logo
DATABASE RESOURCES PRICING ABOUT US

biblioteca.univap.br Cross Site Scripting vulnerability OBB-1222215

Description

Following coordinated and responsible vulnerability disclosure guidelines of the **[ISO 29147](<https://www.iso.org/standard/45170.html>)** standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence. Affected Website:| **[biblioteca.univap.br](<https://biblioteca.univap.br>) ** ---|--- Open Bug Bounty Program:| **Create your bounty program now**. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| **[XSS (Cross Site Scripting)](<https://www.owasp.org/index.php/Cross-site_Scripting_\(XSS\)>)** / CWE-79 CVSSv3 Score:| 6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N] Disclosure Standard:| Coordinated Disclosure based on **[ISO 29147](<https://www.iso.org/standard/45170.html>)** guidelines Discovered and Reported by:| **haxmov ** Remediation Guide:| **[OWASP XSS Prevention Cheat Sheet](<https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.md>)** Export Vulnerability Data:| Bugzilla Vulnerability Data JIRA Vulnerability Data [ Configuration ] Mantis Vulnerability Data Splunk Vulnerability Data XML Vulnerability Data [ XSD ] Vulnerable URL: ![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAABzCAIAAADBrEUFAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAgAElEQVR4nO2df0xUV/rwj5TaAS4o4zAioIBW624J2soa6GLr2kZZSsgUFV1KrbWGdik1rrEuxa6lpkWXqrVqienaBLuNbYxLJsQ0rLG7LeuyBJGOSCil1godRxYBRQc6InLfP86793t7z485d5hhBnk+f829c+5znvM8z71n5tx7n2eSLMsIAAAAAHxAkL8VAAAAAO5ZYI4BAAAAfAXMMQAAAICvgDkGAAAA8BUwxwAAAAC+AuYYAAAAwFcE7hyTmJh4/vx51ibgR8bSF+B3ABjXBOgcc+HChZGRkQULFlA3AT8ylr4AvwPAeMfNHNPR0REeHk79qr+/f9euXazNUVJdXZ2dna3ZZCmj3j+aNmq8O5xRIqLwmElWXONdrajSNGHgtr0Xuw4o+Bpev379hRdeiIqKio2N/eMf/3jnzp2x1I3PV1999cgjj4SFhaWlpV24cMG7wkVO0sB37r2PzOXy5cuSJIl8xWnpAYsXLz516pRmk9OFy+Xiq6HZr7Rn4d3hjB63CnuGB8NUu8a7WpHSNGHgtr1nBJqvSfgaZmdn5+Xl2e32tra29PT04uLisdSNT3R0tNVq7evrKy0tTUlJ8a5wEccFvnPveQJxrezq1avt7e1Lly6lblJ54IEHdHWht73fCRCFNb7wrlYaaW79HiA28S8//fRTU1PThx9+GBsb+9BDD+3bt+/EiRP+Vur/GB