logo
DATABASE RESOURCES PRICING ABOUT US

insaf.com.pe Cross Site Scripting vulnerability OBB-1234980

Description

Following coordinated and responsible vulnerability disclosure guidelines of the **[ISO 29147](<https://www.iso.org/standard/45170.html>)** standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence. Affected Website:| **[insaf.com.pe](<http://www.insaf.com.pe>) ** ---|--- Open Bug Bounty Program:| **Create your bounty program now**. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| **[XSS (Cross Site Scripting)](<https://www.owasp.org/index.php/Cross-site_Scripting_\(XSS\)>)** / CWE-79 CVSSv3 Score:| 6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N] Disclosure Standard:| Coordinated Disclosure based on **[ISO 29147](<https://www.iso.org/standard/45170.html>)** guidelines Discovered and Reported by:| **KhanJanny ** Remediation Guide:| **[OWASP XSS Prevention Cheat Sheet](<https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.md>)** Export Vulnerability Data:| Bugzilla Vulnerability Data JIRA Vulnerability Data [ Configuration ] Mantis Vulnerability Data Splunk Vulnerability Data XML Vulnerability Data [ XSD ] Vulnerable URL: ![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAAA3CAIAAABVZQ1/AAAACXBIWXMAAA7EAAAOxAGVKw4bAAAWOElEQVR4nO2dbUwU19fAx3XFBQYQhFVerOALGmroFi3FVq1RYw0lZLX4UkqVUoJoUClRA8Zaqila36JoiDHWIGmtNcZQYqi11JgVqUWkK91QukGyUFwRARFXuuLKPB/u87+Zzp25M7uwiPb8Pu3M3HPuOefenbNzZ+bsCI7jGAAAAABwA6rnbQAAAADw0gI5BgAAAHAXkGMAAAAAdwE5BgAAAHAXkGMAAAAAdwE5BgAAAHAXwyLHRERE3Lp1S2oTcDcQcIW4FihnpQYyHEMwlEq6GA4zajjYADDDIcf88ccf/f39r732mugm4G4g4ApxLVDOSg1kOIZgKJV0MRxm1HCwAUDI5Jjm5mYfHx/RQw8fPty9e7fUpnLKysoSExOlNt0NxcGB8Omnn3p6ep46dWrQNQ86bgp4c3Ozv7+/a7IuzyVZBjLclEBhtaTXfCmyd3IPvb1CC0eIwVfFj7BTvSiZLbjNo0ePNm3aNHHiRE9Pz2nTpn311VfPnj1T7o5Cw0RnyxCfRgAaHBWLxcKyrJJDlJZ0YmNjL126JLU5BNjt9sFV2NHRoVKpjEajw+EYXM3uwE0Bt1gsY8aMcVnWtbnkVs2UQGG1pNdIqq2tbfXq1TU1NSzLNjY2Jicno7lB2kNvr9BCu91ut9