logo
DATABASE RESOURCES PRICING ABOUT US

cancundiscovered.com Cross Site Scripting vulnerability OBB-1218943

Description

Following coordinated and responsible vulnerability disclosure guidelines of the **[ISO 29147](<https://www.iso.org/standard/45170.html>)** standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence. Affected Website:| **[cancundiscovered.com](<http://cancundiscovered.com>) ** ---|--- Open Bug Bounty Program:| **Create your bounty program now**. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| **[XSS (Cross Site Scripting)](<https://www.owasp.org/index.php/Cross-site_Scripting_\(XSS\)>)** / CWE-79 CVSSv3 Score:| 6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N] Disclosure Standard:| Coordinated Disclosure based on **[ISO 29147](<https://www.iso.org/standard/45170.html>)** guidelines Discovered and Reported by:| **ELProfesor ** Remediation Guide:| **[OWASP XSS Prevention Cheat Sheet](<https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.md>)** Export Vulnerability Data:| Bugzilla Vulnerability Data JIRA Vulnerability Data [ Configuration ] Mantis Vulnerability Data Splunk Vulnerability Data XML Vulnerability Data [ XSD ] Vulnerable URL: ![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAAA3CAIAAABVZQ1/AAAACXBIWXMAAA7EAAAOxAGVKw4bAAAT1UlEQVR4nO2df0wT9//Hb1ixlPKrloLQjR9ZkDjnkDhExxaHxikhrE5F5phDZcoYU0Zwc8Q4RhwaxcXhRtjCEnREzWIcYYYwg0wJYwyxO2vDgCAiq5W5guAq1lJ9f/647+57u3u/r1ekgO71+Kvv6/te93q979W+eu/rPd9PIIQoAAAAAHADHpPtAAAAAPDYAjUGAAAAcBdQYwAAAAB3ATUGAAAAcBdQYwAAAAB3ATUGAAAAcBdTosZERERcunSJ1AQeaeBsSgfGCnj8mPwac/ny5QcPHjz33HPYJvBIA2dTOjBWwGOJkxpz7do1Hx8f7FvDw8N79+4lNaVTU1OTkpJCak5Brl27FhAQQIkOztSE9XzCYM7mGAZqfF2V7sD777/v5eV15MiRCTgWD5HMZ21OzBk8fPhwRESEt7f3woULz5496+7DAY85SJTe3l6lUinlLZGe4sTFxZ05c4bUnIL09vb6+/szr2022+Q64xJczycG9my6OlDj7qoUBywWi4eHB03TDodjzAcarw8C1uYEnMHS0tLIyMiGhgaLxXLy5Em1Wt3U1OTWIwKPN7LJrXA3btzo6upasmQJtjn1mTFjxmS7MHXhns1JHygpDlitVoVCMSmzVeKZL5PJoqKiuC/cx759+6qqql5++WWKolavXm2xWPbt2/fDDz+49aDAY4yk+zGff/55RETEzJkz33zzzeHhYYqihoeHw8PDrVbrE088ceTIEW7zs88+8/HxOXDgQFBQUEBAwFtvvXX37l2S5ZqamuXLl0+fPl3YvH///kcffRQUFOTt7b127dqBgQGKoi5cuLBo0SIvL6/AwMC1a9dev36d+mcm4eDBgxEREQEBAW+88QbjJMkIbzaDN/eFtXP9+vVXXnnFx8dn9uzZx44dY3fk2rlw4cKLL77o4+MTGhq6evXq33//neTAnTt3tm7dGhgY+OSTT37yySf379+nKGrdunWffvopa23RokXMjM29e/c2b97s4+MTFhb28ccfM52ZQ+/duzcwMHDWrFnffPMNqSfWcx7SneQOkbe397p16wYGBnbs2BEYGDhz5syNGzfeuXNHeHK5A+XqIJPiunr1qre392+//UZR1MDAQEBAwE8//URKM+5cE+noAwMD3JTGhi+0Scpz4UdGvD87Vti4QkNDL168SFFUaGjor7/+yuzy448/kuJlYfsIkxObb8PDw2azOSEhgd2+adOmL774wumBAICE8xpjtVppmm5ubm5tbTWbzTt37qQoys/Pr6OjQ6lU2my29PR0bnPVqlVWq7W1tbWtra2trU2v1+/fv59kXORmzP79++vr6+vr67u6ukJCQtrb2ymK0uv1W7Zs6e/vNxqNWq02JyeHddJgMDBO9vX1FRQUiBgRDxZrJycnx9fXt729vba2lvRNnZycnJGR0dfX19TUlJCQIJfLSQ5s27bNbDbr9fq6urqampqysjKKolJTU6urqxlTN27coGlap9NRFFVUVDQyMmIwGOrq6hobG8vLy1lXOzo6jEZjZWUl86WA7SnFc+lOUv/kQ1NTE03TZrM5OjraYrEYDIaWlpbe3l52xIQnd8yDjI0rIiKioKAgNzeXoqjdu3cnJSUxP72dQjr6zJkzuSlNCp9nCpvn2I+MSH/uWEmPKyMjY+nSpUztEXLhwoWlS5dmZGQwTWFyYvPNarXK5XL2Nx9FUdOnTw8LC5MysACAR3wqrbe3l6Ko27dvM83m5ubIyEj2Lez9GGaXvr4+ZvupU6cWLFjAvO7r6wsPD2d3sVqtSqVycHAQ29RoNHq9XsS37u7u4OBgoZNNTU2sk1gjQs+ZOW6SHYfDIZfLuRGx/Vk7g4ODMplMOOkvdMDhcCiVyp6eHqZZU1MTHx+PEBoZGfH19WWOUlZWlpKSwnRQq9VWq5V5TdN0XFwc6yo7VqSeJM/H7CRz3KGhIXaIPDw8RkZGmGZzc/PTTz/NvOaeTe5AuTrIpBFACNnt9ujo6MLCQrVa3d/fL4yLhZec2FThdiOFz7OJzXPSR0bkc8HLfIlxWa3W4uJilUqVmpra1dXFbu/q6kpNTVWpVMXFxcy4YZMTm2/cM5Wfn69Wq9VqNXeIAMBVXLvnz73lKFJj5HI5u729vV2j0TCvHQ6H2Wxm3zp16lRiYiK2OTQ0JJPJhLde9Xr9smXLQkJC1Gq1SqUSftdznSQZEakx2O1ms5kXEbZ/WlpaTExMXl5eSUnJuXPnSA6YzWZPT0+22dXVxVRKxkJpaSlCaNmyZVVVVQihwcFBiqLU/6BSqZjBFN5YxvYkec7FJSdF8oHX5J5NXo1xaZBJI8BQX19PURQzaCJwk1Pcf+ZdkXPE7YzNc5HsIn0ueB8E6XEhhAYHB3U6nUwmY7fIZDKdTsf+DmAQJifC5ZvJZGKdHBoaMplMLS0tE/w/EeAxY0Kfj5k2bdqsWbPYptN/LU+bNo1nQafTvfTSS42NjTRN19bWSjzoQ7jsAsePH6+oqJg3b57dbs/Ly3vvvfdcdYCZvrh161ZrayszFDabzcPDo62tjaZpmqYNBgNN09h9pffEMu6jNF7/QRePq7+/38PDo7+//+EPNIkIx0piXFeuXMnJyWlsbCwqKmI3FhUVNTY2ZmdnX7lyhd2ITU5hvjFThaOjoxRF+fn5hYaGenp6KhSKcQwW+M8hXoLGdh1DceYEqqur2TkBLg6HQ61Ws9MRvCZCSKPR0DTN3eXmzZvc32s0TYtff2CNIIRu377t4eHBnTARt8Obxqmursb250LTtFarxTogMg9js9lUKtWhQ4dee+01tr9SqXQ63UfqSfKch3QnJV7H8M6mlOsYEVexI4AQGhoaCg4OPnHihEqlam9vF3bgHsWl65gxzJWxeS4+EyvsL8x8iXFlZWUplcq8vDyLxcJ7y2Kx5ObmKpXKrKws4Y5scmLzLSQkhL3QQQiVlJSsWLGC5AMAOGXsNcZqtcpkMnYimG0yn6U1a9aYTCaj0RgTE1NYWMhaYCeFGxsb586dy27nNRFCxcXFcXFxBoPBZDIxP9YQQhqNpqysbGhoqKurS6fTOa0xWCMIobi4uMzMzP7+/q6uroSEBKd2dDodNyJh//b29hUrVjBPFfT19WVmZiYnJ5McyMzMTElJ6evrMxqNsbGx3CmR9evX+/r6fvfdd+yWrKys+Ph4o9FoNpv3799fVFQkdFWkJ9Zz9O/nRaQ7KbHG8M6mlBoj4io2LoRQdnZ2amoqQmjPnj1LlixBZFytMaTwueNGynPxGiPsL8x8iXGlp6f39vaKR52eno7IyYlw+cY+H3Pz5s2qqiqVStXc3CxyFAAQZ+w1BiFUWFioUCgqKyu5zYMHDyqVyn379mk0Gn9//w0bNrD3hHl3FAsKClhTvCZCyOFwfPDBB2q1Wi6X63Q65sdaY2PjggUL5HJ5cHBwXl6e09qANYIQ6u7uTkxMVCqVc+bMKS0tdWrHZDItX75cqVRGRUWVlJQI+9vt9sLCwqioKE9PT41Gk56eztytxTpgtVq3bNmiVqu1Wm1hYSH3Xkh1dbVSqWRHDCFks9lyc3O1Wq1CoUhKSmJ+8GJrDLanU89dclJijeGdTYk1BusqKa62tjalUslcFthstvDw8KNHjyICY6gxTsNnXgvzXPxun7A/b6xciksipOREuHxDCJWWloaHh3t6esbGxjY0NDzk0YH/OE8ghMZ38u3atWtz5879+++/xbvNnj376NGjCxcuxDaBR5r/wtmUmOdO+/8Xxgr4LzNpz/l3dnaKNIFHGjib0oGxAh5vJl93eYpz6dKld955R6TD6Ojo66+//ueff0o0CPrt7iOQgPSrDQAAxpdJ1iub+mRkZKSlpYl0mD59uqenZ35+/rfffuvUGui3uxXS37UfLXlsAHiceDSuY8YmaT42lXXuIgUDAwMGg4ER9uCycuXKr776im3m5uYyD805hX0S4tatWxs3bgwMDAwNDf3www+ZJxKmAmNYo+H8+fPz58/39vZetGjR5cuX3eSYFEIJMO+yoT38ogznz5/X6XQPHjyQHnJYWNj4Xk5dvXr11VdfDQgICAoKevvttxlVtM7OzpUrV/r5+QUFBW3evJlVYwOAyeLRqDETydDQUHFxMfOaEeLlSfZ2dnbq9foNGzawW1QqldVqlWKcrTEZGRl2u52m6YaGhubm5t27d49fBA8FN3yJpKWlFRYWmkymFStWbNq0yU2OPTxsaGFhYRaL5WFMTYWQk5OTo6OjOzo6WlpaLBZLdnY2RVFJSUlarbajo0Ov19tstqysrEnxDQD+n3H/p5rIk4kPY3MMghZj80Tkj7YM2dnZu3btGsOBzGazv7+/3W4fGRnRarWsBldraysr8zXpjGHQ1Gq1yWRCCJ0+fXrevHnu8WscGMfMnPSQhc8ja7Vam8126NAh9uFig8HAPGsJAJOI8+sYoci5iEC6S3aY7Vi5fkqaKD0LyQgXoUS8UCGft2aB0Mjw8PCJEydYvWcsJNF1Vr/dy8vrjz/+8Pb2ZrZ3d3eHhIRQBI19kZB5au0i6vEiQv3i4WMXLOCRnZ2dlJT07rvvFhQUkM6U9MUIsOPg0u7YZBAuP8H65nQVA2GSi4QssiPW4VWrVh04cIDpcOnSpRkzZrD9t27dumPHDux4BgYGRkVFffnllxRF3b17t7y8PCEhYcaMGdu3b2dCGx0draqqSkxMxO4OABOG8xqDFTknCaS7aociy/WTlN6F/xoSMcIFKxHPU8jnrVkgNFJRUZGcnBwUFCQSKUl0HSvh1dnZmZ+fX1JSQhE09rHxUoSlBEjq8SJC/eLhY4/Cg5FdqaysrKure+aZZ0jDInExAtI4SN8dmwy85Se4jokMDinJxUMm7Yh1ODk5mb2Zd/r06QcPHtTV1THN+vr6pKQkUgKcPn26oKDAy8vL19f33LlzFRUVrAPff/+9QqFobW39+uuvSacDACYI8cscrHCTRIF0p3aEh2Pl+kWU3k0CSEZ4nggl4rEK+eJzZZGRkTRNizwfjgii6zz9djaWyMjIEydOME3sSgTYeLFq7ST1eHGhfpHwSQsWcGGUFvv7+5csWcIIW3V3d3Olkbm+OV2MgDQOLu3OhU0GRHjaX3xwsEkuHrLIjliHzWazQqFgBjkuLi4vL2/9+vWMHV9fX7vdTkr4bdu2xcbGtra2njlzRqvVVlRUsFGPjIwwEjXl5eXCMQGAicRJjcGKnEsX5BC3w7zGyvVLEaXn4lTzHysRj3VVpMawGuxSQuaJrgv12xFC8fHxrBAWaSUCEkK1dpJ6vEShfmwsWE14Lmw9