4eTklJiYyMTElJGRoa8rc6gB8QmmPef//9xMTEadOmPffcc/39/Qih/v7+hIQEp9M5adKko0ePqjf37dsXHh7+7rvvTp8+PTIy8vnnn//pp5+wnLNnzy5ZsiQ8PDw2NnblypXffPMNtbvq6urly5fff//91M0///nPGsnk32GyjRp1+4GBgZdeeikqKmrmzJlvvfXW3bt3ydEhhG7fvv3iiy+Gh4fHx8e/+eabuBlC6O7du6+//vr06dPDwsJWr17d29uLh5mWlhYSEhIVFbV69eorV66wesebkZGR6q/27t2bmJgYGRn57LPPYmurD1mzZs0777yjHJ6Wlnb06FFqj/goqiM0sEy6a9euqKioGTNmfPTRR6Qv1FqRnmX1zho+6UR1Xyz5pN3CwsLWrFnT29v72muvRUVFTZs27YUXXhgYGBA3CMvXJNR4Zh3O8ZHGztSgQrTTECEUEhLy448/hoWF4c2LFy/GxMQghK5cubJixYqwsLA5c+a89957VCOrY4+qNqneBx98sGLFCkXC9u3bn3/+eZZ9EEKFhYWZmZmvvPJKSUnJsWPHRAxIPSVJTciTlAMZ4boGInjhAqi4n2OcTqfNZqurq2toaHA4HMXFxQihKVOmtLW1SZLkcrny8/PVm88884zT6WxoaGhsbGxsbGxqaiovL8eisrKy1q9f39nZeebMmfT0dIPBQO2RejNGUabxf6glaxR220Zh06ZNDoejqamppqamurq6oqKCHB1CaOfOnYODg83NzTU1NbW1tYcPH8aHl5eXnz59+vTp0+3t7TExMa2trQihpqamgoKCrq6ulpaWuLi4oqIit0ZWK9/c3Iyt3dnZWVJSommQm5trtVrx56tXr9psNovFwuqR5QgRczmdzra2tpaWlsrKyvT0dLyTdYOE6lmR3jmo+3IbOThKz5w5Y7PZHA7H/Pnze3p6mpub6+vrL1++rJhRRCWWrwVHzTqc4yONnalBRT0NNXz77bdbt27ds2cPQqioqCgiIqKtre3UqVOVlZVurc1SW6OexWKpra29deuW4qOcnJwoAkWsJEmXLl2qrKysqal5+OGHRQxIPSVJTciTlAU1wnUNRPDCBdDhL6VdvnwZIXTz5k28WVdXN3v2bOUr6v0YfEhnZyfeX1VVhddh+/r6goODqWvonZ2dCQkJ+LPT6ZQkqa+vj9xkSVZrItgGfx4eHsbnAN5fXV2dmppKHZ3JZHI6nfizzWZbvHgx/mw2m5uamjgGvHjxYnR0tMakGrtNnTpVrbxi7TNnzmBrqw8ZHByMiIjAA6yoqMjOzmb1yDKFRhmWuRBCihcwGtcoWlE9K+II9fA1+9V9seRrnH7jxg3FbkFBQYODg3izrq7uwQcfFFeJ5WsNrHgWOVzjI42dyaDinIYKdrt99uzZn332mSzLw8PDBoNBPVKqkdWxR1Wbql5qauqJEycUaS6Xy06AWx45ciQ5Obmrq2vp0qUZGRl44GazmWNA1ilJ1UTwfgzrLBAcCOfCBYgQ7HYSkiRJ+X8dExPT19fn9hCDwTBz5kz8ef78+Z2dnQihyMjIVatWpaamLlu2LCYmJiUl5YknnlDE1tXV4c+nTp1avHix8hdes0mVLNI7le7u7qGhocTERKUxjkgN169f7+npSUhIwJsjIyPBwcEIof7+/r6+vuTkZE37r7/+etu2ba2trUNDQyMjIyMjIywFSNTWjouLI60dEhKSmZlptVpfffXVqqqq9evXc3ocjbkkSVLMjtH4QoHlWXFHkKj74kSOgiRJU6ZMwZ/j4uIiIiJCQkLwZkxMTE9Pj6BBWL5GCKl/nl+7do2qFedwlo80dmYFldvTcNWqVZs3b16zZg1CqLu7GyGkHiniwlGbDAOLxXLy5MmVK1eePHkyMzPzgQceiI2NpYotKSmpqamZPn36sWPHkpOTd+3ahW2Fv6UakHNKkpoIwnK64EBEwg/g4H6O8SKffvrpuXPnWlpaHA7Hli1bHnvssYMHDyKE7rvvvhkzZuA2nIUyf+FyuYKCghobG5UTLyjo/9YY77vvPk17i8WycePGw4cPGwwGu92ekZHhXX1yc3MPHTqUn5/f0NBQVVU1Bj1iOL4gPbt161Yv9uV1+Sw4vrbZbJrGpFYlJSWsw3X5iAwqPlevXm1ubv7Pf/6j6ygFfoRryMnJwWt6J0+exD9x1LMv5tq1a9euXevr63vkkUcQQjNmzKisrLRYLI2Njcq6K2IY0LMheIDgQKh64gsXIAT/bw5/YUdkrcxqtVKfWbTZbHFxcZqdw8PDJpNJ+aes2WRJ5qyVsdroXSuTJIm6JmY2m202m3pPd3d3cHCwepiKxTA3b94MCgpSL4hxTEpd4nC5XEajcf/+/Tk5OZweRRwhYi6MxhfUNooCcXFxLMms4aulkX1R5ZMO1diNNKPIYFm+5qPEM/Vwjo9IG5JBxR+gLMvDw8Nqc2nWyqxWK27PiT2q2iwXJyUlnT59eurUqVgUdYkJ69De3q4cVVBQgBBqaWkhBcr/MyBnrYzUxIO1Ms1ZIDIQqp78TgE1ns8xTqczODhYiSFlEzt11apVdru9paVl4cKFpaWlsiy3trZmZGT84x//6Onp6ezs3LhxY1ZWliIZL3fW1tYmJSUpOzWbLMnkHEO2uXnzZnBwcFtb2/DwsLr9xo0bs7OzOzs7W1paHn300QMHDlBH9/LLL6empuIfMuXl5Tt37sT7y8rKFi9e3NzcbLfbi4qKamtrZVk2m80VFRU3btxob2+3WCyKxZQl3cWLF2/cuLGrq6u9vT09PV3vHCPLcl5eXkRExPHjx/EmtUeWKeSfv07k1qRUX6jbUD3L6Z06fHWPmr5Y8j2bY/ixwfG1BlY8sw5n+Yi8SpJB5XaOkYm3hSwWi3qkSntW7FHVZl3Ed+zYkZycrD5/qRQWFj722GMtLS09PT2VlZUmkyk6OvqNN97gG5B6SlI10ZykVDhxKDgQ/oULcIvnc4wsy6WlpaGhoZWVlerNvXv3SpK0e/dus9k8derUdevW4buvQ0NDpaWl8+bNmzx5stlszs/P7+rq0vSydevWkpISRb5mEzcrLy/XSCYvN2QbWZaLi4uxtur2TqezoKDAZDLFxcWVlpbiqww5OpfLtXnz5ri4uNDQ0MzMTPU/rW3btplMJoPBYLFYenp6ZFmura1NSUkxGAzR0dFbtmwhryYXL15ctmyZJEm//OUvDxw44MEcY7VaJUlShsbpkXSEiLnIHjW+ULehepbVO2v46h41fXHk8+1GNSNVJSU2OL7WwIpn1uFuo0KBDCq3cwy5x263L1++PDQ0dPbs2Xv27FG+ZcUeVW3OX1WEkHLis3C5XMXFxQkJCQaD4dFHH/3kk08uXboUGhqKf4qxDEg9JVmaaC5BJJwLguBAOBcuQAQ3c4wHiPyBZTFv3rz6+nrWJqCL0TiChPQFX74Xw8BbeNcg4wjq/57R4HQ6DQaD5imv8cg9M5BAZkzv+bvl22+/5WwCfmQsfQF+D3BOnTqVnp7u2VNeAcU9M5BAJrDmGGC8cOfOnbq6uri4OH8rAow1/f39hw4dWrt2rb8V+RnkI2GYS5cucbL6BuBA7j1gjgE8oaCgoLq6+siRI/5WBBhrzGZzVlbWunXr/K3IzyCfLMdwki4H5kDuQfy1SPfll18uXLgwNDQ0NTW1ubnZKzK9vu7sI7G+GLsgLpdr7dq16tsSPT09+fn5JpMpJiamuLh4aGhIXM/NmzcbDAb1YxSaex43btwoKyvz7hBwp/jREk4zt7eLRHxKmsun8M3FMrJXhHMIwDDwRVyxEIwB9dh9cRUav/htjvFF0u/xMsf4NOE5B5fLtXTp0lWrVqlPmMzMTCUzfGpqqvJoqVs9e3p6goKCbDYbfvIHPzvLemvKW6g75af3GP0cQzWXT3FrLqqRvSWcRQCGwZg9viEeAzDHsPBbbv+JnPTbX2Pv6up66qmncM5EzMDAQE1NTUVFBc4Mv2fPnuPHjwvq6XQ6Q0NDFyxYgF9KH5tM++pOfd0jaS6/45dyBgEYBmOGeAwEBwfPmzdP/QH4/7