Stored Cross Site Scripting [SELF] in partners.uber.com
Unknown
Vulnerability Details
Hey Uber Team,
although you are excluding self stored XSS i am reporting this one because it could be exploited by someone with more skills then i have :-) :
1. Login to your profile and change the address to : “#><img src=x onerror=prompt(1);>
2. Go to https://partners.uber.com/fuel_cards/enroll
3. The JS will pop up
best
Patrik
Actions
View on HackerOneReport Stats
- Report ID: 125503
- State: Closed
- Substate: informative
- Upvotes: 6