logo
DATABASE RESOURCES PRICING ABOUT US

mardukferreteria.com Cross Site Scripting vulnerability OBB-1269876

Description

Following coordinated and responsible vulnerability disclosure guidelines of the **[ISO 29147](<https://www.iso.org/standard/45170.html>)** standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence. Affected Website:| **[mardukferreteria.com](<http://mardukferreteria.com>) ** ---|--- Open Bug Bounty Program:| **Create your bounty program now**. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| **[XSS (Cross Site Scripting)](<https://www.owasp.org/index.php/Cross-site_Scripting_\(XSS\)>)** / CWE-79 CVSSv3 Score:| 6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N] Disclosure Standard:| Coordinated Disclosure based on **[ISO 29147](<https://www.iso.org/standard/45170.html>)** guidelines Discovered and Reported by:| **xav0 ** Remediation Guide:| **[OWASP XSS Prevention Cheat Sheet](<https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.md>)** Export Vulnerability Data:| Bugzilla Vulnerability Data JIRA Vulnerability Data [ Configuration ] Mantis Vulnerability Data Splunk Vulnerability Data XML Vulnerability Data [ XSD ] Vulnerable URL: ![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAAA3CAIAAABVZQ1/AAAACXBIWXMAAA7EAAAOxAGVKw4bAAAPvElEQVR4nO2db0xTVxTAr1CwwEOEQkWKKxgChBgkjDGWoTO4OGYIwQ11GjZxEoYEXccYo2oyxgd0DNxmFrMsbpG5bH7YDCGLYYRtWSXECWPPWrF2yEr5IyMFgVUspdB9eNnL2/vX29JC1fP79O7rufedf+3pu21PVzkcDgQAAAAAXsBvpRUAAAAAHlmgxgAAAADeAmoMAAAA4C2gxgAAAADeAmoMAAAA4C2gxgAAAADewidqTHx8/PXr14WGwEMHRPBRAqIJLIWVrzE3btxYXFzcvHkz7xB46IAIPkpANIEl4qTGDA4OhoaG8j40PT198uRJoSE+ra2t+fn5QkMvMTg4GB4eLi4gZDhC6K233goKCmpubvaCam56Ulzh5YSKIFMfHN1ctdppBDEXcdVp9+7dO3jwYFRUlEKhePfdd+fn533H81yWrptHno8eSQB6EY+E3lV8Ocq+jkMUo9FIEATOQyKS4mRmZra3twsNvYTRaFy7dq24gJA5ZrPZz8+PJEm73e4l3dzzpNVq9bgybkBFkGWFU91ctdppBDEXcdXV+fn5+/fvHx4e1uv12dnZNTU1bsdrGVi6bp56Pi49AWgBj4TeDXzk+fXQscJ7ZXfv3jUYDNu2beMd+iYWiyU4OHjz5s3+/v4rrcv/WL169UqrIBhBX9Bt6Tx48KC3t/fzzz9XKBRJSUmnT5/+7rvvVlopMSQSSWJiotvTPfh8XHoC0LYs0Si3eTRyePnBqjGffPJJfHy8TCZ79dVXp6enEULT09NxcXEWi2XVqlXNzc3M4enTp0NDQz/88MN169aFh4cfOHDgwYMHQiu3trbu2LEjICCANaTuTJuamuLj40NCQvbu3TsxMfHOO+9ERUXJZLKDBw/ev3+fmtLd3f3MM88EBQVFRUXt3r17ZGQE/Xdje/LkyaioqPXr13/xxRcIoZGRkRdeeCE0NDQpKembb76hprNugXlvw2/evCmTya5cuYIQmpiYYBqOEJqbmzt06FBoaKhSqXzvvfcWFha4V+fVhzuR61ghMaFLiPiExcLCglqtXrduXUhIyO7duycmJhBC9+/ff+ONN6KiojZs2PD+++8zr4UTC25AeZ3c3d29ZcuW0NBQhULx8ssv37p1i2s1rwm8ERRSm6uAUE5y01tIPigoaGhoKCQkhJrY398