idhYaHh4uLi81mc2ho6KpVq/ArIJxn2MvKyvDLVkeOHJFl2eVybdiwQZKkWbNm7dixQ3kBBb/9VFhYmJycTL76Ky4fvwcgSdK8efPKysrUz/uT/VIlUNElVpblhoaG9PR0SZJiYmJycnJaW1tZpuOPndSQ/woL68F/DuJvlnD0VDKAIYRYiyQ3btxQtxm9U9SdatbKSMnkT12WT8XNxUHvabJnz56EhISpU6fm5eXhbJ4ac7EiQZHAf/NJ/rk3SV+QurEcEWhhoBF46NCh5cuXK9+WlJTk5OSwTg3W+ctnwj717hXczzFlZWUpKSn4reNNmzbh96c2bNiQlZVFvouLEFq3bl1XV1dNTU1bW5ssyyUlJWvXrr106VJra+vSpUsPHTqExZaXl0uSFBoa6nA4yE7F5eP3mTs7Oy9evJiUlKScVNR+qRJMBHrFyrJsNpuPHDnS19d36dKlffv24VfYqKbjj53UUHlRWVFGeRWfup81InUXgnMM30dKZnX1BV0jUN1Gl1NYKAIvXbqk7oiUTF4XWD7lo5HDsq0Hp4nD4cAv2xcWFlJNSkaCYmRWSHC8qfEFqRvLEYEcBsPDw3a73WAwKAlykpKS/vKXv7BODdb5y4eMJf4pBqhxP8eQmcZ15d+m5gznJ/0Wl8/KYc7ql6ohmaRIr1hW9m9q5n/+2EkNL3PT71OTlvPTLgnOMXw9WXL4C/HiTmHB6oiUrGnA8algjxiWbfWeJmQFB5kwKRkJ6jlGvG4CKZyqG9URAR4GGE2W/vb2dtapIVi4gd+dLJbZDMC4eXaZmmlcPP82K2c4P+m3uHxWDnNducrJhN5Xr17VJZaa/ZuVpJ0/dqqGrOTkrP2sXOu6cKunXnQ5xVuSFfSmu2dBta0Hpwm/goPSjGWW0dRN4OhG9jguwkCTpX/y5MlU+4jEiSBeOcUmCEIm1ptpXIGaM1wk6fco0ZWrnHx7q7m5Wa9YMvv322+/jQjTjcHYqSPCKcrF8YWeupwyesk+epiCY1uPT5OAZbyEAZml39ddj/4Umzi4mWOmTJliNBrPnz+/YMECZafZbJ48efIPP/yAfwe1tbUpPw00zJgxIzQ0VAlTzN27d4ODg7/77ru5c+cihJ5++ukNGzZ8+OGHLS0teuWbzWaE0I8//oh/s+D/yKx+WZBvb3kmdtGiRYsWLUIIZWZmZmVlHTx4kDSd0Wjkj52Ky+VSKzNr1iz+ftb7aCQmk2lwcLC/vx8X+LLb7XjsnunJR5dTRi+5o6ND3YblU71QbTvK08QDqK43Go2Dg4O3bt3Cf5LsdjvrcEHdxksYzJ0712w2f/HFF/X19cePH+/r66Pax4tdi59igNA9fzJ9vXj+bWrOcH7Sb13yWTnMdeUqJ9EllpX9m2o6/thJDZUbvGT6fep+t2i6yMjIyM/PV+4/K5q49RF1IV6TJ1+kRIKuh3ZYK/6kZI0mMtunuszFwuPT5DKjXgY1EjT3/AXrJpDCqbpRRxqYYUBm9Vdn6efYR7BwgwZ4rmw0CD27TKavF8+/Tc0Zzk/6rUu++oFUdQ5zXbnKSXSJZWX/ppqOP3bWlYX1oCo1Uz0fTRfd3d15eXlGo1Hznr9bH7GeHVDnyZcFSiR4ZY6hStZowvKpLnOx8Pg0ucyol8GfY1jP5rJS92uEU3Vjnb8BGAYykdVfnaWfc2oIFm7QAHPMaJgky7Lf/kMBAnR0dCQlJd26dUtwPwBMQAYGBkwmk8PhiIyMhFMjoPDbe/4AAADeArL0Bywwx3iNxMTE8+fP+1uLQESvZaIY+OKX6Zj1df78+d///veaneMiZhITE8+dO/e73/3uv//971j2K+4anKU/NzfX1x0BHgC5/b3DhQsXRkZG1I8VARgPLONBnnaPGbO+1q9frylVMi5iBiu5aNGiyZMnb9269a9//euYdS3umlFm6R/LeJuIeOvGjtvbYnpTZI8v3n777aKiIr7yY5woPkDAlvGWNI+Tunt8oMcBqe4RJyfWZIIQiRm/o7ivqakpOjrabfsALAQgiO