Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:
      a. verified the vulnerability and confirmed its existence;
      b. notified the website operator about its existence.
Affected Website: |
web72.com.br |
Open Bug Bounty Program: |
Create your bounty program now. It’s open and free. |
Vulnerable Application: |
Custom Code |
Vulnerability Type: |
XSS (Cross Site Scripting) / CWE-79 |
CVSSv3 Score: |
6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N] |
Disclosure Standard: |
Coordinated Disclosure based on ISO 29147 guidelines |
Discovered and Reported by: |
xav0 |
Remediation Guide: |
OWASP XSS Prevention Cheat Sheet |
Export Vulnerability Data: |
Bugzilla Vulnerability Data |
JIRA Vulnerability Data [ Configuration ] |
|
Mantis Vulnerability Data |
|
Splunk Vulnerability Data |
|
XML Vulnerability Data [ XSD ] |
|
Vulnerable URL:
![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAAAjCAIAAADNIk3yAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAMJklEQVR4nO2cfUxb1RvH71iBDspk0F4KxfDigv6xYGOQYJxmIWQhhJCqexeRzcXhok1tNl+m0UqWDjdGIjGLMdXMZJn7YyGEmE0TQpbGEJ2TXCoiNl0DtXYVoZalSOmK1z9OvLm/c869vevL6G95Pn/xnHvuOd/nOc+9zz33NmzgeZ4BAAAAgAyQs94CAAAAgPsWqDEAAABApoAaAwAAAGQKqDEAAABApoAaAwAAAGQKqDEAAABApsjeGlNTUzM5OSllAhjZE5/sUQLIMzk5+corr8h0uHPnzv79+//44w8lo8G6A1SytMb89NNP//zzz6OPPko1AYzsiU/2KAES0t3dXV1dLdMhNzc3Ly/v2LFjCYeCdQekSFBj5ubmioqKqIeWlpZOnTolZabIyMhIR0eHlHlXSLkwNze34X+pqalBh/7888/nn3++tLTUYDC8/vrrq6uryU2dXsEyiOPz119/HTx4UKfTGQyGN998886dOxmdWkZJcijUkDDfhHHm5ua2bNmSiqQkUOJF0pdM0ssknnFxcdHlclksFuHo6urq/v37sZEtFsvo6GjCkVNfdyZ9Sw9kFcnvY8LhsN1ulzJTJI01RgaNRhP9j5MnT9bX16P2rq4utVo9NTXldDpdLte7776b9qnTizg+3d3dsViM47ixsbHx8fH33ntvvZQkR1VV1cLCQsJu6c23tKPEi3vvgnjGSCRSUFCQn5+PzNXV1dbW1ng8jp1SUlISiUQSjpyWK/T+WHoAIxvfld26dcvtdu/YsYNqpgu1Wr19+/b8/7h48WJ3dzfDMMvLy9euXRscHCwvL3/ooYf6+vqGh4fTO3V6EcdnZWVlYmLi008/NRgMDz/88MDAwOXLl5UPpVKp6urq0qIkFYQbXyoIvqToVNKkxYt7RjAYbGlp6e/vT+LcNF6h/19BA5SgqMZ89NFHNTU1paWlL7zwwtLSEsMwS0tL1dXVkUhkw4YNX3zxhdgcGBgoKio6c+ZMWVnZli1bXnzxxZWVFTTODz/88NRTTxUVFRkMhueee+6XX36hTjcyMrJz587c3FzMfOaZZ86cOYMaJycn8/PzkRiGYY4cOXL8+HGGYVZXV1966aWioqKqqqr3339/bW0Ndfjwww8xPWVlZVevXhWEzc/Pt7e3MwxTWFi4srJSWFiIDsVisby8PEzh2tra22+/XVZWVlhYuHv37sXFRdS+vLx85MgRnU734IMPfvDBB2tra2j7f/bs2ZqamsLCwr179y4uLh4/flyn05WWlh48eHB5eZkaBFIwGurUqVM6na68vPyzzz4jw7Vp06bffvtNEO/xeCoqKpRH3mAw/Pjjj4L5zTffULtJdRAroc5Ixo10SvzCBP1N5hKWflSpgi8Gg+H7779X6JG4j0IXGNrSiN/UJe0C0vDEE09s2rRJp9Pt3r37999/J/tQc56URM4opqqq6p133kkYHDJKDHHBrvvSA9kFL8vs7CzDMN3d3YFAwOPxNDc39/T0oEMzMzPoXVM8HhebXq+XYZhdu3b5fD6Px7Nt2zabzYZOYVnW4XCEQiGv1zswMOD1eqmTtrW1XbhwgTQdDsfOnTtR48mTJ1Uq1aVLl5BZW1s7NjbG8/yJEyf27dvn9Xqnp6d37Njx8ccfIxeoegSOHj1qNpupYlpbW/v6+rBGu93e0NDgcrn8fr/ZbHY6naj90KFD7e3tPp9vamrqscceGxwcRLN3dnb6/X632719+3atVoviiR79yHmlBKP2rq6uYDD49ddfz8zMUMMlMDMzU1FRcf36danIawmwEfR6fXNz840bN8jBr1+/3tzcrNfrxY1iJdQZybiRTs3Ozmo0GvlQ8ET6yUhV6BHplEIXqEsjeJGiC5988snnn38eDoeDwaDFYjGZTGhMIUQ8LeepkrAZsUGEgGONZAu59FgGZufSA+uFohpz+/ZtZI6Pj9fW1gqHxMmHXVQ+nw+1Dw0NNTQ08DwfCoVUKlU0GiVn8fl81dXV6O9IJKLRaEKhEGkGAoGCggI0QmNjo9VqPXDgAJpx8+bNsViM53mtVhuJRNC5HMc1NjZK6RGIRqPFxcUTExOkMJvN1tLSglJZDMuyZP94PK7RaITCOTIy0tTUhGYPh8Oo8dtvv83Jyfn777+FeG7duhUbR0owahciQw2XgN/vr62tRTVYKvJ+AqxDJBKx2+0lJSV79uxxu92o0e1279mzp6SkxG63C6HGlEjNSMaNdIq80VDXDks/qlQSqW6kU8pdkPcijS54PB50Z8dOJHOeKoknYnu3NYa69FgGZu3SA+tF4hqDFZLi4mKpQ8JFpVarhfbp6WmWZdHf+/btMxqNVqu1v7//2rVrQp94PB4IBNDfQ0NDzc3NwiHMNBqNY2NjwWCwsrIyHA6zLBuPxx0Ox7PPPsvzfCgUYhhGeCovKSlhWVZGD+LSpUv19fWk78PDw7W1tQsLC1h7OBxWqVRk4QkEAnl5eYLpdrv1er1MAElTaKQKpt4UsPgINDU1DQ4OCqZU5JUQCoVMJpNKpUKmSqUymUxC1ZRSQs5IjZv8TU1m7ajRwKQq9EjKKYUuyHuRogsTExMtLS0VFRUon1G2iE+k5rzU4CnWGGqUyAzM5qUH7j339Jv/l19+6XA46uvrY7GY1Wp97bXXUPvGjRvLy8vR3/K/KGtraxsdHf3qq6/a29sfeOABo9HodDpHR0fb2toYholGozk5OTdu3OA4juM4l8vFcVxCVefPnz906BDW+PPPP/f09AwNDZWWllLP2rhx4924nimov+e5deuWy+USwstIRF5HQI5/8+bNV1991el09vb2opbe3l6n03n06NGbN2/KKJFZ63T4TYGUqrwb1alscMFkMj399NNOp5PjuCtXrpCnJJfzyUGNEpmB2RA3IIuQL0HJ7WMY0SZ3eHgYezeF4DiusrISa4zH41qtVnjdhJk8z4+Pjzc2NnZ0dFy5coXn+XPnzpnNZr1eL2yDNBoNdUsupcfv96vV6vn5efEpoVBo69atFy9elAoLy7Icx5Hiqe/KktjHUAWTj29kfIR2qW9dvCjyCd+V9fT0aDQaq9WKbeYWFhYsFotGoxE+zkkpwWYk45bwYVZq7bATpaQq9IjqlEIX5L1IxYX5+XnxgznHceQ+hqflPFUSn/I+hieiJL/ufDYtPbBeJF9jIpGISqUSXoAKpvCxzu/3T01NGY1G9LFuenq6tbV1bGxsYWHB5/MdPny4vb1dGBm9wHU6ndu2bRMaMRPBsizLsqi/3+/fvHmz0WgUjvb09DQ1NU1NTQUCgdOnT/f29krpQfT19aHvqALxeLylpcVsNkdFCAoRdru9sbERfcBED1Co/fDhwx0dHdg3f4U1RhhfSjB5TVLjg42WMPIydHZ2zs7OSh2dnZ3t7OykKpGakYybkhsNde2w9JOXqtAjsVPKXeAV1JikXWBZ9ty5c+Fw2O12m0wmlC23b99WqVQzMzPo7ROZ81RJ2Iw+n0/8MgqTLeDxeKiPQShKZAZm7dID60XyNYbneZvNVlBQcP78ebF59uxZjUbT19fHsmxxcXFXVxf6xB2LxWw2W11dXV5eHsuynZ2dwWAQm+XYsWMnTpwQxsdMxIEDB3bt2iWYDQ0N4j7RaNRisVRWVhYUFLS1tXm9XjT46dOnMT2IRx55ZHh4GHMZ2+oVFxdjcYjH42+88YZWq1Wr1SaTSXiAikQiL7/8slarraystNls5K93pGoM+YBJCiavSWp8yFlkIp8uMCVSM5JxS3ijoeYSAku/9KLcBT5RjUnFBafT2dDQoFar9Xq91WoVlvWtt94STiRznioJmzEajarVauwjOXnW5cuXqV8rEWQG3gdLD6SXBDUmCaSSWwl1dXXfffedlAlgZE98MqQklVzKErLZBbPZTP3BiEA0Gq2urnY4HFIdMpeB2Rw34K5QZfJbz13z66+/ypgARvbEJ3uUAMrp7++X/4FAfn7+hQsXnnzySakOsO5AQrLxf8kAAHAPyM3Nffzxx+X7yBQYAFAC1BgAAAAgU2zgeX69NQAAAAD3J7CPAQAAADIF1BgAAAAgU0CNAQAAADIF1BgAAAAgU0CNAQAAADIF1BgAAAAgU0CNAQAAADIF1BgAAAAgU0CNAQAAADIF1BgAAAAgU/wL5kCuU8n4f4kAAAAASUVORK5CYII=)
Screenshot: ![web72.com.br vulnerability](/twimages/screen-1220682.jpg)
Mirror: Click here to view the mirror
Coordinated Disclosure Timeline
Vulnerability Reported: |
10 July, 2020 14:51 GMT |
Vulnerability Verified: |
10 July, 2020 15:00 GMT |
Website Operator Notified: |
10 July, 2020 15:00 GMT |
a. Using the ISO 29147 guidelines |
![](/images/done.png) |
— |
— |
b. Using publicly available security contacts |
![](/images/done.png) |
c. Using Open Bug Bounty notification framework |
![](/images/done.png) |
d. Using security contacts provided by the researcher |
![](/images/done.png) |
Public Report Published |
|
[without any technical details]: |
10 July, 2020 15:00 GMT |
Vulnerability Fixed: |
14 August, 2020 16:47 GMT |
— |
— |