Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:
      a. verified the vulnerability and confirmed its existence;
      b. notified the website operator about its existence.
Affected Website: |
safeticket.com.br |
Open Bug Bounty Program: |
Create your bounty program now. It’s open and free. |
Vulnerable Application: |
Custom Code |
Vulnerability Type: |
XSS (Cross Site Scripting) / CWE-79 |
CVSSv3 Score: |
6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N] |
Disclosure Standard: |
Coordinated Disclosure based on ISO 29147 guidelines |
Discovered and Reported by: |
xav0 |
Remediation Guide: |
OWASP XSS Prevention Cheat Sheet |
Export Vulnerability Data: |
Bugzilla Vulnerability Data |
JIRA Vulnerability Data [ Configuration ] |
|
Mantis Vulnerability Data |
|
Splunk Vulnerability Data |
|
XML Vulnerability Data [ XSD ] |
|
Vulnerable URL:
![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAAA3CAIAAABVZQ1/AAAACXBIWXMAAA7EAAAOxAGVKw4bAAAPs0lEQVR4nO2df0xT1/vHr7VggQtIKRULrmAII4SwxjGGWWcIksURQrpNERlTnMShUdYxxywzGSMZbgzYZoxZFkZkmswsGyFkWTbCflVCHDBSa8WuQ1JKqWwptbiKBcvu54/z/d7U+6uX/hCQ5/XXPeeePvd5P+fcPveee3u6jiAIDAAAAABCgGC5HQAAAAAeWSDHAAAAAKECcgwAAAAQKiDHAAAAAKECcgwAAAAQKiDHAAAAAKFi5eaY1NTUq1evshWBoLNaIrxa/AyEtaARWCOs0Bxz7dq1//7774knnmAsAkFntUR4tfgZCGtBI7B28JFjJiYmoqOjGXfNzs6ePn2arRggPT09JSUlbEX+vPHGGxEREZ2dnWwNvN3mEMuzAbf9h4Yffvod4SUReDRIP2/fvn3w4MGEhISkpKS33377/v37fqgOEQF6EpS+4OmDzx4h7UxMTMTFxQXo1VLho2JZTjFgCRCcmM1mHMf57OJo6Qe5ubm9vb1sRZ7Y7XaBQKDT6TweD1sbittut5vDoB8agxuW0B3UvwgvlcCjQfpZUlJSXl5utVqNRqNSqTx58uSyhJqRAD0JVl9wD2aET1fJBmazeePGjYF7tVR8qlg5/Q4wIlzuHMfArVu3TCZTfn4+Y5E/LpcrMjJySXMOGzZsWOpRHgH8jvBDhvTz3r17IyMjRqMxKioKw7C2trby8vLq6urldvD/EAqF6enp/n02iH0RlMFMaglEVCCszVPyUYLX85hPP/00NTU1Pj7+lVdemZ2dxTBsdnY2JSXF5XKtW7eus7PTu9jW1hYdHf3RRx9t2rQpLi7uwIED9+7dQ3aGhoaeffbZ6OjopKSkl1566caNG4yH6+npee6558LCwuhFNgtDQ0Pbt2+PiIhISEjYs2fP1NTUzMyMt4cYhs3Pzx86dCg6Oloul7/77ruLi4sUFZQb88XFRY1Gs2nTpqioqD179szMzHg7ef369fj4+MuXL6Mi3Tg9St4fZzN+9+7d1157LSEhYcuWLe+9997i4iLyqrW1NTU1NSoqau/evTMzM2+99VZCQkJ8fPzBgwfv3r3LGMYPP/yQ0gXI1OnTpxMSEjZv3vzFF18wBpyuZe/eve+//z5pefv27WwhJY+CHI6Li3v55ZcZxwyjWO5BQvoZERExOTmJEgyGYWNjYzKZjFs1acR7zoftWIy9Qx9jjGHHMCwpKemPP/4giz/++CNbS3oDPqOd7h69Z71Vo236KUnvEbqrpJakpKTff//dD0WMKvhIwB6cqfNbAttnGY/IOCaBgOC+zTGbzRiGVVZW2my2sbGxgoKC6upqtMtoNOI47na70UwUWRwfH8cwbPfu3RaLZWxsLCsrq6GhAX1EKpW2t7c7HI7x8fG2trbx8XHGgxYVFV28eJGxyGbhs88+6+jocDqd09PTarVapVLRPayvry8rKxsfHx8dHc3Pzz979iylDeWmu6mpKScnR6/XW63WmpoarVZLNnA6nenp6Z9//jnZmNE43QcO46j+1VdfLS4utlgsBoNh27ZtZ86cQV1QUVFhtVpNJpNSqZRIJKhH0AVvTU0NY6/RuwDV79+/f3p6+ocffjAajYwBp2v55ptvcnJy0F6bzSYSiZxOJ5tq8ijIQ6VSefToUcZo0MVyDxKKn6RNmUw2ODjIoZoyqUvO+bAdi7F3GMcYQRASGhQPExMTCwoKhoeHCRqDg4MFBQWJiYmMGvm7R+9Zb9VskaH3CIerfitiVMFHAvHgTJ3fEpZ0OjCOSSAQeOWYO3fuoOLAwMDWrVvJXYzPY9BHLBYLqu/q6kJfTw6HQygUMs6uWiyWlJQUtO1yuXAcdzgc9CKHBW/GxsbQEKd4KJFIXC4X2tbpdLm5uZQ2lPZSqXRkZIQSDdSgqKiI/N7kME63yWGcIAiPx4PjOPlV0tPTk5eXh+KJvtMJgujv7xcIBHNzc6g4MDCQlpZGscPWBaiejC2CEnBGLXNzczExMcjguXPnSkpKOFRTxkx/fz/jmGEUy9HFdD8JgrBarVu3br106RK3asYcw3Esxt7xhhxjyAcKdM+bmprEYnFpaanJZEKVJpOptLRULBY3NTWRMeQ52hlHJqVn6TmGHhl6cBhdpcNfEZsKPhIIHt8qfCTwPx0YxyRbEACeLO2Zv/c1IEeOEYlEZP3o6KhUKkXbZWVlCoWitra2paXl119/Jdt4PB6bzYa2u7q6CgoKyF2UIpuFkZGRwsJCmUwmkUjEYjFy0ttDh8OBYRh5pSkWi5FXbDnG6XQKhULKzQdqUF9fLxAIOjo6yHo24/QocRgnCMJms4WHh5NFk8mUmJjI0QX0IlnJ2AWMzlAizKalrKwMXdMVFhaiC20+ISXYxwyjWIK9iyl+IvLy8sgrTZ6qvf1hPBZb7zCOMf44HA6VSiUUClFRKBSqVCry0oFRI3/36D1LGdhspyTjkKC4GogiRhU8JRD8vlV8SuB/OrCNSSAQHurvY7766qv29vbs7OyFhYXa2trjx4+j+vXr12/evBltc7+1zGZBpVLt2LFDq9XqdLrvv/+efmi32y0QCIaHh3U6nU6n0+v1Op3Op8Pr16+n1MzNzXV1dV26dOnkyZPoMUMQjS8LlAizaSktLe3u7r59+/bg4CBq759qn7B1Mf2N3lu3bun1erJBEI+FMfUO2xhLoEE/0M2bN48dO6bVahsbG1FNY2OjVqs9evTozZs3yWY8Rzuje8GC7irPZoyKMM6zfnklAA8J7hTk330M5nVn2t3dTd7VeqPT6ZKTkymVHo9HIpGQ96qUIpuFf/75x/uaS6fT0e9jCILAcZw+AcI9V6bT6SiNhULh6OgoQRDFxcXHjh3jNk63yWGcYJ8r8+M+hrEL6M4wRphRi9vtFovFn3zyyYsvvsjdkueY4TMvQXYxo58ej8e7hk31nTt3BAKB99wd4y2I94Ck9w7bGCN4zJVVV1fjOF5bW2u3273r7Xa7Wq3GcRw94+Q52hnd83kfw3ZKUj7I5qp/ijhU8JFA8PtW8SlhSacDzJUFHf9zjMvlEgqF5GwsWSSfsFmtVoPBoFAo0BO20dHRXbt2/fzzz3a73WKxVFVVFRcXk5bRjK1Wq83KyiIrKUUOC1Kp9Ny5c06n02QyqVQqxhxTXV2dl5dnMBhsNltzc3NjYyNFBf2Zf25uLnosiS6LvBsYjUaRSKTX6zmM06NETkzTjaP6qqqqkpISyjN//jkG2WfrAvpJRYkwt5by8vKYmJivv/6auyX/MUMXy9bFjH4SD/54gk01QRC5ublVVVXT09PoHQTkD8dwYuwdxjHGh4qKCrPZzLbXbDZXVFTQNS7JPT45hjEylB7hdnWpijhU8JFA0HKMfxL4nw4E05j0GQ2AG/9zDEEQDQ0NkZGR58+f9y62trbiOP7BBx9IpdKNGzfu378fPaBeWFhoaGhIT08PDw+XSqUVFRXT09OUo5w4caK+vp60TylyWNBqtTk5OSKRKDExsba2ljHHuN1utVqdnJwcGRlZVFREXq2QKijtPR5PXV2dRCIRiUQqlcput1Ma1NTU7Nixg9s4m326cVTvcrkOHz4skUiSk5MbGhrob7tx5BjvExLH8ebmZkoX0E8qSoS5tXR3d+M4Tr5uwNaS/5ihi2XrYkY/6aFgVE0QBHolEsfxzMzMM2fOoE9xDCfG3mEcY0GE/2j3OTIJWo5hPCURlLM4uLCp4COBoA1p/ySwfZbxiPQxGcRorE185Bg/YJsd4kN6evqVK1fYikDQWS0RXi1+BkLoNAZySq4QApHwCMhf1ays3/n/+eefHEUg6KyWCK8WPwNhLWgE1iAP9b2yq1evHjlyhKPB/fv39+3b9/fff/M0CEugAwAArGQeao6prKxMSUnhaBAWFhYeHn7ixAk+1mAJdAAAgBVO8HOMXC7/999/ySK58vbMzIxer1er1d6N5+fn9+3b572clFqt7uvr43OgFbUEOgCsWCin5GokEAmPgPxVTcjvY5xOZ1NTE/b/qyB7r6I6Pz+/a9cuj8fj3V4sFrtcLj6Wg5Jj5HK53W732YxUAQAAAPBnOf8Hc3p6urCwsKWlxY/PrrQl0AEAAAA6vP4H0+fC8nxW3v72228pxuVy+TvvvMPf1xWyBLrPhc0BAAAAhO/7GJfLpdPp+vv7dTqdzWbLyMiw2+16vf7KlStms7m+vp5sNjg4ODw8PDw8PDIy0tzcjGFYbGwsufL2Cy+84LeXQ0NDO3furKysJGu8J8qKi4srKystFkt/f79SqRSJRKi+ubm5r6+vr6/PZDLJZLLR0VHkp9FoNBgM58+fVyqVdLHcKioqKiorK3fu3On9ByEAAAAAM9w/nzHzW1iez8rbbL+EYlv3DLECl0Dnuf45AAAA4Ps+Bsfx2NhYtJ2cnBwTExMREYGKMpmMfGAuEom2bNmCtjMyMiwWS1BSYGZm5sLCwvj4uEajIf/3sLe3Nzc3F/2bYVxc3O7du/Py8t58883W1tbffvsNtZmdnXU4HNnZ2XQ55N8g0uGjIioqSqPRjI2NLSwsZGZmBq4RAADgUWU5n/nzYWUugQ6LhwMAAPAhaDnG7XZPTk6ibZPJ9NhjjwXFrEajMZlMUqlUoVCgNQIWFxe/++47ylvLTz755IEDBzQaTUdHR3d3N4ZhsbGxYrF4qasA8FFx5MgRhUKRmJhoMpk0Go2fwgAAANYAwbyPqa2tnZqaun79ekNDQ3FxMaqUSCRut/uvv/4SCASUn8Iw4vF4hMIHVlGLj4//+OOPDQYD+t3MwMBAYmJiamoq2nvjxo3nn3/+l19+mZmZmZycPHv2rEKhQLvUavXhw4evXbs2NTV1/Pjxy5cvB64CwzCXy2UwGFpbW+Pj43nFBQAAYK0StByD43hOTs62bduUSmV2dnZdXR2qj4qKOnXqlEKh6O3txTAMfU1zoNPpGO8e5HL5hQsXMNpEWVpaWl5eXnV1tUwmy8nJcbvd7e3taFddXV1+fn5BQUFaWprVauXz7MSnis7OzgsXLsjlct8RAQAAWPOsIwgicCsTExNZWVk+F2x4/fXXDQbDTz/9xNZgfn4+IyPj1KlThw4dYmvz+OOPf/nll08//bT/7rLAUwUAAADAk4e6tn9LSwv3X75v2LDh4sWLzzzzDEcbWAIdAABgtfBQ3ysLCwt76qmnuNtwJxgAAABgFbHS310GAAAAVi/BeR4DAAAAAHTgPgYAAAAIFZBjAAAAgFABOQYAAAAIFZBjAAAAgFABOQYAAAAIFZBjAAAAgFABOQYAAAAIFZBjAAAAgFABOQYAAAAIFZBjAAAAgFABOQYAAAAIFZBjAAAAgFABOQYAAAAIFZBjAAAAgFABOQYAAAAIFf8D0N7lKqS9ms0AAAAASUVORK5CYII=)
Mirror: Click here to view the mirror
Coordinated Disclosure Timeline
Vulnerability Reported: |
11 June, 2020 14:48 GMT |
Vulnerability Verified: |
11 June, 2020 15:03 GMT |
Website Operator Notified: |
11 June, 2020 15:03 GMT |
a. Using the ISO 29147 guidelines |
![](/images/done.png) |
— |
— |
b. Using publicly available security contacts |
![](/images/done.png) |
c. Using Open Bug Bounty notification framework |
![](/images/done.png) |
d. Using security contacts provided by the researcher |
![](/images/done.png) |
Public Report Published |
|
[without any technical details]: |
11 June, 2020 15:03 GMT |