8cMTFPfIUxWiu7fft2RkbG8PDw2HQ39lRXV2dnZ3Ma3PMWYOHWMrrAF6CxPNBj1D3i5MSanMTetYyPUJQ0Go1Op9Nt+7Vr15aWltrt9oyMjA0bNmi+7e3tPXDgQH19fX5+fnx8vDqlpsLYe8qnTNgTX2GM5pgATJPuRa5evdre3r506VJOm3vbAixELDMxGReW8UDJiVwIgMrEPPHVuJ9j/v73v4s3eP/99xMTE6dNm/bcc8/19/cr++Pj47dv3y4umSrn7NmzaWlpISEhUVFRq1evvnLlCkLohx9+CAsL+/rrrxFCvb29kZGR//znPzs6OsLDw/fu3ZuYmBgWFrZmzZre3t7XXnstKipq2rRpL7zwwsDAAJY5MDDw0ksvRUVFzZw586233rp79+6aNWveeecdRZO0tLSjR4/yNa+url6+fPn999/PUZ5qAb4R1A3ER0S1Ej58165dUVFRM2bM+OijjxBCV65cWbFiRVhY2Jw5c9577z38TA5uqfTe0dGhflbn9u3bL774Ynh4eHx8/Jtvvnn37l3WTtIypKk144qMjHz22WfV7l6yZEl4eHhsbOzKlSu/+eab/v7+hIQEp9M5adIk7BTBwZIHUqFK00AdrAc9isTM2AQ8QogV8xol1bDitrCwMDMz85VXXikpKTl27Jj6q97eXrVNNJGGIe0maHCqMpyh8X3twVnAgnXiTxzczzHr169/8sknz507R3519uzZJ598UkkQ5HQ6bTZbXV1dQ0ODw+EoLi72TDJLTlNTU0FBQVdXV0tLS1xcXFFREUIoMTGxpKRk8+bNCKEdO3ZkZmb+5je/UYScOXPGZrM5HI758+f39PQ0NzfX19dfvny5pKQEy9y0aZPD4Whqaqqpqamurq6oqMjNzbVarfjbq1ev2mw2i8XCGjJGvejhLSOwzOt2RFQr4cPb2tpaWloqKytxcqeioqKIiIi2trZTp05VVlby9cTs3LlzcHCwubm5pqamtrb28OHDrJ2kZUhTK4o1Nzdji3V2dioDycrKWr9+fWdn55kzZ9LT0w0Gw5QpU5Sk7vn5+eKDJQ8kHyLiSHNrAZEeNYjEzNgEPEKIFfOc1TxW3OJ0zpWVlTU1NQ8//LD6q2nTpvFtghAi7SZocKo0ztBEfM2CE/DiUCPw3sTtHRun01lWVmY0GnNzc5XkDe3t7bm5uUajsaysDOfK1mQsr6urUzKWK2juqlEli8iRZfnixYvKHcihoaH58+eXlpaaTCb8gj0Wgks/ybJ85syZoKAg5V3furq6Bx98UGZkOB8cHIyIiMCJwSsqKrKzs1lDVkYhSRLOSe5WefK+oi7zuh0Ry0riZRH4b6FTU6Oz8qWrLaM30T2rXALnxixnsOSBbnOzq6V5lpeeU0NBV8xo9JG9HfCyLFNjXq0kdQhk3AZgIQDW6UzaVrDmBUslPhO5OoDoc2V9fX0WiyU4OBhvBgcHWywWJaZld16htqFK5shpamp66qmnYmJiTCaT0WhUyz99+jRCCOeDcquMsulwOCZPnqzsb29vx6fx2rVrsainnnrqk08+YQ0ZU1VVtWzZMkEjsC6RozSvWyuR/TocDoPBoGy2tra6nWNwCnqlKJPRaDSbzdSdpGVYpuZ0t3bt2oULF27ZsmXPnj1ffvkl1Q6Cg+VYXo1baazBuu1R00AwZsYs4GVazKuVZI1RE7dKER2Hw2EymcrKyurr6xcuXMi3CWeO0WVwFtTTmbSt4BzDCXgOAf70oE8Ruuf//fff4zR/O3fuxHt27txZW1tbWFj4/fffj+ZfFCmZg8Viefzxx2tra2022+eff67+qqurKygoqKurazTKKOD/19evX29oaFDWClhDHv3TQd41L8dKo0RJjW6z2Ww2W3Nzs81mo+7E7UdpmU8//RT/Lh4aGtqyZcurr75KtvF4sNSVCrfSOIPVhaBlxizgES3m3SqpiVuyEMCOHTvKy8u9UghgNAanns4eR463YgDWyv6Pl19+WZKkLVu2KOXoMT09PZs3b5Yk6eWXX5Y9+h