www.lahitapiola.fi DOM XSS by choosing regional company
Unknown
Vulnerability Details
please check screenshot first.
browser: Chrome(latest) or Internet Explorer 11
steps to reproduce:
- go to page http://www.lahitapiola.fi/henkilo#"><img src=x onerror=alert(1)>
- press `Valitse alueyhtiösi` button
- input zip e.g. 111
vulnerable js code - https://www.lahitapiola.fi/cs/lahitapiola/js/scripts.js
Actions
View on HackerOneReport Stats
- Report ID: 127077
- State: Closed
- Substate: resolved
- Upvotes: 1