logo
DATABASE RESOURCES PRICING ABOUT US

studiosistema.it Cross Site Scripting vulnerability OBB-1268538

Description

Following coordinated and responsible vulnerability disclosure guidelines of the **[ISO 29147](<https://www.iso.org/standard/45170.html>)** standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence. Affected Website:| **[studiosistema.it](<http://studiosistema.it>) ** ---|--- Open Bug Bounty Program:| **Create your bounty program now**. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| **[XSS (Cross Site Scripting)](<https://www.owasp.org/index.php/Cross-site_Scripting_\(XSS\)>)** / CWE-79 CVSSv3 Score:| 6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N] Disclosure Standard:| Coordinated Disclosure based on **[ISO 29147](<https://www.iso.org/standard/45170.html>)** guidelines Discovered and Reported by:| **geeknik ** Remediation Guide:| **[OWASP XSS Prevention Cheat Sheet](<https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.md>)** Export Vulnerability Data:| Bugzilla Vulnerability Data JIRA Vulnerability Data [ Configuration ] Mantis Vulnerability Data Splunk Vulnerability Data XML Vulnerability Data [ XSD ] Vulnerable URL: ![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAAA3CAIAAABVZQ1/AAAACXBIWXMAAA7EAAAOxAGVKw4bAAAPCUlEQVR4nO3dfUwb5R8A8FvpsIPrxkspb53QRRkhC+pCEBM252Y2goTUjeFbx1AJ4oKTkEmAKSKbbEMxkSxkf7hkEqPGGLMQsswFp2kI2Quwig2yDlipXa1QENiBpZbe74/L78nl7p7rUbiB4/v5q3d97nm+/R7hoU/L91lH0zQBAAAAyECx0gEAAAB4aMEcAwAAQC4wxwAAAJALzDEAAADkAnMMAAAAucAcAwAAQC6rYo7R6/W//vor7hAEAXIIAFgNVn6O+e233/x+/xNPPCF4CIIAOQQArBIB5pjR0VG1Wi341PT09KlTp3CH0rW3t+fn5+MOxQeVYnR0NDIykhB9LQF7CHhh0C9/ifEIjotyODExcejQoZiYmMTExJqamn///VekW5HG8/Pzr7zyChoUBYByG3T8AICHW/DvY6amphobG3GH0i1qjgl6FIIgkpKS3G63TBcuJbClxCM4LsphUVGR3+83m81Xr1795ZdfGhoaRLrFNZ6fn8/JyfH5fHLEDwB4yNGibDYbSZJSnhJpKcLpdEZERHi9XsHDRcUjcklERMRiA1us4F6+HOOiHFIUpVAopqammPNdXV0pKSm4fkQa22y2kydPsgdyOBzbt29nHmRmZi77iwIAPDQkvY/5/PPP9Xp9dHT0oUOHpqenCYKYnp5OTk6mKGrdunVffvkl+/Czzz5Tq9WffPJJbGxsZGTk4cOH//nnH1zP7e3te/fuXb9+Pf/w5s2bO3bsUKvViYmJBw4c+P333zmDcpZc2Os29+7d27dvn1qt3rp169dff40asNvPzs6+9dZbMTExmzdv/uijjxYWFpjz/HHZF/Kf5WeDIIj5+fk333xTrVYnJSV9+OGHCwsLTCfNzc16vT48PPyll16amJh47733YmJioqOjX3/99dnZWTTEM888s2HDhpiYmIMHD967d4+TNBQPf1x2Dt1ud1hY2KZNm5jzOp1ubGyMIIi7d++Gh4ffunWLIIiJiYnIyMiff/4Z15ggiKSkpOPHj7MDSExM7O3tZR5cv36dOfnjjz/i7jLCtGHnU3pa/vzzzxdeeEGtVuv1+ubmZv4aneCtYfo/depUTExMfHz8+fPnCYJYWFioqamJjY0NDw8/