9DlcyS093drfxckmXZZrOpa5VHR0d/9tlnRqOxtbXVrTLKJmvpwOVyGY3G/fv35+TkcIaMJZhMJkWCB/9jvGJet1Yi+9WslVmtVtzy5s2bQUFB6sUrdUeSJJGVPak7NZbhrJW5DRs8kLi4OE178cGSO8mVCkFp1MHq+h8jGDNjGfAyEfMaJckuyLjFEaXOhVxQUIAQamlp4duEv1YmbnAW5OlMta1apgdnAR9YK+ORn59/+fJl1reXL1/Oz8+XPZpjqJI5csxmc0VFxY0bN9rb2y0Wi7K/sLAwNzdXluW333576dKlbpVRb1Kzr8uynJeXFxERcfz4cc6QZVmura1NSkoSUZ7agGUEsi/xEVGtRD0nWbnuOfnhqanRqTs1lpF1JrpnlUvQJHUXHyyZDZ6EKk2Tpl48L726x87OTmVlUjxmxjLg5Z/HPOm+ixcvqmVS4zYwCwHItNOZtK1GDb1nAZ+JvFbmq/f8xe/HiMupra1NSUkxGAzR0dFbtmzB+xsbGyVJwr/HXS5XQkLCxx9/LH7KUbOvy7JstVolSXKbLX/r1q0lJSXiRvA41MRHRLUStV+c6z40NHT27NnqXPec/PCsSg3kTo1lZJ2J7lnlEuSfJ3UXH6xMZIMnoUqTf56mXldeeqVHl8ul/MYXj5mxDHj55zFPuu/EiRPJycks02ECthAAeTpTbatWQ+9ZwAfmGMBD5s2bV19f728tvABrkcpj7hnLeItNmzbhW+jjwjIaJfFkduTIET+qBIxToH4MgBBCHR0dCxcuvH79ur8VuWe5c+eOzWb71a9+5W9FPOTf//73r3/9a39rAYw/YI4BEII5BhjnsJ7LunTp0hikT/Zv7wEO5PYHAGDc49/8/FAdgAP8jwEAAAB8hZt3MJXccNQEdnoJHCFqvvrqq0ceeSQsLCwtLe3ChQuCR/X39+/atYvTQFDP3t7e5557LioqKjY29vXXX79z5464Yn/4wx9CQkL27dundKTp1K2S9zx8C4wmvEdjW/CsLwCbBChunwrAOaO88uxd4AhREx0dbbVa+/r6SktLU1JSvKWGoJ6ZmZl5eXl2u72trS01NVX9MgFfMVz2ymazDQ8PK3m9+K+zTUDcWsDj8B6NbcGzvgBsEpi4zyVzz9d44Fe88CkDAwM1NTUVFRWxsbEPPfTQnj17jh8/LqiYuhTHPe8j3+EX04FngQkEfwrS5HvYv39/QkKC0WjMz89XMjY2NDSkpqYaDAaTyYTfG3crTZbllpYWo9GovJzFejWsoaEhPT1dkqSYmJicnJzW1laOJqw30fD+PXv2JCQkTJ06NS8vT51ucseOHcnJyYWFhcnJyeq8FxiXy7VhwwZJkmbNmrVjxw6s2I0bNxQD4je2SCOM8oVTvmLqAoJ79+6lvtemUZI6ENy+rKwMv5J95MgRvq1Yw8TtQ0NDc3Nze3p6tm7ditMFrl+/XslQS1WAxfDwcHFxsdlsDg0NXbVqlZKwhIwTjsIaC7AGq9hh9+7dZrN56tSp69atw+/rsRxEBgDnDVN1j77wLMu21N7VL97u27fPbSJUQcmHDh1avny5IqGkpGTdunW6nCtuQOoFh7QJECDoqIOpq8oFn/7+/pycnN27dy9ZsgTvYRUXIYuIcDThK08tUoK4FS8Qo1aEeCETNXqz4HEUU5fieOaZZ6iHa5QUr8PBsRV1mIKVS1gKUM1SXl5++vTp06dPt7e3x8TEtLa24sbUOGEpTLqJU3TE6XQ2/o+mpqby8nKOa0jJnOo4ZI/e9SzHtqMvGiQo2WKx1NbW3rp1C39bXV2dk5PDCniqc8UNSA1CtwV7AL/Bn4LUP/SQzioXHGmZmZmFhYXKflaqPmoREY4mnP8xiFakRBaoeMGqFcH5m0KWo8CQWfA4vx/FS3Gw8nNoNgXrcHBsxRomEitsw7IkNTmgkiVeDTVO+AprjEMOVh3e6mo6+DYJx0Hqr/jVcTRlTrzuWZZtyd49KBokXr4lNTX1xIkTijSXy8VK+0g6V5cB1agvOHA/JjDR8X