mpqaNBqN0WgMCwszm81arbalpUWv15OdocI1cIvF0tHRodPpampqyBWHqjEuzbCO1GKxtP0L1zViHSmP3JFrwWoYrDbGX4Sks7MzNze3vLycq1E/BvydxHG8p6enpqbmzJkzL730kiM6mT17Ns3+eXR78uRJDw+P1tbWn376CUkePHiwb9++oqKi4ODgnTt3ouXm1KlT+fn57u7u3t7e58+fr66udm44jnDr1q0jR44UFhY6KEekpqYuX76cdDk0Ll68uHz58tTUVJRkNULqcZlKpUpMTJw+fTqGYVlZWW5ubt3d3Q0NDUeOHKFWSzV4nknHOuVpsBaf6LLDejm4KqFid52ZOvBvc/R6PYZh5Ba+ubk5NDSU/In1rAwV6e3tRfK6urqYmBj0d29vr1wuJ4tYLBYcx/v7+1mTVLq7uwMCAgiCGBsbE4lE1MrRppXZGVJO7X9TUxPqf39/v1AotFqtzLYkEgl5CKPRaBYtWkTLIJVK1Wo1VTI2NoYWJpSsr6+PjY0lWx8YGCBbFwgEw8PDpDLRCQ8P5MBRVTTlUDXGpRnWkXJdI5oamSPlknPp38FGeWyMy5YQBoMhNDS0traWpzMGBjyZq6urIyMjTSbTsmXL4uPjCYLo7u6WSqV2deKI/SOGh4cbGxsjIiKqqqqQpLy8XKlUms3m7u7uiIiIiooKgiC2bNkSHR3d2tr666+/ymSy6upq/uGgdiUUsrKymAMk2K5OampqaWkpc1BccoTFYikpKRGLxevWrevq6iLlXV1d69atE4vFJSUlaCpxTTe9Xi8SidClDwsLU6lUxL+WTM4m0pIJhsHzTDrmlKfpgas4FbvLDmHPuoj/ncLUDthdZ6YME7sfQ7VOHh8jEolIeXt7OzlFx8bGjEYj+VNdXV1cXBxXUq1Wr1ixIigoSCKRiMVi1K7RaKRVbtfHcPU/OTk5KioqJyenvLz8/PnzSNjf30+dqGKxmLq+EAQxMDAgFArHxsaoQqPR6ObmRia7urpYrYo2t7lOdVkHznqYS9UYl2ZYR8p1jaitsI6US+6gj7HbKMGwMS5bQsTGxqIVmacz/HC5VaPRKJFISkpKWlpaoqKieMZOq8dunxGnT58mb2woFApy/aqvr4+JibHZbB4eHlqtFgmPHTtGc1SsHfDw8KAudmgttutjdDpdaGgo0wFwyWn09/crlUrq3SOhUKhUKsl/rRCs040giKioqNraWrQLRP9+0WYT1ZJpBj+hSUeTcxWf0LLDhd0pbHedmUoI/6v9EoZh2PTp0wMDA8kk/xNlSqUyLS2tqqpKJBKhh3yebGeOHz9+6dIlnU5nNBpzcnKWLFnyww8/WK1WgUDQ1tYmFP6/ZgQCluNEtKN3EY4P3MEHbJgjzc3NdbAzXCN1qQYc5M6dO1qt9q+//uLPxjxNunfvHmvOe/fu9ff3L1y4EMOwwMDAmpoapVLZ1tZGuxfi3NhHR0c1Gs0rr7yCkqGhoUajEcOw+/fv9/T0zJkzB8kVCoXRaOzv77fZbC+//DISRkVFGQwGu8MRCATMZ389PDysVuujR4/IblssFg8PDzJDXl5eSUnJzJkzaQW55FSuX79eUFDQ2NhYVFRECouKisrLyzMzM4uKil544QUkZJ1u2L/HZXq9Pj4+3t3dnact7D95omyiyw7r5bBbiYPrzBSB3wU5t4/BKGcFKpWK9V+wsbExiURC7lVpSeZzNahd2qZVpVIh+dDQkEAgoG6Q7e5jqFCf28FxnPUwhEQqlWo0GtpYuLbtE93HcA2c+d8oU4GsmmEdKdc1Yv5TTxspl5xL/1QcbJRmYzy2NDY2Rg6f1pBzZ2VIh9Rjn/T0dAzDdDqdXZ3YtX+r1SoUCsnTzvr6enQ8gpYbciAqlQoZj0gk6u7uRsK6ujryJIfnrIxr9yaVSpuamshkZWUlOgYkCKKxsZF5RsQjp5KRkYHjeE5Ojtlspv1kNpuzs7NxHM/IyGAWpE43nU7n7e0dHR199OhRJEFXQa/Xk2Mn5z7N4Cc06Rw5K5voskOwXQ4Hp7DddWbK4LyPsVgsQqGQnJBkEs2xpKQkg8Gg0+mioqIKCwvJGsitNzqSJuW0JEEQUqm0srJyYGCgq6tLqVSS7SqVSmrlpHzRokVpaWkmk6mrq2vp0qX8Pqa9vT0+Pv7cuXNms7m3tzctLS0xMRHlycjIiI2NRf9wlZWVFRUVUbtNEERJScmiRYu0Wq3BYMjKympsbCQIIi0tbfXq1b29vTqdLjo6Gh3gOO5jqPWzDpy5gjA1xqoZ1pFyXaOhoSGhUNjR0YGOg1hHyiVn1T91aFyN2vUxXLZE0xu1BqfPyjIzM5csWaLT6cxmc01NjUQiCQgI2LVrF5mBSyc0H8Pa58TExOTkZIPBoNFowsPDKysryQsXHx+v1+u1Wm14ePjPP/9MEERWVlZcXFxPT49arVYoFDU1NRMaCJWDBw8qFIrGxkaz2XzixAmxWEy6nNjY2IaGBurbMPxyKikpKaQn4OpSSkoKwTvdCIJQKBRubm7Us7WkpCSlUqnX63U6XWRkJLIHpsFPaNLRbJur+ESXHVZYK6F1gHWdmZI472MIgigsLPTw8CCtHyX37t2L43hpaalUKvXx8fnkk0/Iu9zU2nJzc/Pz88mqaEmCIBobG2NiYkQiUUBAQE5ODvUfh5UrV+I4rlAoysvLSXl3d3dcXByO4+Hh4RUVFfw+xmazFRYWIuOWSqUpKSnkc/pWqzU7O1smk3l4eCQkJPT09DD/A9q+fbtEIhGJROhWLUEQFoslPT1dIpHIZLLCwkJkRg76GFo21oEzVxCmxlg1wzpSVFtZWRnzGuXl5ZHXlHWkXHK7+kd/Mw3D7l6Z1ZaY+qTKnfYxVqs1Ly9PLpeLRCL0z3VPT4+HhwfpS7h0QvUxXLq9e/ducnKyj4+PTCYrLi4mGzWbzR9++KFYLJ47dy55jx29QSmVSufOnVteXj7RgdDYt2+fXC53c3OLiIioq6sj5VwHGxM98OCHZ7oRBLF9+3ZyX4UwmUyJiYk4jsvl8tLSUnSVmQY/0UlHtW2u4hNddljhqoTaAeY644RiJwWPZTqsODjDFQpFS0sLVxKwy6TT2ISWfqeLAFOMjo4OdD980hk8gPhP7/lTIeMysSYBu4DGgOcBjUYTGhqKgcFPWh73YYYrV658/vnnThQcHR1dv37933///ZgdAABgivHdd98dOnTo3r17Fy5cyM/PpwV2AyYXj+tjUlNT5XK5EwVnzJjh5ubm+EO0AAA8JyxbtqyyslImk6WkpGzZsmXDhg1Pu0fAY+DE+RoKsUwQhNlsFggErM+cxMfHo9eY0WM2VMj7e2q1Gr33ZJenci7PdUuZmoHWq+zsbJFIZPcRIAAAgOcEZ+7HIB+zY8cO9DIX8y2tzs5OtVpdV1eHkjiOm81m8lfybSOxWGyxWJzowLMJiu6uVqsjIiKedl8AAACeCVxyz7+ioiI9PZ361i7/28JTA+Rx4fN8AAAAJA59B5MaUp4axh+FMacxODhYW1tLDTU6Pj6+detWf39/f3//bdu22Y1izRVSnoQrdDZrEHuuyPas8ITH5w/WTY3ufvjwYYwtcviNGzc8PT0vX76M8vv6+v7++++YYzHSAQAAJiMOxfanhpSnhfFn5q+urk5MTPT39yclw8PDOI7rdLrm5uaGhob9+/fzt2g3dDxX6GzW+OFcMfxZg3JzRfC2G6ybGt09JSUFY4scHhISkp+fn52djWFYQUFBQkLCW2+9hdmLkQ4AADCJ4b9do2cLKU97pZlWJDQ0VKPRkDfMrVYr9c0plUpFRrHmupNvN3Q8FTJ0Nmv8cJ4Y/sxAQzwRvFlb5IrYRnAHU7LZbGFhYYWFhRKJhHzVmStGOgAAwGTH/v0YHMeZ3zTk4uTJk3K5fMGCBTdv3kSSmTNnvvrqq2SGsLCw3t5enhoGBwf7+/sjIyN58ly+fHn79u3t7e02m218fHx8fBzDMF9f36SkpNjY2Li4uKCgoJiYmDfffJNViCphRqi9c+cOhmFkBNywsDD+Fnm4e/euzWYLCQkhq0LeesaMGQcPHlyxYkVFRQW51fP09NyxY0dGRsamTZvCw8NHR0f5KwcAAJgsPOGA0hUVFegsiAe7CzRmL3y6Uql84403GhsbNRrN6dOnSfnx48fRN6ZsNltOTs6XX37JJcQm+D1BrhadwGQyCQQCk8lEFV6/fh0FWKTGSAcAAJj08G9zWA+peM7KMAwTi8XoqzsCgUAikXh7e5OfeCIIoq6uzpGzMlr4dGpOrtDZNKjxw1mFds/KyAjeDgbrduSsbGBgICAgoLa2ViwWt7e3o195YqQDAABMapzxMWQY/97eXurn4QjKwt3S0uLt7W0wGK5duyaRSAoKCsxmM3p3hPxwYXd3N6t7YIZPp4XFZg2dzRo/nD+oOBOuCN6OBOum6Yo1cnhmZua6desIgiguLl62bBnKaTdGOgAAwCTFGR9D/BvGv7q6mvZNJ2pBcoFGXxLEcTw0NLSsrIzMc+LEicjISGZZ1vDp1LDYrKGzWeOH8wcVZ8IVwduRYN00XTEjh7e1teE4jvZJVqtVLpcfOXKEpzMAAACTnWkE27ciHGfr1q06ne63336baMGRkZGwsLBdu3Zt3rz5cToAAAAAPLM8ro+hfaV8Qvz555+vvfba47QOAAAAPMs8ro8BAAAAAC6e8LPLAAAAAEACPgYAAABwFeBjAAAAAFcBPgYAAABwFeBjAAAAAFcBPgYAAABwFeBjAAAAAFcBPgYAAABwFeBjAAAAAFcBPgYAAABwFeBjAAAAAFcBPgYAAABwFeBjAAAAAFcBPgYAAABwFeBjAAAAAFcBPgYAAABwFeBjAAAAAFfxfxxMj7HFxFNUAAAAAElFTkSuQmCC)
Screenshot: ![adunse.com.ar vulnerability](/twimages/screen-1173411.jpg)
Mirror: Click here to view the mirror
Coordinated Disclosure Timeline
Vulnerability Reported: |
26 May, 2020 20:43 GMT |
Vulnerability Verified: |
26 May, 2020 20:49 GMT |
Website Operator Notified: |
26 May, 2020 20:49 GMT |
a. Using the ISO 29147 guidelines |
![](/images/done.png) |
— |
— |
b. Using publicly available security contacts |
![](/images/done.png) |
c. Using Open Bug Bounty notification framework |
![](/images/done.png) |
d. Using security contacts provided by the researcher |
![](/images/done.png) |
Public Report Published |
|
[without any technical details]: |
26 May, 2020 20:49 GMT |
Vulnerability Fixed: |
29 June, 2020 13:39 GMT |
— |
— |