Reflected XSS in owncloud.com

Disclosed: 2016-04-01 10:23:16 By sergeym To owncloud

Unknown

Vulnerability Details

xss does work only for inetrnet explorer, for all versions how to reproduce? : 1. to use internet explorer browser(i have test with ie11) 2. go to page https://owncloud.com/wp-123.php?action[][]=</form></div></script><script/%00%00v%00%00>document.location.href=location.hash.slice(1)</script>#javascript:alert(document.domain) 3. will be alert box with name of domain please look at my poc video in attachment

Actions

View on HackerOne

Report Stats

Report ID: 127259
State: Closed
Substate: resolved
Upvotes: 3

Reflected XSS in owncloud.com

Vulnerability Details

Actions

Report Stats

Share this report