6MJEnKky0xMTG4jgJC6Ouvv962bVtra+vQ0NDIyMjIyAhfzvbt22tqao4cOfvQLeoAAAmRSURBVKLs6e7uHhoaSkxMxJvz58/HsRUZGblq1arU1NRly5bFxMSkpKQ88cQTHE0ElY+Li1MOKSkpqampmT59+rFjx5KTk3ft2oX7wt9ev369p6cnISEBb46MjAQH0y0mYoTY2FjNno6ODpbCfMX0whmIJEnqOrKIbSvEGKYkSVOmTFHaR0REhISE4M2YmBi8+MNRgDRLf39/X19fcnKyZj8rTjgKayAHq2AwGGbOnKlI7uzsZAkhYSlG7dG7nkV6nNvd3Y0QUg/TW5IRQhaL5eTJkytXrjx58mRmZuYDDzxAehYxnKvLgHovOIB/8cI7mBaLZePGjYcPHzYYDHa7PSMjg9N4cHCwqqrqs88+KyoqysnJUa5NLD799NNz587hFKdbtmx57LHHtm7dOnqdMWTFC4vF0tjYqKxpKLUilFMrKIi+uihiBHJxrLGx0TPF9CI+ED66fC2oAGmWixcvIoTuu+8+DzQMcLzuWeQ9545Sck5ODh7FyZMncYFw0rPXrl3DH0bjXI+DEPALo51jrl275nA4/vSnP+FN9R1LKkFBQVVVVb/4xS8+/vjjN9544+DBgwghs9k8efLkH374Af+QaWtrU346IYQWLVq0aNEihFBmZmZWVhZnjjEajYODg7du3cK/au12O18Zo9EYHBz83XffzZ07FyH09NNPb9iw4cMPP2xpacENZsyYERoaqlwURmkE8mXgqVOnDg4O9vf347nWbrebzWYRxfQiOBA+en0tqABplilTphiNxvPnzy9YsEC9nx8no8Tlcv3444/4N357e/usWbOQcESJK+Z1zyI9zsXRpR6mohV1mLrCZu7cuWaz+Ysvvqivr8ePR1Lffqc6V9yAowlCwD/wl9KoS8OyWJULjjRZltva2gwGQ3NzM96klrWgFhHhP4tFrfrAOcRtxQtWrQi3hUw05ShYZGRk5OfnOxwOrLDStXgpDvXoOKU4BOtw8M1LDlM8q7yuqhtlZWWLFy9ubm622+242CLeT8YJXwG1BTiDxSsz6mo6paWluA2rjogmAESq42C87lmWbam96y0apKt8C35eDlf64UB1rrgBWRcckRJBwNjjhTlGvIaHZuemTZsef/xx/Jn65CK1iAj/mkKt+sB/NJNf8YJTK8JtIRNNVQwq3d3deXl5RqMxJiamuLh4aGhIUDGWa1ilOATrcPDNSw5TfI7RVXVjeHh427ZtJpPJYDBYLBa3zy6zFFBbgD/HSJJUXl6ueXZZ5tYRUQeASHUcxQ7e9SzLttTe9RYN0lW+Bf9xcfvoMNW54gZklflRbKJ+5hvwO77KV9bR0ZGUlKQ8ywgAQKDh9WTbAwMDJpPJ4XCwHqwYG+DiE1B4594gFS+ulQMAEPicOnUqPT3dvxMMBi4+gYOv5hhJkqxWq4+EAwAQaPT39x86dCg3N9ffisDFJ7Dw1Rwzbdq0OXPm+Ei4ZzzzzDPbt2/3txYAcG+i3MrytyKBePGZyPhwrQzDyZre0dEh/rd6lCn9//Wvf7W2tu7YsUPZI5hf/ejRo6wM8B7nEr8HkpB7vcICMPbEx8d78WbM7du3//a3v0EST0CDz+cYbxEfHz+aZ+G7u7uPHTumPgHWrl1bWlqK3+HasGGDpn1vb++BAwfq6+vz8/NZXd+4caOsrMwDZTw+EAAAYHwxbuYYNLo07CtXrsQvciqI51cfZdcAAAATFvdzzO3bt1988cXw8PD4+Pg333zz7t27a9aseeedd5QGaWlpR48eRQidPXs2LS0tJCQkKipq9erVV65cIaVduXJlxYoV4eHhDz300LFjx5T9AwMDL730UlRU1MyZM9966627d+9qDlQWZ1gtz549u2TJkvDw8NjY2JUrV37zzTcs/fH+wsLCzMzMV155paSkRK0JQqi3tzchIcHpdE6aNEm9Vqamv79f3YbVET52165dUVFRM2bM+OijjzQHfvDBBytWrFDEbt++feXKleHh4e++++706dMjIyOff/75n376iT8WQcepXRAWFjZnzpz33nsPL1dqxqhexhRxK8v4AABMcNzPMWRy79zcXOWxjatXr9psNovFgsTy2+PU4q2trZ9//rn6ys7K7E2iqwoAVX+8XzC/OitPuMf51TUHkknRf/vb3zqdzoaGBjLPvK70+KzGerO7i7iVZXwAACY6bt/SJJN7Dw4ORkRE4AzhFRUV2dnZ5FFKzm1NCnRqanFWZm81WI6uKgAs/WU9+dVlbrIDD/KrkwdqkqLjLFJknnlWFzIjPT61sQfZ3dVQ3coxPgAAExw3OTGpyb1DQkIyMzOtVuurr75aVVWFc6wigZzbrNTinMzepARdVQBYycn9mF+dRJMUffLkydQ887rS47Ma683ujgTcyjI+AACAmzmGldw7Nzf30KFD+fn5DQ0NVVVV+Cv/5twmqwAcPHiQqn+g5Vcnk6Lr7YJMot7c3OytfO8ibqUa37PuAAC4p3D7T0eSJLIiocvlMhqN+/fvz8nJwXu6u7uDg4OVBjabjVyE0SzUWK1Wb62VabDZbHFxcSz9sRrq/KwFBQUIIXVldQ/WyqiGEskNKstyUlLS6dOncbZmTU1Gq9WqrJVRu5AZa2XUxiwX3Lx5MygoSF1NEu8XcasGtfEBAJjguJ9jWCnZ8/LyIiIijh8/rrSk5tzW5CRnpRanZvZWo1zUxKsAcPQXz6+u/uyt/OpkEnJ1UnROnnld6fFZjfVmd3frVo7xAQCY4LifY1gp2a1WqyRJSgp0mZ1zW52THKcWlyRp3rx56tTi1MzeapSLtXgVAI7+4vnVNZ+9kl9dc6D886To+JDdu3eTeeZ1pcdnNdab3d2tWznGBwBgguOr3P5e597O161Oij6WI/V6dncAAAA14+k9/3uYwEmKDgAA4EXGxxxz586durq6uLg4fyviEwInKToAAIB3GR9zTEFBQVFR0b2aRzJwkqIDAAB4l3FzPwYAAAAYd4yP/zEAAADAeATmGAAAAMBXwBwDAAAA+AqYYwAAAABfAXMMAAAA4CtgjgEAAAB8BcwxAAAAgK+AOQYAAADwFTDHAAAAAL4C5hgAAADAV8AcAwAAAPgKmGMAAAAAXwFzDAAAAOArYI4BAAAAfAXMMQAAAICvgDkGAAAA8BUwxwAAAAC+AuYYAAAAwFfAHAMAAAD4CphjAAAAAF8BcwwAAADgK2COAQAAAHwFzDEAAACAr4A5BgAAAPAVMMcAAAAAvgLmGAAAAMBXwBwDAAAA+AqYYwAAAABfAXMMAAAA4Cv+H2N+XcbNM0lNAAAAAElFTkSuQmCC) --- **Mirror:** [Click here to view the mirror](<http://1222215.openbounty.org/mirror/>) ### Coordinated Disclosure Timeline Vulnerability Reported:| 11 July, 2020 23:22 GMT ---|--- Vulnerability Verified:| 13 July, 2020 09:16 GMT Website Operator Notified:| 13 July, 2020 09:16 GMT a. Using the ISO 29147 guidelines| ![](/images/done.png) ---|--- b. Using publicly available security contacts| ![](/images/done.png) c. Using Open Bug Bounty notification framework| ![](/images/done.png) d. Using security contacts provided by the researcher| ![](/images/done.png) Public Report Published [without any technical details]:| 13 July, 2020 09:16 GMT Vulnerability Fixed:| 14 July, 2020 02:21 GMT ---|---