Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:
      a. verified the vulnerability and confirmed its existence;
      b. notified the website operator about its existence.
Affected Website: |
consalud.es |
Open Bug Bounty Program: |
Create your bounty program now. It’s open and free. |
Vulnerable Application: |
Custom Code |
Vulnerability Type: |
XSS (Cross Site Scripting) / CWE-79 |
CVSSv3 Score: |
6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N] |
Disclosure Standard: |
Coordinated Disclosure based on ISO 29147 guidelines |
Discovered and Reported by: |
xav0 |
Remediation Guide: |
OWASP XSS Prevention Cheat Sheet |
Export Vulnerability Data: |
Bugzilla Vulnerability Data |
JIRA Vulnerability Data [ Configuration ] |
|
Mantis Vulnerability Data |
|
Splunk Vulnerability Data |
|
XML Vulnerability Data [ XSD ] |
|
Vulnerable URL:
![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAAA3CAIAAABVZQ1/AAAACXBIWXMAAA7EAAAOxAGVKw4bAAAPqElEQVR4nO2df0wb9RvHb1CgwAGjlFsHnYUFgZAFG8SKEc2yLRMJIZ2yuSE6lhHGFjabynCdiyJ/MGUwdTHEGDSbM+ofZiGEEDSIWgnRgc3RVcYqm6yUDhdAwNtWurL7/nFf79vv/er11wbsef11n7vPfe55P8+Hz9P7FB7WkCSJAAAAAEAICHvQBgAAAACrFsgxAAAAQKiAHAMAAACECsgxAAAAQKiAHAMAAACECsgxAAAAQKhYvjkmPT19eHiYrwkEHfAwwACmBBA4yzTHXLp06d69e4899hhnEwg64GGAAUwJICh4yTHXr1+Pi4vjvDQ/P3/y5Em+ZoB0dnaWlpbyNVclAq4WvisxMTHwp9Me9s+MIBKgIvEz1o/R/v7773379iUnJ6empr7xxht37971207/8Ck6AYYyKD90Im3wGhp6nGBNeJ8QoyK4C+Bqwv/3mLm5uaamJr5mgDyEOebB8jB4OPApWllZ6XK5cBzv6+sbGBh46623gmXbMiQoU0KlUk1PT3vtFtzVI+iIUbHMJTxAluNe2Y0bN6xW6+bNmzmbQNABD4vhzp07JpPpk08+SU1NzcrKOn369DfffPOgjRJCIpFkZmb6d28Qp0RUVFTgg9BaAhEVCEFR8XAiKsd8+OGH6enpSUlJr7zyyvz8PIIg8/PzaWlpBEGsWbPm3Llzns3Tp0/HxcWdOnVq3bp1iYmJe/fuvXPnDjXO4ODgM888ExcXl5qa+uKLL16+fJnzcZ2dndu3b4+IiGA0d+zYcerUKerk8PBwVFQUZQyCIAcOHDh69Khwh0cffVT4doYZS0tLBoNh3bp1sbGxO3funJmZQRDk1q1bBw4cSE5O3rBhwzvvvLO0tIT8+yrd2tqanp6emJj48ssv0yNzSh4cHHzqqaeio6OTk5N37tw5OTnJeDTj3ZyxPzA5Ofncc8/FxcVlZWV9+eWXbAcuLi7u378/Li5OpVK9/fbblJEC/mc4HEGQ9957jxE+AZM4h+X0Hp92PkUC3j558mRycvL69es//fRTtge8zljPkMXGxr700kszMzNHjx5NTk5OSkrat2/frVu3GGNGR0dPTEzExsZSzbGxsZSUFAGvckaBUz6nIj4HcqrjJDU19bfffqOb3377LV9PdgfGlBAZYrYQz2lDHbNXBkZoOE2ltaSmpv76669+KBI/SwVUiJcA0HjPMQRB4Dg+MDBw8eJFh8Nx7NgxBEESEhJGR0dRFHU6nRUVFZ7NHTt2EARx8eLFoaGhoaEhk8nU3NxMDVVSUlJZWWmz2fr7+wsLC6VSKecT+TbKSkpKent7qZNdXV337t3r6emhmr29vcXFxcIdtFqt8O0MM5qbm3t7e3t7e61Wa0pKysjICIIgR44ccTgcJpOpp6ens7Ozra2N9pLZbKa8ZLPZjh8/LiDZZDJVV1dPTU1ZLBalUllbW+s1Cp7U1tbGx8ePjIx0d3dz5pjGxsbbt2+bzeaenh6j0fjxxx8LGMN2OEEQQ//iGT4+OIfl9B6fdj5FAt4eHR21WCxnz54tLCxk2CNmxtLd+vv7cRx3OBzZ2dnT09Nms/mXX34ZHx+nI8jJlStX6urqWlpaBLzKGQW+0LMV8TmQUx2CIMksGDZXVlZu3brVM+vQDA4Obt26tbKykj7DmBLiQ+w1NOyVgR0aAVP9VuTTLBVQIVIC8D9IQcbHxxEEWVhYoJoDAwMbN26kL6Eo6tmTalK32Gw26vyFCxfy8/NJkpydnZVIJE6nk/0Um82WlpZGHRMEgaLo7Owsu+lwOGJiYqgRNBqNXq8vLy+nnhgfH+9yuYQ72Gw24dsZVmEYZjKZPM+43W4URa9du0Y1Ozs7CwoK2F7q7++nvCQgmWZsbEyhUDD8yfbt2rVraRukUqmne+lLNHK5nCAI6hjHcY1GI2AMw+F84eMziW9Ytvf4tPMpEvY2bTADkTOW6jY3N0c1+/v7w8LCbt++Td+VkZHBVk1ht9s3btz49ddfC8gneaLAls+niNOBAursLBj3EgTR1NQkk8l27dpltVqpk1arddeuXTKZrKmpibaWMSXEh5gthO1z9tQiWX7mNJWNeEU+zVIBFeIlADTecwzfYieQY6RSKX1+ZGQEwzDqePfu3Wq1Wq/Xt7S0/Pjjj3Qft9vtcDio4wsXLmzZsoW+xGiq1eq+vr6pqSmlUjk3N4dhmNvtbm9vf+GFF8R08Ho7zdzcnEQicbvdnicdDkdkZCTdtFqt7PTA8BKnZJPJtG3btpSUFLlcLpPJqM4ic4zD4WC4l5FjZmdnEQSR/4tMJhP2P8PDfOHzSSOn9/i08ykS6W0GImesQDfPJuezCgoKzpw5Qzc5vcoXBa+hp+BzoLDZYpidndVqtRKJhGpKJBKtVkvnWgrGlODUyGkhWwjD53wrA6efGaYGoki8BGEVvkoASJK8r9/5f/XVV+3t7bm5uS6XS6/XHz58mDofHh6+fv166lj4N8qKi4t7e3u7urpKSkoSEhLUarXRaPTc6RLu4PV2BuHh4aGQrNVqn332WaPRiON4d3d3gI9g4HQ6w8LChoaGcBzHcdxsNuM4LmBM4L8+JBBWdueQar8P3Lhxw2w20xoRHvl8UfBJvk/Tz+teGYIgV69era2tNRqNjY2N1JnGxkaj0Xjo0KGrV6/S3dhTwqcQBwW2qSK7cSp6IBKA/yKcgvx7j0E8Xic7Ojro10lPcBxXKpWMk263Wy6X09sjjCZJkgMDAxqNprS0tLu7myTJtra2I0eOKBQK+jVIuIPX2z3BMAzHcYZ5fLs3Yj5dUpJv3rzp+dEMx3H2h9mFhYWwsDDPzTe+vbKOjg72s1AU9bpPRRnD9jBf+ARMYg9LcnmPJElO7XyKRHqbQajfY9xut6e7+OSTXFEQE3oaTgcKmO11r6ympgZFUb1ePz097Xl+enpap9OhKFpTU0Ny/dDxaWRb6PU9hm9lYNzIZ6p/inySIKxCvASAxv8cQxCERCKht0HpJhWGsrIyu91usVjUanVDQwNJkiMjI0VFRX19fdPT0zabraqqqqSkhB6Z2io1Go2bNm2iTzKaFBiGYRhG9bfb7fHx8Wq1WnwH4aueO7ZNTU0ajcZsNtvtduqzEkmSVVVVpaWlNpvNYrHk5eVReyZ8XuKTjGFYW1vb3Nyc1WrVarVU54WFBYlEMjo6Sr28azSaqqqqqakpq9VaWFjouQJqtVpP99KXaONramoKCgosFovD4Whubm5sbOQzhu1hvvDxmcSnkdN7fNr5FInxNkO7yBkrMscwgsKeJAKzmjMKnPI5FXE6MJC9soqKivHxcb6r4+PjFRUVJNcPnfgQi8kxnFOLsZgIm+qrIp8kkCJyjBgJAI3/OYYkyYaGhpiYmLNnz3o2W1tbURR99913MQxbu3btq6++Sn2V6nK5GhoaMjMzIyMjMQyrqKiYmppiPKWuru748eP0+IwmRXl5eVlZGd3Mz89n9BHuIHCVIdbtdtfX18vlcqlUqtVqqc9KBEFUV1fL5XKlUtnQ0EAtPXxe4pNsNBrz8/OlUqlCodDr9bRLjx07RvtzbGxsy5YtKIrm5OScOXPG0+12u3379u0oimZmZra0tLDXKafTqdPplEplTExMcXEx9ZmU0xi2h6lxmpubGeHjM4lPI6f3+LRzKhLpbZK1kImZsSJzDCMo7J4Cs5ozCpzyOXMMpwMD/z7GK+wpIT7EYkLDXhkoGItJcPFplgrnmAclYeWyhiTJ4G6+Xb9+fdOmTf/8848f92ZlZX3++edPPvkkZxMIOuBhgEHopkQgK8MyYRVIuP9IHrQB/8eVK1cEmkDQAQ8DDGBKAMFlOdaS8YPh4eGDBw/yXb179+6ePXv++usvkaNBSXMAAICgsEpyTGVlZVpaGt/ViIiIyMjIuro6MUNBSXMAAIBgEfwco1Kp7sN+pWcl7ZmZGbPZrNPp6KuLi4t79uzxrK+l0+noQjLCLKuS5gCwarg/K0NIWQUS7j8r9T3Gs5I2QRAxMTF0YdTFxcWioiK32+3ZXyaTEQQhZmQoaQ4AABAsVmqOEWBqamrbtm1UvUJfWW4lzQEAAFY03nMMu4A2X4FrzhLlXovhC1RW96+StkqlevPNN8W7gK+kOV/N9hCVNPdaqBwAAGDF4T3HcBbQ5qvez66JLVCeXUxl9ZBW0hYuac5Xsz1EJc1F1jMHAABYSXj9K012AW2+AtfsmtjC5dnFVFbnfBAp+KfdnCcZTa8lzQVqtoeopLnIeuYAAAArCO/vMbGxsQaDYWxszOVy5eTkUCelUumGDRuo4+zsbJvNRh2jKOr5Hxtv3rzpcrnS09PpntSCS/VMSEigjpVKZXx8fHR0NNVMSUmhvzDne1CA5OTkuFyua9euGQwG+j8bfvfddxqNhrI/MTGxrKysoKDg9ddfb21t/emnn6g+8/Pzs7Ozubm5jAEZwhmIUcHpZwAAgBWNqO/8RdbZXkGIKWnOVwwcCVk98NXnZwAAHnK855iDBw+q1WqFQmG1Wg0GA3XS6XROTExQx1ar9ZFHHuG8F8OwyMjIP//8k2qOjo4K/KUkJyIf5CsGg8FqtWIYplarqQIBS0tLXV1djN9afvzxx/fu3WswGD777LOOjg4EQRISEmQyma9VAMSo4PQzAADAisZ7jiEIwmKxtLa2JiUleZ7X6/WTk5O///57Q0NDSUkJ573h4eG7d+/W6XQTExNUz/Lycl9N5HyQXC53Op1//PEHgiBhYWGMv4Zh43a7JZL/K86WlJT0/vvvWywW6u9mBgYGFAoFva13+fLl559//ocffpiZmZmYmPjoo4/UajV1SafTVVdXX7p0aXJy8vDhwz///HNQVPD5GQAAYOXiPcecP39epVIxTqIomp+fn5eXV1hYmJubW19fz3f7Bx98oFAo8vLyioqKSktLDx065JN9fA+KjY09ceKEWq0+d+4chmEIglArNR84jnO+PahUqvPnzyOsjbKMjIyCgoKampqUlJT8/Hyn09ne3k5dqq+v37x585YtWzIyMux2u5jvTsSo4PQzAADAisaf2v73rcC1+Ae99tprFovl+++/57y6uLiYnZ194sSJ/fv3840AJc0BAACCzvKq7e83LS0t9H+tZxMVFfXFF188/fTTAiNASXMAAICgs0pqyURERDzxxBMCHYQTDAAAABAKVkmOAQAAAJYhwf9fywAAAABAAe8xAAAAQKiAHAMAAACECsgxAAAAQKiAHAMAAACECsgxAAAAQKiAHAMAAACECsgxAAAAQKiAHAMAAACECsgxAAAAQKiAHAMAAACECsgxAAAAQKiAHAMAAACECsgxAAAAQKiAHAMAAACECsgxAAAAQKj4D3oJAyc3GSTgAAAAAElFTkSuQmCC)
Screenshot: ![consalud.es vulnerability](/twimages/screen-1195740.jpg)
Mirror: Click here to view the mirror
Coordinated Disclosure Timeline
Vulnerability Reported: |
13 June, 2020 11:38 GMT |
Vulnerability Verified: |
13 June, 2020 11:47 GMT |
Website Operator Notified: |
13 June, 2020 11:47 GMT |
a. Using the ISO 29147 guidelines |
![](/images/done.png) |
— |
— |
b. Using publicly available security contacts |
![](/images/done.png) |
c. Using Open Bug Bounty notification framework |
![](/images/done.png) |
d. Using security contacts provided by the researcher |
![](/images/done.png) |
Public Report Published |
|
[without any technical details]: |
13 June, 2020 11:47 GMT |