Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:
      a. verified the vulnerability and confirmed its existence;
      b. notified the website operator about its existence.
Affected Website: |
sgpsistema.com |
Open Bug Bounty Program: |
Create your bounty program now. It’s open and free. |
Vulnerable Application: |
Custom Code |
Vulnerability Type: |
XSS (Cross Site Scripting) / CWE-79 |
CVSSv3 Score: |
6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N] |
Disclosure Standard: |
Coordinated Disclosure based on ISO 29147 guidelines |
Discovered and Reported by: |
haxmov |
Remediation Guide: |
OWASP XSS Prevention Cheat Sheet |
Export Vulnerability Data: |
Bugzilla Vulnerability Data |
JIRA Vulnerability Data [ Configuration ] |
|
Mantis Vulnerability Data |
|
Splunk Vulnerability Data |
|
XML Vulnerability Data [ XSD ] |
|
Vulnerable URL:
![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAAA3CAIAAABVZQ1/AAAACXBIWXMAAA7EAAAOxAGVKw4bAAAURUlEQVR4nO2df1DUxf/H3+GJJxwgcJwglICFTjV6GpGaNqSMMsQwpymiUWIyisQQMVhCZkRGjqJN1DBOow6SY07jMAzjONSQFRGhIp14Ed4Q4onHFT8EOxHw8P39Y7+f97x7v3f33nfceXC8Hn/d7nvfu68fe+y997jnPsayLAMAAAAATsDD1QYAAAAAbgusMQAAAICzgDUGAAAAcBawxgAAAADOAtYYAAAAwFnAGgMAAAA4i4m7xkRERFy9epVUBCYRkDsAmLJM0DXm2rVrDx8+XLRoEbYITCIgdwAwlbGyxty8edPHxwd7aXBw8NNPPyUVx0l1dXVSUhKpOKmhhJTDscF0LSh3UrwWcPPmTX9/f4fbY4cld+7c2bZtW1BQUGho6HvvvffgwQOHWyUFOyyfyLzzzjszZ848efIk55d0B3/++efFixd7e3svW7bs2rVr/EukTqxOJ74Ztk48q5aPjIxs3rzZndInHfufYwYGBoqLi0nFceLGa8zcuXN7e3vpbRwbTNeCcifF6wlLWlra6OioVqu9cOFCQ0PDvn37XG3RpKevr6+0tLSxsTE1NdWOuZGSklJYWNjV1RUfH//mm2/yL03AmTYyMhIfH2+xWFxtiGuYiHtl3d3der0+NjYWW3QDZsyY4WoTHhH83E1Sr+/fv9/c3PzVV1+FhobOnz//yJEjZ8+edbVRkx6z2ezl5bVo0aJp06Yxts8Ni8USHR3t7+8fHR09OjoquGrfTJPJZFFRUfwXjsJkMsXFxZWUlDiwz0mEpDXm888/j4iICAwMfP311wcHBxmGGRwcDA8PN5vNjz322MmTJ/nFI0eO+Pj4HDp0aPbs2f7+/lu3br1//z7q5/LlyytXrvTx8QkNDX311Vf//PNP7HDV1dVr1qyZPn26oLhu3bpDhw6hyqtXr86YMQMZwzDMzp07d+/eTW/w1FNP0W8XmIG1tru7+5VXXvHx8YmIiDh8+DB6pkZPyhJdFjxWixsIYsswzMjIyPbt2318fObOnfvhhx+OjY1xgx4+fDgiIsLb23vTpk19fX27d+8OCgoKDAzctm3bvXv3uCGWLVs2c+bMoKCgjRs33r59W+Dp2NhYfn7+7Nmzvb29N27c2NfXh+rv3bu3c+fOoKCgxx9//KOPPhobG5M+qCB3gv0Q1IO/v/9rr73GZYFhmNu3b69du9bHx2f+/PmnT5/m6sURuHHjhre39++//84wTF9fn7+//48//sgfmpIUBjelSe1nzpx569Ytb29vdGN7e/ucOXPoGcdGGztzSMmlILacnqxPP/00KCgoJCTk+PHj2Plmqxkk37HDia1C+eLPcNJGE8WkzMzMhISEt956q6CggD9PmP9uW5GmE5bQ0NArV66gFxcvXkSV3333Hf0ufgNSaubOnfv+++9TbnRvrK8xZrNZq9U2NDRcunTJaDTu2bOHYRg/P7+2tjaFQjE8PJyamsovrlu3zmw2X7p0qampqampqbm5+eDBg6irxMTEtLQ0g8FQX1+/YsUKuVyOHZG0UZaYmFhbW4sqz5079/Dhw5qaGlSsra1NSEigN9BoNPTbBWZgrc3KyvL09Gxvb6+tra2oqOBHyT6XxQ0EsWUYpqioaGhoqKWlpaampq6u7ujRo/zU1NfXa7Vao9G4YMGC3t7elpaWxsbGzs7OgoIC1Ky5uXnHjh0mk0mn04WFhWVlZQlsOHjwYG1tbW1trV6vnzNnTmtrK6rPzs42Go3Nzc01NTXV1dVlZWXSB8WmkjO7paUFzSiDwcC/JSsry9fXt7W19fz58/w/CuIIREREFBQU5OTkMAyzb9++hISEl19+WTwQNinYKU1pz3H9+vW8vDz0gZTUmBRt0swhJTdIBMVySrLa2tp0Ol15efmKFSsY8oQkmYGFEljBcFirAgMDBTMcC8UkhULR0dFRXl5eU1PzzDPPkHogTSdsbLGkpaWtXr0arT0CLl++vHr16rS0NM53Umps7dndYKl0dnYyDHP37l1UbGhoiIyM5C4pFAp+S1REtxgMBlRfWVkZHR3Nsmx/f79MJhseHhaPYjAYwsPD0Wuz2axQKPr7+8VFo9Ho5eWFeoiJicnNzd2yZQsa0dfXd3R0lN7AYDDQb+ebhLXWYrHI5fKOjg7OtVmzZtnqMj9upJgIYqtUKs1mM3qt1WpjYmK4QQcGBlB9fX29h4fH0NAQl6knn3xSHOr29vbg4GBBpUqlam5uFlRaLBb0TkbF6urqpUuX2jQoP3eC6cHNqPr6em5GofDyw4jCS4rA6OjoggULCgsLlUqlyWQSxxCbFNKUJrXn6OrqioyMPHPmjJTGgmiTZg7JNTScAMqbkZIs7q3EUt+DJDPE0APLHw5rFdcJN8P5c8PqtGdZ9tixYwsXLjSZTLGxsfHx8SjOKpVK0BtlOoljS3LWbDYXFxcHBAQkJyfr9XpUqdfrk5OTAwICiouLkYWU1PDjxvcO27NbYn2NESwkXJ4oa4xcLufqW1tbufSnpKSo1erc3NySkpKffvqJa2OxWIxGI3pdWVm5atUq7pKgqFarL1y4YDKZwsLCBgYGVCqVxWI5duzY+vXrpTSwejsfsbVGo9HT05PvGrfGSHdZEDdsTATrEMMwyv8REBCAOqekRlBsbm6Oi4ubM2cOup3fjGXZgYEBmUxmsVgE7guc1ev1wcHB0gdl/5s70t8R/i1Go1EQRnSJFAGWZdGDaWlpKSuClBSSAZQkIpYuXcoNRGmMjTZp5lBcw3pECZ3VZCGw881WM6QElmSV2Bfs3KCYxH0kMhqNSqWyuLi4sbFRrVYLeiNNJzvo7+/XaDQymQwVZTKZRqPhPmmJfRe8EbBtsD27JTLnPiX9l2+++ebKlSs6nc5oNObm5i5fvvyLL75gGGbatGkhISGoDf0/yhISEmprazs6OhITE/38/NRqdV1dHX+ni97A6u10awUbQfa5nJeXJyUmHMPDwx4eHk1NTTLZ/yfLw8O2/9TQaDTp6elHjx6Vy+XoX3HEbdBXr47FUf8NSImAyWTy8PAwmUzjH4VOd3d3S0vLb7/9ZrWllGhzUFwTb+A0NTXZZft/wM638c8xh0Myqaenp7+/f/HixQzDhISElJeXazSapqYmtDUnEXFse3p6SI3/+uuvffv21dXVFRUVoZqioqKSkpLMzMyioqJ58+bZ5Be9Z/eEvgTZ9xzD8B6lq6qqsNsIWq02LCxMUGmxWJRKJfdwLSiyLNvQ0BATE5OUlHT+/HmWZcvKyrKzs4ODg7nHIHoDq7eTQNaip+/Ozk5USdoro7uM/TgjiImgjUKhEO9lSXyk+Oeff/ifkrRarfgTlkql0mq1gkrS9ovE5xhB7qQ8xwg2N6qqqrhL2AgMDAwEBwefOXMmICCgtbVVHB9sUijPMZQkWiwW/jwkNSZFmzRzSK6xhL0ySuisJksM/z1IMkOMxMCSrOI6sbpXhjUJRZK/ubRjxw6GYXQ6naA3ynSSvleWkZGhUChyc3N7e3v59b29vTk5OQqFIiMjQ2y5lOcYUs/uh/1rjNlslslkXLK5IpqCGzZs6Orq0ul0arW6sLCQZdnW1tb4+PgLFy709vYaDIb09PTExESuZ7RHXFdX9+yzz3KVgiJCpVKpVCrUvqury9fXl3tMltKAfpXbqiZZu2HDBo1G09nZqdPpFi5cyP/zJNFlfkhJowhim5GRsXTpUvTZ8+DBg0VFRfTUCIoqlaqsrGxgYECv12s0Gq6ec7a4uDgmJqalpaWrqysrK6uurg7Vp6enJyUlGQwGnU63ZMmS0tJS6YMKcidljWFZVqPR8MPIXcJGIDMzMzk5mWXZ/fv3x8bGCpwiJYW+xojbi+cGvTEp2tiZQ3INCz10VpPFUt+DNpkhJbAkq8S+cK/v3r0rk8na2trQzi3JpMzMzOXLl+t0ut7e3vLycqVSGRwcvHfvXnHPpOkkndTUVO6TATYUqampYt+lrDH0nt0J+9cYlmULCwu9vLzKy8v5xcOHDysUigMHDqhUqlmzZr3xxhvoO+HR0dHCwsKoqChPT0+VSpWamsp9T8uNkpeXV1BQwPUvKCK2bNmyYcMGrhgdHS1oQ29Aucp3lmStyWRKTExUKBTh4eEHDhzg/jxJd1nKKILYDg8P5+TkhIWFeXl5JSQkoA+GNv25j46OlsvlwcHBubm5fJtRA4vF8u677yqVSrlcrtFouA9WZrN5x44dSqUyLCyssLDQYrFIH1SQO4lrTFdX15o1axQKRVRUVElJCX85FESgqalJoVCgT6nDw8Ph4eEVFRXiv1zipFDWGGx7kqekxthok2YOKblY6KGzmiyWOt9sNcNqYElWiX3hv96zZw992qP6PXv2hIeHy+XyJUuWnDp1qqOjw8vLC3024vdGmk4Ox+7vY6YCVtYYOxhPKKOiohobG0nFiUZbWxvp207A5bmzNSk2tR9nxrmZMxmB2Q7YxCP9zt8q169fpxQnGlqtNjIy0tVWTFAmeO5cC8wcYOowEbVkxo/zxOQ//vjj48eP9/T0XLx4saCgICMjwxmjOBVQ2h8nV69eFf9s2yqTbuaIf6iIEEg5OIoHDx5s3rz577//dkbngAuZWM8xDsGpYvKxsbE5OTmZmZlPPPFEdnb21q1bnTGK8wCl/fGTlpa2du1aW++adDNHq9Vi652k7Th9+nRPT8+8vLyvv/7aGf0DLoO+lTYZ917379+flZXFWjN+eHg4JSVl0nk3TrjgOASkD/0ob7SDnJwcuVxeXl7ukMnc29vr4eGB/ak89pveCYhTg08KspTgNzc3i0UogMmOG+6VSfnp35RV23bsKQl2n0HwyA4vGKeGvBgkGDxJNaQRLjk5QkrwAwICzGbzo7EHeGS42xoj8SCAqam27X6nJFhlnBrygAOB4E9N7NT2Zwga5ljFdemC8GIl8E2bNn3yySecJcuWLUNy93z4KtmCcwFIxmPVthnJUt7j1NXHqqAjHXJvb+958+Z99tln/FMDuNH5J/SRlM8piuj84GBF1ynC+1LOIJDorPhGLNgTB2wym6QhLzbJ1jMLOEjq8Vg7sR6RUizdJKtHP/BjQg++9JhT6jn++OOPwMDAX375ReCmlHMEpo70vdtjp7Y/Q9AwJymuSxSEFyuBJycnV1VVoavd3d1arVaj0XC2CeS1GdFekAMFt7FS3nbr6otV0JEOeVtb2/fff19eXm41LyTlc4oiOj84WNF1hiy8L+UMAonOim/Eaq1jTxywyWyKhrw4/jadWcBBUo/H2kk6Q4GERJMoRz+IYyIOPh+bYk6qRwwODq5fv/7AgQMrV64UjCLlHIEpJH3v9tC/rumUoFnN/lcxXqy43ilNEB6rbjQ0NIRk+VmWLSsrS0pKQlfF8tqs6FwAq8aLv4e0Scrbbl39TpwKOlaHnPL7YZLyOameHxySkFQnQXhf4hkEEp0V34jVjxKfOGCr2Szh9+Rik6QnVKCPgM0ayU7sGQp0bRspJlGOfrAaEwHSY07JBeo8ISEhMzMT6yZpivLbTB3pe7fHfi0ZimK8QHFdogAJSQk8JSUFdRUXF3fq1Cl0VSyvzYoOArAq8EB6s41TyttqlMTjknTISQORlM8piuj84JBCTfHL6hkE0p2lRJ4De+KAHWaT1hjB6NITym9JyhrWTtIZCnRtG6sm2XH0Ayn4NsWcnouCggIPD48TJ06I3aRMUbFhU0H63u2x//cxFA1zxyquJycnf/nll6mpqZcuXaqsrESVWHlth/zTlGOlvG1SepcOSfmcItI+zuBYPYOAGYezYq319vZ2xjknDrgWh3vkcFn+8Vs4NDRUWVl55syZrKys9evX+/n58a9KN3iqSN+7O3ZOx56eHqPR+MEHH8ybNy80NJR/hPDg4GBeXt7p06ePHj3KnRYuBZVK5enpeePGDVRsa2sLDw9nGCYhIUGr1VZUVMTFxXFfG+bn5+v1epVKpVard+3axTDM2NjYuXPnxrnG7Nq1S61WBwcH6/X6/Px80lgSoURJgEqlYhjm1q1bqKjX69GLgICAoaGhf//9FxW7urrQi5CQEC8vr/7+/tD/gQ7gIdULgkMKNZ3nnntu69at+fn5J06c4L4ks8NZMVoRfn5+AQEBAj0C+8x2HqSsYe3EesSQUywRUsbtwKaYU3Lh4eFRWVm5cePGmJiYvXv32mcw9p0ITErojzmUJ26ShrlYcV36RgRJCXzLli2+vr7ffvst1kIkry0+CMCOvTKHSHlbjRJ2s4KkQx4TE5Oenm4ymfR6/YoVK6xqwmPrxcHBhprkl8QzCKQ7K7gRC/bEAZvMFlxyyF6ZwWDg74+Rsoa1k3SGAjbF0k2y9egHQfD5X7NJj7mUXLS1tcnl8paWFkE9aeq2t7dzRk4d6Xu3x/41BqthblVxnaW+W0hK4FVVVQqFgq+1LkZ8EIDd38dYRbpHVnX1OZAOuZeXV2RkJF+HvL29fdWqVQqF4umnny4tLbWqCY+tFwcHG2qSXxLPIJDuLCs6GEIM9sQBm8xmnbDGDA8P88/IIqnHY+0knaGATbFNJtl69AMXfEEz6TGXmIvs7OyXXnpJUE+aumfPnl24cCELuBePsSzr6kcpxzB//vyKiooXXnjB1YY4gJs3b6rV6jt37jiqQ3cKjst5++23dTrdDz/84GpD3IqRkZEFCxbs3bt3+/btrrYFcCTus8a4Ew5fYwAH8uDBA61W+/zzz7vaEHfj119/ffHFF11tBeBgYI2ZiMAaAwCAe+BuemUAAADAxAGeYwAAAABnAc8xAAAAgLOANQYAAABwFrDGAAAAAM4C1hgAAADAWcAaAwAAADgLWGMAAAAAZwFrDAAAAOAsYI0BAAAAnAWsMQAAAICzgDUGAAAAcBawxgAAAADOAtYYAAAAwFnAGgMAAAA4C1hjAAAAAGcBawwAAADgLP4PzETOGkpYnE0AAAAASUVORK5CYII=)
Mirror: Click here to view the mirror
Coordinated Disclosure Timeline
Vulnerability Reported: |
12 July, 2020 21:38 GMT |
Vulnerability Verified: |
13 July, 2020 07:35 GMT |
Website Operator Notified: |
13 July, 2020 07:35 GMT |
a. Using the ISO 29147 guidelines |
![](/images/done.png) |
— |
— |
b. Using publicly available security contacts |
![](/images/done.png) |
c. Using Open Bug Bounty notification framework |
![](/images/done.png) |
d. Using security contacts provided by the researcher |
![](/images/done.png) |
Public Report Published |
|
[without any technical details]: |
13 July, 2020 07:35 GMT |
Vulnerability Fixed: |
14 July, 2020 02:11 GMT |
— |
— |