Reflected XSS due to vulnerable version of sockjs

Disclosed: 2022-04-29 17:38:24 By chip_sec To automattic

Medium

Vulnerability Details

## Summary: There is reflected XSS on *.simperium.com. The bug exists due to a vulnerable version of sockjs library. ## Platform(s) Affected: simperium.com js.simperium.com ## Steps To Reproduce: 1. Visit https://simperium.com/sock/1/0/0/0/htmlfile?c=alert('XSS')// 2. You will see an alert message because of executed JS ## Impact XSS may be used by an attacker to perform a lot of things, for example, to steal user session

Actions

View on HackerOne

Report Stats

Report ID: 1100326
State: Closed
Substate: resolved
Upvotes: 11

Reflected XSS due to vulnerable version of sockjs

Vulnerability Details

Actions

Report Stats

Share this report