sbGhrGjBlj50EaLGqDa0Eg2yQlJen1+oaGhvb29oqKivnz51dXVyvsCKHkuylq/9CfRgApnnOOsVqtY8aM6evrE918QXHfKXLQcV/AX7IcQw9Ua2trTEwM+hAbGysqdfLkySlTpqjVap1Od/HiRYGgwvZOWUgZAtdyjJLZgtv09vaq1eru7m4lmgcCaf/LcRp5aVB0P+bw4cMRERFjx4796KOPHj58yDDMw4cPw8PDbTbbiBEjTp06xd88ePCgj4/Pvn37xo0b5+/vv2bNmn/++UdKc1lZ2eLFi0eNGiXYXLp06b59+9DOW7dujR49GvXLMMzatWunTp1KObplyxa6+JYtW7AB/Otx9PnAgQMRERH+/v4ffvghlrpx48bcuXN9fHxCQ0Pff//9P//8E++fPXu2p6dnUFDQ8uXL79y509nZyY+MwN9nz57l5eWNGzfO29t7+fLlnZ2dDMM8fvx47dq1QUFBEyZM+OKLL9B6At8Yb2/vlStXdnZ2btmyJSgoaOzYsR9//PHjx48FypGIaOSfPHnyySef+Pj4TJw48fPPP8dLFjjgUrJo/+7du4OCgoKDg7/++mspgxmGuXPnzrvvvuvj4zNt2rTTp0+TEWb+vZokGg3B1JLqTmpEZEPBiM1nWRHBRMX89NNPDMOEhobevHkTffjtt99Epfr7+/F+ler/v3dYUGF7smtZC/neoc9khPlITRXZIAjaIPvVarWoPeTQkzON/G6SoyPqCz0UJIJIAoOLfI6x2WxGo7Gqqqq6utpqtebm5jIM4+fn19DQwLKs3W5PSUnhby5dutRms1VXV9fU1NTU1NTW1u7du1dKudTNmISEhIqKCrTzwoUL/f39Fy9eRJsVFRV6vZ5yND4+ni4eHx9Pcbaurg4529LSsm3bNrQ/ISEhNTW1paWlsrJyzpw5Go0G7a+trc3IyGhrazOZTGFhYVlZWWPHjuVHRqB/7969FRUVFRUVZrM5JCSkvr6eYZiNGzdardba2tqLFy+WlZUVFRXxI19ZWWk0Gq1W6/Tp0zs6Ourq6q5fv26xWLBtAvtFI79z587e3t66urqLFy8aDIZjx46R8ZeStdlsDQ0NJpOpuLh4zpw5FIOzsrJ8fX3r6+vLy8txjqEgGg3B1JLqTmpEZEMhOp/pIozY+v6NGzcWLlyYmppKcRBL3bt378qVK2fOnNFoNOfOnSsuLha9M6GwvWjXyu9AkBHmIzVVFAYBt/H29o6Pj1+1atW1a9fI30OiQ0/OND6ioyPqi7M3Y1JTUxcuXMhP9sBgQr/MsVgsDMP09PSgzaqqqkmTJuFDomtlSKSlpQXtP3/+/KxZs9DnlpaW8PBwLGKz2ViW7erqIjetVquXlxdajY2Njc3JyUlOTkbKfX19W1paKEf7+vro4oL1BP6iAd/ZyspK5GxXV5darZZdGm5sbBw/fjwZGT5arba2tpa/x+FwsCzb1NSENsvKyuLi4rAxeKmhsrJSpVL19vbigZgyZYpAOSXygYGBNpsNfTYajWg9hx9wKVm0H48RxWCHw6HRaPga0EINOU/wAg4ZDdwGi4h2JzsidHek5rNU9AQT1Ww2r1ixIiAgoKCgAEeVRCBFhsKF9lJdk7Lcv0NNWdkWHBKdKgqDIGjT09OTm5sbGRmpVqunTJmSn5+P7yqRQ0/ONPK7KTo6AvtFQ0HHZrMVFBQEBASsWLHCbDYrFwSU4Nz9GCWz1mKxaDQavL++vl6r1aLPDofDarXiQ+fPn1+wYIHUpk6nu3z5cltbW1hYWHd3t1ardTgcJ06cWLZsmexRJQ1ILyjOrlq1SqfT5eTk7N+//8qVK7hNbW3tokWLQkJCAgMDAwICRM+qmO7ubrVaLbh5a7VaPTw88KbZbBZNVIK1ddGldqnId3V1MQwT+D8CAgLQfn7ApWRFF7tFDbZarQIN9