ePDgxMQELmDBXAV8mQAAJPAcQ1GU2Wzu7u6+ceOG0+msrq4mCGLTpk2Dg4MkSXo8HqPRyD588cUXKYq6ceNGT09PT09PX19fU1MTrnORhbK8vLzi4mK73d7V1ZWdna1SqTiDisRcXl6+cePGgYGBS5cuoTmG4+jRo06ns6+v7/Lly+3t7a2trbhx2VcJPssPrKGhYW5urr+///LlyyaT6dy5cyiTXV1dZrPZ6XSmpqa63e7+/v5r167ZbLba2lpmiL6+vtLSUpfLZbFYdDpdeXk57mUKJkR8sZEgCL1eX1tbW1FRQRBEXV1dbm7uc889J9JeouLi4j179jBzD9/Nmzf37NlTXFzMf0piWsrLy0NDQ4eGhjo7O9va2vj94G4cRVGDg4MWi+XChQvZ2dkEQTQ1NXV2dnZ2dlqt1oSEhIGBAYIgYnjkyxUAa4j42xybzUYQxMzMDHPY3d29ZcsW9JTgWhlzid1uZ87/8MMPGRkZzGO73Z6cnIwuoSiKJMnJyUn+4eTkpFKp9Hg8/HjQoPwAmDUxn8+nUqnYATDn2e19Ph9JkiMjI8xhe3t7VlYWblx0IS4qfjAajYaiKOax2WzOzMxk0sJejFIoFHNzcyixjz32GL/boaGhuLg46Ulg5xCXH5qmvV5vampqfX29RqNxuVzijQUH4qMoqrGxMSoqqrCw0Gq1ovNWq7WwsDAqKqqxsZHJCSd+KWlh7im6X+ieIiI/MARBoJ8xhlar7evr47R08OByBQCQThlwEiJJEq1sJCQkTE5OBrxEpVJt3ryZeZyammq329Hl3d3dqNmVK1cyMzPRogf7MDIysqCgICsra/fu3QkJCRkZGc8++2zgCZMgCIJgFnnYAQi28Xq9er0etWF+GYmPKzGqv//+2+12JycnM4d+v1+pVBIEQZIkezFq48aNGzZsQJlBH4PfunWrqqpqYGDA6/X6/X6/3y/xhRO8lOKsX7/+7Nmzzz//fEtLS2xsrPT+RYSHh9fU1JSVlb3xxhtpaWnoa2lpaWl5eXkjIyPotXNIScvY2Jjf72ffL04nIreGJEl2QqanpycnJ9PT0zk9JCYmCoYnR64AWDse6P/HhISExMfHo0Pxb5R98803X3zxRXp6utfrraysfOeddx5MkOLjSonK4/EoFIqenh6z2Ww2m/v7+81ms/QADAbDzp07TSaT2Wy+dOnSooIPuFCGuFwuhULhcrkW1b+44eHh8vJyk8nE/gJbQ0ODyWQ6cuTI8PDwMo7Ft6gfmJCQEM4ZwbUyhhy5AmCtEH+bI7KEInGt7OLFi2itjM3n82k0GrT6wTnkMJvNOp2OM+jMzIxCoUDreF1dXYJrZRcvXpS+ViY4Lm6ZCEXFzwZJkpzVGPHFKHQ4NjamVCrZQ/C/FIdbK+PkUOSrYlNTU3Fxcd9++21UVNTAwIB4Y8H4+crKykiSrKysdLvdnKfcbndFRQVJkmVlZSLxi6SFuac2m405z18r4xD8gUG0Wq3ZbOacxK2V8XMFAJAu+DmGoiilUolW3tEhM8cUFBQ4HA6LxfLkk0/W19ejHtCKuclk2rZtGzrPORwYGMjJybl69arb7bbb7SUlJXl5efxBMzMzS0pKXC6X1WrNzs5GsRkMBnYA/DmGpumSkpL8/Hy73W6xWLZv397S0oIbF12Ii4ofWFlZWVZWlsVicTqdTU1NDQ0NEn+Z0jSt1WpbW1unpqasVqvBYEDnUerYXbHH5eSQpumcnByj0eh0Opn8vP/++8z5I0eOFBYW0jR98uTJXbt2iTcW/EngMxqNaA4QZLPZjEYjHdQcQ9N0QUGBwWCw2WwWiyU9PZ0zx+BujWDYjY2NmZmZ/f39DoeDeeMlErZgrgAAEgU/x9A0XV9fHxYWduHCBfZhc3MzSZKnT5/WarURERFFRUXoI1x2b8eOHautrUVdcQ69Xm99fX1KSkpoaKhWqzUajejjVvagQ0NDu3fvJkkyLS2tpaUFxeZwOPbu3UuSZEpKyqeffio4x1AUVVpaqtFodDpdfX29z+fDjYsuFImKE5jH46moqNDpdGFhYbm5uSMjI9J/mZpMpoyMDJVKFRcXV1lZyQ+e0xUal5NDmqbHxsZeffXVqKiohISE6upq5h+Penp6SJJk3ud5PJ7k5OS2tjZcY9xPwlIEN8e4XK68vDySJJOTk0+fPs2ZY3C3RjBsn89XVVWl0WhUKpXBYOC/8UJwuQIASLSOpunlXXwbHR3dtm3b/fv3xZtt3bq1ra3t6aefFjwEQVg7Obx9+/bOnTv/+uuvlQ4EABBA4O+VyeT27dsihyAIayeHZrN5y5YtKx0FACCwla+7/J+wsLBw5syZO3furHQg/1VLT+CJEyfOnz8/Pj5+/fr12trasrKyZQwPACATmGMkCQkJ8fv9x44dW+lA/