Stored XSS in name selection
Unknown
Vulnerability Details
You have a stored XSS vuln when you set your name in your account information.
to reproduce just set your name field to:
</script><script>alert('xss')</script>
and most pages on your account you will show XSS.
Actions
View on HackerOneReport Stats
- Report ID: 102755
- State: Closed
- Substate: resolved
- Upvotes: 6