BwjGg3cBotIdSc1Ik65I5jPUvNWMDPVarVer5e90yCQkkVJe6muRWVdyDFSU4XsQtQSKRfsdntVVVVcXNz27ds5iaEnZ5rASKnREQgKbAjkIbUH+67X69VqNWk/MBCG9P2YkSNHBgcH4036U8vx8fEVFRUXLlxISEjw8/PT6XQGgwGvdNGPKmngFN99992JEyeio6P7+vpycnI2bNiA9uv1+nnz5hkMBqPRWF5erjAILhgwEOx2u0qlqqmpMRqNRqOxrq7OaDQyw+P5TpejITUi7kAQqJ07dxoMhvXr19++fVu5lLO9iCLV9WANpdRUIbsQtUTKjNGjR8+ePbuwsPDs2bN4p5u+CAIbjDyk9jAMc/v27aysLIPBsHPnTndY9Z+GnoJcu45heFe1paWl+KqWj8PhCAwMxGsggk2O46qqqmJjYxMTE8vLyzmOKyoq2rhx4/jx49GVEP2okgakF/RLB4zRaAwLC+M4rr29nf+rx2g00q9jOI7TarVGo1EQB6m1MheuY6Qiz7IsuUbHD7iULOmLwrWy0tJSZGFPT49KpeKvQPLXygTRwMbQ18oE7fGIyIaCPp9FRciZyXFcR0dHdnY2y7KZmZmk/VJSFJS3J7uWknVtrYycKlJdCCwh2wgWEg0GA16ZJIde9jpGam4LZotTYUdkZmayLJuTk9PR0eGUIKAE13OMzWZTq9V4+RJvotmQlJTU2tpqMpl0Ol1+fj7WgNfQDQbDjBkz8H7BJkKr1Wq1WiTS2trq6+ur0+kUHpVtgPYryTH19fVLliy5fPlyR0dHS0tLenp6QkIC7qKoqKi7u9tsNuv1etEcw79tUFBQEBsbW1dX19rain43cRyXnp6emJjY0tJiMpliYmIKCwvpkRdsYv2UyGdmZsbFxZlMJqvVunfvXvQjlB9wKVnRfClqMMdxer2erwFbGBsbm56e3tbWZjab58yZg/eLRoMjphbZHWVE8LAqcYfMMaSI6MzEIikpKaKHKFKD0p7ftZQsJcfwI9zT06NWqxsaGtDiFTlV6OZhSwRtGhoatFrt8ePHrVZrd3c3OlpQUICOkkOvJMeIzm2+L86GEZGSkmKxWJyVAhTieo7hOC4/P9/Ly6u4uJi/eeDAAZZl9+zZo9Vqx4wZs3r1anynmq9t8+bN27Ztw6oEm4jk5OSkpCS8OWvWLH4b+lF6A/5Vl2yO6evry8/Pj4yM9PDw0Gq1KSkpbW1tqI3BYJg1a5ZGoxk/fnxOTg6ZYwQ6HQ7H1q1bAwMDNRqNXq9Hv5tsNltGRkZgYGBYWBi+L6owx5B9iUbebrdnZ2eHhYV5eXnFx8c3NTUJAi4lK5pjRA3mOK61tXXx4sUsy0ZGRu7fvx8b3NjYuGDBApZlo6KiCgsL8X7RaCD4U4vsTmpEBMMq6w55FiZFRGemLM5KudYLXZaSY7h/Rzg3Nxd/JqeKQvPINuXl5fPnz/f19fXy8oqOjj5+/Dg+RA69bI6Rmtt8XwYSRsBNyOQYF6A/PIOJjIy8fv261CbgAgojjxAE3CnZ4Y8L7kiJuDYznZUayPwfgu+Oki7caoZrZxVgOCD+htQQ8Ndff1E2AXcDAVeIa4FyVmogwzEEQ6mki+Ewo4aDDYCA51932eUS3C9B7e5bt26tW7fOrV08ffr0gw8+uHfvHr3TOXPmOFWvEBhcIiIibt68KRgpWZEXff4D/wWec45xuQT3y1G7OzU1NTw83K1djBo1ysPDY/PmzZROUTCH/qFqAIHiP3PmTMFIyYq86PMf+C8w+Dlm4sSJjx49UthYtpK5VH1vJS8EHDlyZPLkyaNHj3799dd//PFHWWPIvpzVINBGL27f2dlZV1eXnZ3tlEkUcOQF1c6zs7NxZR3RTsvKypYtW4ZkKS43NzfjQvEjR46MiIjYtWsXrq5GFpM/fPgwOjRy5MirV68