hey, what's up security friends, RomuloSec in the house!
website: www.sinonimos.com.br
vulnerability: html injection
proof of concept:
1 . go to website
2 . in 'buscar sinônimos...' put your html code
3 . press enter and ready, your code has been run.
example: https://www.sinonimos.com.br/busca.php?q=<p>RomuloSECurity<%2Fp>
The end!