quWnsBdu3a1trbqdDqj0Xj06NHDhw8vY3gAAJks/xyTlJQU8MOYByboMvL8mvlVVVUOhwOV55LbchXAfzCF9KVsbSAxgbiNA3bs2NHb2zs/P3/nzp1333136TEDAB4AeB8jjF8zPyQkpLe3dy18oh4EKVsbQAIBWINgjgGri1KpTElJYT8AAPx3BZ5j+DXw2fXYIyMjX3vtNabgPwNX1p5dX12w4rpgsX3BloIClsQXjE1wCMGa+VIyg3oT3NpAZHRcMs+cOcPpR2RHA5Hq9/x+xOPn9y8SJztdRUVF+/btQ5cfP35c5IMTwe0Agt44AACwCgWeYwRr4FMU1d/fzxT8t9vtqAA7gS9rz6mvzj+DK7bPbylYWkpKSXzB2PhDSNxEQCRgwa0NREYXTCZFUT3/J75FAgNX/R7XDy5+HFyc7HR9/PHHJpMJfSDX3t6+f/9+XIfi2wEE1xIAsLqI/4umYF0vTsH/rq4uVPCfxpe1Z9dX55/BFRATrM2OKy2FoJL4AUvu44YI+G/t4gELbm0gMjo/mbh+xHc04Fe/x/UjEr9g/+I3nX1VVlbW999/j04KboXAwG0HsJSWAIBVJcD/YOJq4LML/ut0OlTwX6SsPafgPOcMbiDBawXLsAcsiY+LTXCIgEQCFtzaQHx0wWTitkjAxYOrfi/Yj0j8OLg4OQwGQ0dHx4EDBzo6OnJzcx955BFch7jtAJbSEgCwqizz//mjsvboF6hCofB6vcs7CrvuOmN8fNxgMJSUlJw7d06lUjkcjpycHCmxLW9gIlZ29Adp//79zJJmR0eH4MaXbMPDw3V1dZztAJbYEgCwegSYY7RabWho6N27d5k/eAcHB9Ff4oLi4+PDwsImJyefeuopdHJ0dDRgHIsaiL8dy/j4uNPp/OCDD5hDtN9XwNiCJhKwx+P5448/mLcOVqv10UcfDW50wX6ioqLm5ubu37/PvKVwOBwoHoVCMTo6mpSUxMQj3g8uflz/0j3++ONarfann366du3ad999J9Ly7bff/uqrr0pLS61Wa3R09LK0BACsLgFX0/g18MVr5QYsa09jPu0QLLYvvdyvYEn8mZkZpVI5ODjIlFXmx4YbglOrX2Jm6P9/biG4tYGU0Tmffwj2g9vRQLD6vUg/gvHj+he/6Zx01dXVpaeno40PcAJuBxBESwDAqhJ4juHXwBf/dROwrD2N/7XOL7YvfY4RLIlP03R1dbVIyX2RITg7F0jJDOpNcGsDKaOz5xiSJJuamvj94HY0EKx+L9KPYPy4/sVvOiddzBtNkdQBANaI5a/tv8ZJ3NpAbitb/X52dlaj0TidzsV+kwIA8JB5OD92Bitb/f7KlSvZ2dkwwQAAVmz/GLDsTpw4kZCQkJ+fPzIyUltbW1dXtyJhTE9Pnz179uWXX16R0QEAqwq8j3l4rJLq9+iDnxUZHQCwqsDnMQAAAOQC72MAAADIBeYYAAAAcoE5BgAAgFxgjgEAACAXmGMAAADIBeYYAAAAcoE5BgAAgFxgjgEAACAXmGMAAADIBeYYAAAAcoE5BgAAgFxgjgEAACAXmGMAAADIBeYYAAAAcoE5BgAAgFz+B/YcgzR8VyMAAAAAAElFTkSuQmCC) --- **Screenshot:** ![studiosistema.it vulnerability](/twimages/screen-1268538.jpg) **Mirror:** [Click here to view the mirror](<http://1268538.openbounty.org/mirror/>) ### Coordinated Disclosure Timeline Vulnerability Reported:| 21 August, 2020 12:24 GMT ---|--- Vulnerability Verified:| 21 August, 2020 12:31 GMT Website Operator Notified:| 21 August, 2020 12:31 GMT a. Using the ISO 29147 guidelines| ![](/images/done.png) ---|--- b. Using publicly available security contacts| ![](/images/done.png) c. Using Open Bug Bounty notification framework| ![](/images/done.png) d. Using security contacts provided by the researcher| ![](/images/done.png) Public Report Published [without any technical details]:| 21 August, 2020 12:31 GMT Vulnerability Fixed:| 28 September, 2020 16:43 GMT ---|---