Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:
      a. verified the vulnerability and confirmed its existence;
      b. notified the website operator about its existence.
Affected Website: |
td-barselona.ru |
Open Bug Bounty Program: |
Create your bounty program now. It’s open and free. |
Vulnerable Application: |
Custom Code |
Vulnerability Type: |
XSS (Cross Site Scripting) / CWE-79 |
CVSSv3 Score: |
6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N] |
Disclosure Standard: |
Coordinated Disclosure based on ISO 29147 guidelines |
Discovered and Reported by: |
geeknik |
Remediation Guide: |
OWASP XSS Prevention Cheat Sheet |
Export Vulnerability Data: |
Bugzilla Vulnerability Data |
JIRA Vulnerability Data [ Configuration ] |
|
Mantis Vulnerability Data |
|
Splunk Vulnerability Data |
|
XML Vulnerability Data [ XSD ] |
|
Vulnerable URL:
![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAAA3CAIAAABVZQ1/AAAACXBIWXMAAA7EAAAOxAGVKw4bAAAO6ElEQVR4nO3df0wb5RsA8FvpsIPrxo+2QOmETmWELKgLQTRM52Y2goTUjeGvjqESxIVMQiaBThHZZBsOE8lC9s+SSYwaY8xCiJkLTtMQsh/AKjbIOmSldrVCQWAFS4Xe94/L93Le3fv2YL3RjefzV+94732fPkd46dv2eddQFEUAAAAAEpCtdAAAAAAeWDDHAAAAkArMMQAAAKQCcwwAAACpwBwDAABAKjDHAAAAkEpYzDF6vf6XX35BHYKlggQCAMLEys8xv/76ayAQePzxxwUPwVJBAgEA4SPIHDM6OqpUKgV/ND09ffz4cdSheB0dHYWFhfxDTIejo6OxsbFLDVgK93g4MZgETkxM7N+/X61WJycn19XV/fvvv5irUI3n5+dfffVV9nNknjLmLmCEYcYAANJZ/uuYqamppqYm1KF4qDlm2R2uckwCS0pKAoGAxWK5dOnSzz//3NjYiLlKsPH8/HxeXt7CwkIIw0tJSfF4PCHsEAAQ1igsu91OkqSYH2FaYrhcrpiYGL/fzz/EDx0TE7PUgKVwj4cLikmg1+uVyWRTU1P0+e7u7rS0NNRVqMZ2u/3YsWOc5+h0Ordu3Uo/yM7OlvDJAADuf6Jex3z22Wd6vT4+Pn7//v3T09MEQUxPT6empnq93jVr1nz++efsw08//VSpVH7yyScJCQmxsbEHDhz4559/UD13dHTs2rVr7dq1nENO/wRB3L59e/fu3UqlcvPmzV9++SU+4JMnT/JHv3bt2tNPP71u3Tq1Wr1v377bt28T/1+6OX78uFqtTkpKOnv2LN1y27ZtSqUyOTl57969v/32G0EQ8/Pzb731llKpTElJ+fDDDxcXF/njzs7Ovv3222q1euPGjR999BHdhh6ipaVFr9fHxsa+/vrrdA5RIbHxw+OsNXEWrJgEejyeqKioDRs20Od1Ot3Y2BhBELdu3YqOjr5+/TpBEBMTE7GxsT/99BOqcUpKypEjRzghJScn9/X10Q+uXLlCn/zhhx/wd4Rpw15qY9ISHR398ssvT0xMvPfee2q1Oj4+/o033pidnWWu/fPPP1988UWlUqnX61taWvhrdPxbJnhnCYJYXFysq6tLSEiIjo7et2/fxMSEYLSCiQr6HAEAHMHnGK/Xa7FYenp6rl696nK5amtrCYLYsGHD0NAQSZI+n89oNLIPX3rpJa/Xe/Xq1d7e3t7e3v7+/ubmZlTnqIUyTv8EQVRWVq5fv35wcPD777/HzzFer7f3/9ij9/f3l5eXu91uq9Wq0+kqKyuZ9kNDQ1ar9dy5c7m5uQRBFBQUlJaWOhyO7u7u3NxchUJBEERjY+Pc3NzAwMCFCxfMZvOZM2f4Qx86dMjlcvX391+4cKGjo6OtrY0ZYmBggM6hw+EwmUz4kDhPhxMeBieffHq93mQyVVVVEQRRX1+fn5///PPP4/sUo7S0dOfOnfTcw3ft2rWdO3eWlpZyztO/Wt3d3RaLxeVypaenezyegYGBy5cv2+12JksEQVRWVkZGRg4PD3d1dbW3t/OHELxlgqlrbm7u6urq6uqy2WxarXZwcJAgCDWPRIkCYNXBv8yx2+0EQczMzNCHPT09mzZtYn4kuFZGX+JwOOjz3333XVZWFv3Y4XCkpqYyl3i9XpIkJycnBQ/Z/S8sLCgUCnafmLUy1Ohsw8PDiYmJTHtmUIqiJicn5XK5z+fjXKJSqbxeL/3YYrHQy0ScIEmSHBkZoQ87OjpycnL4Oezu7mZyKBgS/+mww+OnnUkFO4GYZn6/Pz09vaGhQaVSud1ufGP+TwV5vd6mpqa4uLji4mKbzcact9lsxcXFcXFxTU1NdPY4vyfsBTqZTDY3N0cf9vT0PProo/Rj+u4zieXffcFbxk8dTaPR9Pf3c046eQQTBQBYKnnQSYgkSWZxRqvVTk5OBr1EoVBs3LiRfpyenu5wOJjLe3p6mGYXL17Mzs5m1j04h2z00g27T+ZHarWaeTw+Po4Z/fr16zU1NYODg36/PxAIBAIB5gmyB42NjS0qKsrJydmxY4dWq83Kynruuef+/vtvj8eTmppKtwkEAnI5N3VjY2N+v1+v1zND03/miP/mUKfTMTlEhcTGCQ8Dk0C2tWvXnj59+oUXXmhtbU1ISBDTc1DR0dF1dXUVFRVvvvlmRkYG87G0jIyMgoKCkZERZiGOjSRJ9gLd+vXr161bRx9qtVrmowFjY2OBQICdWE4/greMEErd9PT05ORkZmYmp4fk5GR+eFIkCoDVJvgcE0IRERFJSUnMIWqhbEksFovIlgaDoays7MyZMwqFwul05uXloVp+9dVXfX19VqvV5XJVV1c/88wzJpNJJpP19vYyU4tMFoKvFokPSQzxCXS73TKZzO12381wHL///nt9fb3ZbGZ/gK2xsfHUqVMHDx5sbGx85JFHQjgcB/+WHT58GNU4IiKCc4b9nwqN/n9FikQBsLrgX+ZgVlFErpWdP39ecLVqYWFBpVIxCyCcQwq7Vnb+/HmRa2XM6GNjY3K5nGlmsVjoHoIuBFksFp1OR1EUSZL8NRaRa2WCOUSFhOqfNjMzI5PJ2Ctv9FWcBGI+VzY1NZWYmPj111/HxcUNDg7iG4tJEUVRFRUVJElWV1d7PB7OjzweT1VVFUmSFRUV1H9/T/ALdMwhffftdjt9iFkppdG3DBW2RqOxWCyck4JrZfxEAQCWavlzjNfrlcvlzOI7c0j/lS8qKnI6nVar9YknnmhoaGB6YBbNzWbzli1bmPOcQ37/BoOB3Sd+jhEcXaPRtLW1TU1N2Ww2g8GAmmMGBwfz8vIuXbrk8XgcDkdZWVlBQQFFURUVFTk5OfR/ys3NzY2NjRRFzczMyOXyoaGhhYUFiqLKysoKCwsdDofVat26dWtrays+h4IhsbMk+IcyOzu7rKzM7XbbbLbc3Fz6Kn4C8/LyjEajy+Wim73//vv0+YMHDxYXF1MUdezYse3bt+Mbo2LgMBqNzBwgyG63G41GallzDEVRRUVFBoPBbrdbrdbMzEzO3Re8Zaiwm5qasrOzBwYGnE5nZWWl2WxGxSyYKADAkix/jqEoqqGhISoq6ty5c+zDlpYWkiRPnDih0WhiYmJKSkqYN3LZvR0+fNhkMjFdcQ75/Tudzl27dpEkmZaWdurUKfz3Y5qbm/mjm83mrKwshUKRmJhYXV2NmmP8fn9DQ0NaWlpkZKRGozEajfT7vT6fr6qqSqfTRUVF5efnM68YamtrmSC9Xm95eblKpdLpdA0NDfTEg8lh0JAE/1AODw/v2LGDJMmMjIzW1lb6Kn4Cx8bGXnvttbi4OK1WW1tbS3/rqLe3lyRJ+nWez+dLTU1tb29HNcbEsGzLm2PcbndBQQFJkqmpqSdOnODcfcFbhgp7YWGhpqZGpVIpFAqDwcB/4UVDJQoAsCRrKIoK7eLb6Ojoli1b7ty5g2+2efPm9vb2p556SvAQLNXqSeCNGzeeffbZv/76a6UDAQAEd0/f82e7ceMG5hAs1epJoMVi2bRp00pHAQAQZeXrLt8XFhcXT548efPmzZUO5H51lwk8evTo2bNnx8fHr1y5YjKZKioqQhseAEAiMMeIEhEREQgEMB+HBXh3mcDt27e3tbXpdDqj0Xjo0KEDBw6ENjwAgERCP8ekpKQEfTPmnll2JXn+zgI1NTVOp5Op0CW1UNXAvze19MXs7CAygYJ7B2zbtq2vr29+fv7mzZvvvvtuSGIGANwD8DpGGH9ngYiIiL6+vtXwpvoyiNmIARIIwCoEcwwIL3K5PC0tjf0AAHD/Cj7H8OvVY4rVE0I18FEF6jl11zGF8fkV2vmC1skXjE1wCP7OAiIzw/QmuLUBZnRUMvmbFGBq+2MK4AtudoCJn98/Jk52ukpKSnbv3s1cfuTIEcx7J4I7Aix77wAAQBgKPscI1qtHFasnEDXw+VXW+WcwhfE5LfmV2AlxdfJR9fk5Q/B3FhCfGbo3wa0NMKMLJhO1SQEKqgA+qh9U/CioONnp+vjjj81mM/OGXEdHx549e1Ad4ncEWF5LAEB4wX9FU7AGF75YPb8GvmCBes4ZfGF8ToV2wepSbOzS/ewve6Pq8/OHCPrldnzAgpsLYEbnJxPVD+rr8agC+Kh+llpdDX/T2Vfl5OR8++23zEn+LgkM1I4Ad9MSABBWgnwHE1WvHlWsHlUDn19lnXMGXxifc61gJfagdfIx9fnF188XE7Dg5gL40QWTidqkABUPqgC+YD+Y+FFQcXIYDIbOzs69e/d2dnbm5+c/9NBDqA5ROwLcTUsAQFgJ8ff8fT4fvwa+3+8P7SiCldiD1skXjC20gWGs7Oj30p49e+glzc7OTv7elxyCOwLcZUsAQPgIMsdoNJrIyMhbt27R//AODQ0x/4kLSkpKioqKmpycfPLJJ5mTo6OjQeNY0kD8PWPGx8ddLtcHH3xAHzLbWwWNbdkwAft8vj/++IN+6WCz2R5++OHljS7YT1xc3Nzc3J07d+iXFE6nk4lHJpONjo6mpKTQ8eD7QcWP6l+8xx57TKPR/Pjjj5cvX/7mm28wLd95550vvviivLzcZrPFx8eHpCUAILwEXU3j16vHV8zl18Dnv7ch+G6HmML4GIJ18jm19wXr8wsOwdlZQGRmKOzmAmJG57z/IdiPYG1/ClEAH9OPYPyo/vE3nZOu+vr6zMxMek8EjKA7AiyjJQAgrASfY/j16vF/bvg18EXOMWIK42MI1smn/lt7X7A+P2oIzs4FYjLD9Ca4tYGY0dlzDGqTAsHa/hSiAD6mH8H4Uf3jbzonXfQLTUzqAACrROhr+69yIrc2kNrKFsCfnZ1VqVQul2upn6QAADxgHsy3ncHKFsC/ePFibm4uTDAAgBXbPwaE3NGjR7VabWFh4cjIiMlkqq+vX5EwpqenT58+/corr6zI6ACAsAKvYx4cYVIAn3njZ0VGBwCEFXg/BgAAgFTgdQwAAACpwBwDAABAKjDHAAAAkArMMQAAAKQCcwwAAACpwBwDAABAKjDHAAAAkArMMQAAAKQCcwwAAACpwBwDAABAKjDHAAAAkArMMQAAAKQCcwwAAACpwBwDAABAKjDHAAAAkMr/AG5mbqJmAIWwAAAAAElFTkSuQmCC)
Screenshot: ![td-barselona.ru vulnerability](/twimages/screen-1207439.jpg)
Mirror: Click here to view the mirror
Coordinated Disclosure Timeline
Vulnerability Reported: |
26 June, 2020 14:34 GMT |
Vulnerability Verified: |
26 June, 2020 14:44 GMT |
Website Operator Notified: |
26 June, 2020 14:44 GMT |
a. Using the ISO 29147 guidelines |
![](/images/done.png) |
— |
— |
b. Using publicly available security contacts |
![](/images/done.png) |
c. Using Open Bug Bounty notification framework |
![](/images/done.png) |
d. Using security contacts provided by the researcher |
![](/images/done.png) |
Public Report Published |
|
[without any technical details]: |
26 June, 2020 14:44 GMT |
Vulnerability Fixed: |
17 July, 2020 19:59 GMT |
— |
— |