MJvNarW6uLi4paUlJiZG3Cwii/Zjx0H67oiQDIhQY8awioF4yKQdRRyOiYlpaGjo7+/XarVDQ0MajcbhcFRUVHClKnnY7XaFQmEwGJjmsWPHhMqztbW1sbGxJAsAMDFM/vMxOp0uMzOzvLxcLpczf9QR78/OFbD89ddfTo2wEvEy2f+F7OHhYbfbXXK1tLQ0Ly9PSs8rV67s3r2bK7ounCi7ceOGwWD45ZdfuBuFGvvYeCmKOn78+MWLFxmlyLy8vMWLF+fn57sUjhSERzl8+DDXk8HBwfnz51MUNWvWrMrKSp1O19bWxl2slwT2jLDvOl1rQGR3VzPKJcYcsojDSUlJ9fX1PT09ycnJfn5+MTExjY2NzEQZRUiAwcFBu93+7LPPMltiYmJMJtPo6ChN088//zyzMTIy0mw2j1PcADBWxEsQaa7M1esY0owESa5fROldOHUgUfNfKBHv6nUMRVEqlYr5Eerh4cH8IBV2E4quC/XbmY28LdiVCJzODaJ//lYkoh4vRahfZEy4R+GFIJfLuYswbtmyhaIoo9EoxSxJtF84DtJ3JyUDIlzHuLqKgdOQRT4dpHibm5vj4uJSUlJqa2sRQmVlZdu2bQsODmYW9CMlgFwu7+7uZl6fOnUqPj7eZrPJZDJ2RrGmpgY7fwgAE4nz/y4LRc6l1Bjbv3E4HCSxdKxcPyIrvWPBGrl9+7ZMJuvo6GAmXoQS8dhvLu6aBX19fdzZJ/ZD3tLS4uvry37gu7u7ue4JRdeF+u0MvFsdpJUIhGDV2kVWVZAi1C8MX0QTniU7O3vx4sVGo9FisVRWVqrV6uDgYN5/u0nHIon2C8fBpd1JGcVdfoJrzdVVDMRDFtmR5DDjs0ajYfLBZDL5+voK5xt55OTkJCYm9vT06PX6qKgoRv48OTk5LS3NZDLRND1nzpyysjJxIwDgbpzXGKHIudMaI7xaKi8vJwnaY+X6EVnpHQvJyM6dO9nVB4QS8aTf7OyaBTabjfejFRvyyZMnxR+SEK5cIDSCyCsRCMGqtZPU45E0oX5h+CKa8Cw2m23nzp3h4eFyuTw2Nraqqqqnp0ehUPAKpPTFCLDj4NLupGRA/15+gt3o6ioG4iGL74h1GCG0fv36NWvWsM0FCxYIE0YYfk5Ojkajeeqpp0pKSpiNN2/eTEtL8/f312q1e/bsEbcAABPA+Gv7P2Zs377daDSePXuW1OHevXvR0dG7du3avHkzqc/E6Le7qjYPAADgbqDGOIF3HxXLzz///MILL0yYSySgxgAAMNWAGvP4ADUGAICpBmhiAgAAAO4CrmMAAAAAdwHXMQAAAIC7gBoDAAAAuAuoMQAAAIC7gBoDAAAAuAuoMQAAAIC7gBoDAAAAuAuoMQAAAIC7gBoDAAAAuAuoMQAAAIC7gBoDAAAAuAuoMQAAAIC7gBoDAAAAuAuoMQAAAIC7gBoDAAAAuAuoMQAAAIC7+B/1913c+1oLnAAAAABJRU5ErkJggg==) --- **Mirror:** [Click here to view the mirror](<http://1218943.openbounty.org/mirror/>) ### Coordinated Disclosure Timeline Vulnerability Reported:| 8 July, 2020 16:18 GMT ---|--- Vulnerability Verified:| 8 July, 2020 16:28 GMT Website Operator Notified:| 8 July, 2020 16:28 GMT a. Using the ISO 29147 guidelines| ![](/images/done.png) ---|--- b. Using publicly available security contacts| ![](/images/done.png) c. Using Open Bug Bounty notification framework| ![](/images/done.png) d. Using security contacts provided by the researcher| ![](/images/done.png) Public Report Published [without any technical details]:| 8 July, 2020 16:28 GMT Vulnerability Fixed:| 11 August, 2020 17:46 GMT ---|---