KVOHgCGQnTJiQl5f39OlTqQgIAnvkyBFU0u3NN9/85ZdfcChMJhNFLekpjh69R1l3pOrq8yuqffvtt9OmTeNXjUOTmT9SdIbDu01DiVNnFWB48XxvB1EqmdPLm8vW7i4sLAwPD6+oqGhvbz99+nRAQAB+NFYKwX1FFzQItNELDyu5jenarXjlL0MgcDDpLiNZVCW+t7cXFRpBz7byD2HwA3IMw0yaNIn/tgT5yBNWazKZ3nrrLfRCuKjBfNnCwsJJkyahh5jPnTsXGBhYWVmpRC3FU3qPsu6I1tXPzs5evXo1bh8dHY2fxuTHX/lwQ+164EXheeYY2UrmUuXNldTuDgkJuXz5Mt48dOgQfoVCCsE33AUNAm0vRI7hB5PuMilbWVkZFRVFt9NisXh5ecXExPBfV6Q/VltVVTV9+nSpo3xZgcHHjh3DBtPVUjyVzTF0d0T3WK1WlmXRSxjl5eWTJk3CP5j48Vc43FC7HniBcG6tDBfBJiurr1y58ssvv8QtZ8+ejUpt371797333vPx8YmIiDhw4AB/lUO2krlUeXPZ2t0PHz60Wq380q3z5s1DtV0Zag1/hRoYsar+jERxe4WIKhRA1l0nK6LTK7eT4GDKukyi0WgcDodsFyqVqqSkpLi4+Oeff5ZtzDCMh4dHX1+fbDPS4LS0tKNHj8qqdcFTPs66wzBMcHBwamoqKhW8Z8+e3NxcfPeLMpmlas47W7seAJ4jSnOMoIg3WVl9xYoVpaWl6Ojdu3eNRqNer2cYJisry8PDo7GxsaKioqSkhK+TXsmcUt5cdjHaZrNpNBr+l9DX17enp4ffQLSGv3INZFV/Rrq4fRABabOoQgGiddcFFdHpldtJcDBlXRZw//797du3o1GW5dVXX83Pz09LSyPTuYAHDx7s2LEjPT1dVidp8KhRoyZOnCir1llPSZS7g8nNzT19+vQPP/xgsVhEi+GTSNWc/6/djAFebGSvdMgi3qKV1Xt7e1HVfY7jioqKEhMTuf/VsMLlg3C9d05x5XNyp0BQ8H8BUlJNTU2CJXWyhj99TYmvQQCq6i9V3J7juFYCKX/5Csk2ZN11C1ERnZSi+CUo7093GfWFK/JqNJrMzEx+7RZ+RdusrCxBjw6HIy4uDt2WIO9wYLUqlWrJkiVSvvBlBWUjkAZBrX5RtbLTg75WRneHFMFkZmZqNJqioiLR+JNdi9acd6F2PQA8R+TfwYyKikpISGhqavLz80N7/P39k5KS4uLiFixYEBISMmvWrHfeecfT0zM+Pr60tHTDhg3nz59Hv9Ta29v7+/sjIiKQ4PTp07HaS5cuxcbG8pfORB8dIXcKBENCQqqqqgRSqHI4f09/fz//L/lYlsXPDoWFhaGS5k5p+P3337du3VpfX9/X19ff39/f39/e3s4wzIQJE0hnQ0NDGTlIhYIGDx486OjowI8dY3tYlqU/wEaBH0xZlxmG8fLyQtVqVSqVVqvlP+6MD+FNQV8jR44sKSnR6XTLli3T6XSiahmGaWpqys7OPnz48KZNm+jG8w3evn17dnZ2a2vrkiVLZNUq8VQWijtSrF+/vri4OC0tDe8hvwV8vL298/LyMjMz09LSoqKi0ENxdBEAGG7Ir5WJFvEWrayOlssePHhQXV0tey3v8vW+QFDwfwEItFLEf1C1p6fH19dXeS+yGpyq6q9krUxWIaXuusvwg6kkaCqVKjQ0NDQ0NDg4WPA+DT6EED0JTp06taCgICMjo6OjQ0p27ty5hYWF+L810X/N8d8PtdlsKIHxDfbz8wsNDfXw8ODnNim1dE8pPSp0RwpfX1+1Wj169Gi8R/ZbQNach4Uy4MVCPsfk5eWZzWatVqvT6fjvh8+cOXPNmjV5eXknT55Ed2Li4+ONRmNJScmiRYvQVYJWq1WpVM3NzUikoaEBfXj27NmFCxdc+KooFPTz8wsJCamsrMR70BNQyjuia7h//77Vav3ss88mT54cGhqK/uhXq9UyDPP333+jNmazGcsaCQTdiSoUEBwc7OXl1dXVhc+bZHJ1CkEwBx40JWzatCkqKkr0bhOGf50RFBQUEBBw/fp1fNRgMERHR2OD+Vexly9fRofoaumeUnp0zR0pZCfzunXrdDrd+PHjzWZzXl6eEhEAGHYoX1bDRbwpldWTk5N9fX3Pnj2LpZKSkvR6vcViMZlM0dHRaJHatRLcooI2m43/qgEGvwDR0dFx5swZygsQeOlcUOScooGTqOovVdxelJaWFv5f+4kqlK27LlUXmV8bv7GxEVvC75QMJt1l+gPKlPdjyJsfLMuKvh9jt9vr6+vnzZu3fv163P7o0aORkZEGgwG9BBMQEIBfgsHvx7S3t3/zzTcBAQFVVVVK1NI9pfQo6w5uJvoHP3xZMv78keLEas67/MUBgOeFK+/HUGrdl5aWsizLL7vd1taWkJDAsmx4ePiePXvQV8jlEtykIOXEh05AHh4eOp0O/VOZqAj/dMAvck7RwElU9Zcqbi+K3W7XaDQ4E4gq5OTqrku5z6/cfu7cuejoaLJT0VGguEzPMeTPl0OHDklJHTt2THDPH6PVajMyMvATGYiDBw+Gh4d7eHjMmDHj/PnzAoPRoZiYGP4rL7JqKZ5SepR1BzeTzTFk/PkjJQrUrgdeOIb0HUz0t0XcAEpwk4IvdFH6jRs3OvWX7y5gt9vDw8NPnDhBdgqF0J8vgviTIyUrAgDDnxEcx7lxJe7ffP/994cOHfr1118HUWdzc/P+/fuPHDkyiDqHjKdPnxqNxjfeeMOtvVy7du3tt98e4k4BFxCMFAC8BLg9x+zatSskJCQxMbGpqSk5OXnHjh1r1qwZRP1PnjxRq9VQMxgAAGAY4vYcc/Xq1ezsbJPJ9Morr2RlZcm+9AAAAAC8NAzpWhkAAADwn+L5/w8mAAAA8LICOQYAAABwF5BjAAAAAHcBOQYAAABwF5BjAAAAAHcBOQYAAABwF5BjAAAAAHcBOQYAAABwF5BjAAAAAHcBOQYAAABwF5BjAAAAAHcBOQYAAABwF5BjAAAAAHcBOQYAAABwF5BjAAAAAHfxf1kBppEI2uF6AAAAAElFTkSuQmCC) --- **Screenshot:** ![insaf.com.pe vulnerability](/twimages/screen-1234980.jpg) **Mirror:** [Click here to view the mirror](<http://1234980.openbounty.org/mirror/>) ### Coordinated Disclosure Timeline Vulnerability Reported:| 22 July, 2020 15:25 GMT ---|--- Vulnerability Verified:| 22 July, 2020 15:35 GMT Website Operator Notified:| 22 July, 2020 15:35 GMT a. Using the ISO 29147 guidelines| ![](/images/done.png) ---|--- b. Using publicly available security contacts| ![](/images/done.png) c. Using Open Bug Bounty notification framework| ![](/images/done.png) d. Using security contacts provided by the researcher| ![](/images/done.png) Public Report Published [without any technical details]:| 22 July, 2020 15:35 GMT Vulnerability Fixed:| 26 August, 2020 14:34 GMT ---|---