fExNDHX/wwQcsYfHU4jpBKCj4Gc5FoVD8/vvv9PDHH3/kFRMSYEYTX2GR5BRyLDcBuKrStigUit9++w3TIqaMR0wAXMV5jbFYLCRJdnV1Xbt2bXR0tKamBiEUFham1+sJgrBarUVFRczhrl27LBbLtWvXenp6enp6ent7GxoahBYX+TCGum5nZydJkqOjo8nJyWazWavVXr161Wg0Hjt2jBLr7e0tLS0dGxvT6XSxsbEVFRX0dL1er9Ppzp8/n52djRCqqKhYs2ZNX1/f5cuXma9Q4kxPT7/00kunTp3asmULQkgmkzENRwjV1dXNzs5qtdq2tjaNRvPZZ5/xXp17hnciy7FCYrwL0gj5hElDQ0NHR0dHR4fBYIiJienr60MIHT16dHR0tLe3t62trbW19ezZsy7FghtQXvLy8oqLi00mU2dnZ3Z2tlQq5VrNa4JQBIXUZiKUk7zpLSJPc/v27aqqqsbGRkq45z/EE17ECUJBwc/wKA6sixYXF2/fvp1ZdWi6u7u3b99eXFzMPMmMJr7CvLqJB4KbACKqYlrENcpTJgCuIb6VZjQaEUIzMzPUsKura+PGjfRDvJ/HUFNMJhN1/tKlSxkZGdSxyWSKi4ujp1gsFoIgJicnuUNqkampKeqhzs5OPz+/2dlZWo2EhASutv39/dHR0fR0emWHw2G326VSKVMrakuXawXr/M6dO8vLy1k+YU6JjIy0WCzUMUmSmZmZ3Ktzz/BOxFyfd0Gh7WzaJyzkcnlvby/zjN1uJwhiYGCAGra2tmZlZTlciQUrgrQ+zOPJyUmJRMLd2hbZjqdMEIqgkNqsxXlzUii9RXKYYnh4eOPGjRcvXhRfnDe1RJzADQqvKxwCGTXMgTXdYrHU19dHRETs2bPHYDBQJw0Gw549eyIiIurr6+lMc/w/mi4pLJKcIo5luYtXVS5CYlyjPGUC4CoSp0WIIAj6JjEmJmZyctLpFKlUumHDBuo4OTnZZDLR07u6umix9vb2zMxMegOBNSQIIiwsjDqOjY1ds2ZNUFAQvY7ZbKaO//jjj+rq6r6+PpvNtri4uLi4SE9nbk2Mj48jhJhaObUCIXT8+PG2trZz584JCdy7d89sNsfFxVHDxcVFiUTCvTr3jNBEzPV5L0Ej5BOa6enpycnJ1NRU5snx8XGbzRYfH08Nk5OTqWcawo4FK4K8hIeHFxYWZmVl5eTkxMTEZGRkPPfcczgmCEVQRG0mQjkplN5C8hSFhYUqlWrv3r04wphO4A0KrytozVmuVigU4tcNCQlRq9VlZWWvv/56SkrK/Pw8QiglJSUvL29gYIAOMQUzmi4pzKsbDaaveFXFF+Ma5UETAJdY1s/8/f39169fTw898q3lgoKCrVu3ajQakiQvX77sGUURQgjNzs5eunTp4sWLNTU11DY9F6vV6ufn19PTQ5IkSZJarZYkSZzFMSe6tz6mTzz+nQXMCH777bfnzp1LTU212WyVlZVHjhzhyngvrEvn7t27Wq2WV218hJzADQq+K5zulSGE7ty5U1FRodFo6urqqDN1dXUajaa8vPzOnTtMSVY08RX2FFxV8cV4jVp+EwCEXPzuMvN+H3OvrKWlhbXPQGG32yMjI+ktDtZQ5LrM4fj4uEQioc+TJMm7A+bg7JW1tLRQkjMzM35+fvRuSWdnJ72CRCLp6+tzOBx5eXkVFRVCPiEIgnWvzb067402dyLm+uKXEPIJC7lcTpIk84zIXhlOLEQiKLLPQJJkbGwsS4bXBKEIurFXRuekyE6pSA7b7Xb6ciLCQqkl4gRuUPAz3IGxV1ZWVkYQRGVlpdlsZp43m80qlYogiLKyMtpGZjTxFebVDefFgTVLSFVMi3iN8ogJgKu4X2MsFotEIqH3QOkhlUaFhYXDw8M6nS4tLa22tpZegd4P1Wg0mzZtos+zhpivaw6HQy6Xnz17dmpqymAwFBQUiDwDCwoKmFrRK2RmZpaUlIyNjRkMhuzsbO4Ker1eKpVqtVpe3crKyrKysnQ63ejoaENDQ11dHWaCcifyOpZXTPwSvD5x/P8L/vX19ZmZmVqtdnh4mHob6HA4SkpK8vPzTSaTTqdLT08/c+YMfixYEZyZmZFIJHq93m63M1fo6+vLzc39+eefzWazyWQqKSnJy8vjWs1rglAEedVm2iuUk+I1RiiHWZ4UEeZNLREn8AYFP8OdUlRUZDQahR41Go1FRUXUMSuaLinstMbw+oqVAOKqYlrENMpTJgCu4n6NcTgctbW1wcHB58+fZw6bmpoIgjh16pRcLl+7du1rr71Gfz7MXK2qqurYsWP0Uqwhfo3RaDQZGRlSqTQ6OrqyslL8Xd6OHTsIgkhMTGxsbKRX6O/vz8nJIQgiJSXlzJkzvCscPXp069atvLpZrVaVShUbGxscHLxz586BgQHMBOVO5HUsr5j4JXB8Yrfbq6urIyMjpVJpQUEB9TbQYrGUlpZGRkbGxsbW1tZSPzLFjAUrgg6Ho6amhrKCuYLNZqutrU1MTAwMDJTL5UVFRWNjY1yreU0QiqBTtaljbk6Kf+ODN4d5PUAQRENDA1eYN7VEnMAbFPwM9yCsaLqksHiNEXEs6/XEs3jKBMBVnNQYN8AMRmJi4tWrV4WGwEOHL0fQ1RcIeEHxUjTBsY8hzr9X5iVu374tMgQeOiCCjxIQTcBTrHzf5WXj+vXrhw8fFhGYn5/ft2/f33//jbkg9DwHAAAQ5zGqMcXFxfQPTXgJCAgIDAysqqrCWQ16ngMAADjF/Roj1ItbqVT+888/S1DJk9BKTkxMaLValUrFfHRubm7fvn3MNkQqlaqjowNnZd/peQ44xdWc9KkcfpQAxz6GuF9jpqam6uvrPaiKN6CVpJolMzunzs3N5ebm2u12pnxERITFYsFZ2SM1RqlU0j+SF+Kh8DMAAAAvj9FeGYuxsbHnn3+e6mnoKj7V8xwAAMBnwfofTKe9uHk7bAvN5W1Lzm3Pjt9SHkfJ77//nqWeUqk8fvw4vqeYNjrteY74eoZ7qec5AACAz4LV299pL26hDtsiDdVZfbN527Pjt5R3quSuXbvc9hG37bnTnudIoGf4svU8BwAA8AnEfz6D2Yubt8O2eEN1VuN9bsspI3ZLeRwlhX78JdR1jYK37TlOz3MHX8/w5ex5DgAA4As4v4/B6cVNddju7++32WwpKSlO53Ib7/O2Z8dsKY+ppBukpKTYbLaBgQG1Wk3/+yFvz/O33367qanp119/pWSEeoZ7quc519UAAAA+iMc+88dsxP1wwdshHLPnOfJaz/BH0tUAADySOK8xVqt1aGiIOjYYDE888QRX5vDhw2lpadHR0QaDQa1WuzQXISSXywMDA//66y9qqNfrxX8s6Z6SbqBWqw0Gg1wuT0tLo3oELCws/PDDD6xvLT/55JMHDhxQq9VffvllS0sLQigsLCwiIsKlLgCYJgi5GgAAwAfBuo+prKwcGRm5efNmbW1tXl4edTIyMtJqtf75558IIYvFotPpmpqaZDIZzlwW/v7+r7zyikqlGhoaoiT379/vqiXiSvr5+bF+CsOL3W5n/R+lTCb76KOPdDod9buZrq6u6Ohoelvv1q1bL7744i+//DIxMTE0NPTpp5+mpaVRD6lUqtLS0hs3boyMjBw5cuTKlStLNIEairgaAADA13BeYwiCyMjISE9Pz87OTk1Nra6ups6HhIScOHEiLS2tubn5woULSqUSfy6Xjz/+ODo6Oj09PTc3Nz8/v7y83CUznCrZ3t6OEKJfqYUgSZL3BkKpVF64cAFxNsoSEhKysrLKysqof2+1Wq30HzNXV1dv27YtJycnISFheHjY6WcnOH5GCAm5GgAAwAdZ5XA4RB4eHBzctGmTe+0fljLXGxd68803dTrdTz/9JCQwNzeXnJx84sSJQ4cOCckkJSV99dVXTz/9tPvq8rFsvgIAAFhOVqy3//LT2NhIkqSIwOrVq7/++utnn31WRAZ6ngMAAODzGPWSCQgIeOqpp8RlxAsMAAAA4BKPUY0BAAAAlhknn8cAAAAAgNvAfQwAAADgLaDGAAAAAN4CagwAAADgLaDGAAAAAN4CagwAAADgLaDGAAAAAN4CagwAAADgLaDGAAAAAN4CagwAAADgLaDGAAAAAN4CagwAAADgLaDGAAAAAN4CagwAAADgLaDGAAAAAN4CagwAAADgLf4FlguLZBeF+3oAAAAASUVORK5CYII=) --- **Mirror:** [Click here to view the mirror](<http://1269876.openbounty.org/mirror/>) ### Coordinated Disclosure Timeline Vulnerability Reported:| 22 August, 2020 15:32 GMT ---|--- Vulnerability Verified:| 22 August, 2020 15:47 GMT Website Operator Notified:| 22 August, 2020 15:47 GMT a. Using the ISO 29147 guidelines| ![](/images/done.png) ---|--- b. Using publicly available security contacts| ![](/images/done.png) c. Using Open Bug Bounty notification framework| ![](/images/done.png) d. Using security contacts provided by the researcher| ![](/images/done.png) Public Report Published [without any technical details]:| 22 August, 2020 15:47 GMT Vulnerability Fixed:| 18 September, 2020 16:40 GMT ---|---