Reflected XSS on business-blog.zomato.com - Part I

Disclosed: 2017-06-18 08:43:33 By dsopas To zomato

Unknown

Vulnerability Details

Hi guys, I would like to report a reflected XSS on business-blog.zomato.com. 1. Open Chrome and Firefox (latest versions) 2. Open https://business-blog.zomato.com/wp-includes/js/mediaelement/flashmediaelement.swf?jsinitfunctio%gn=alert`1` 3. Payload is executed Check the attached screenshot. Solution: - Update Wordpress to 4.5.2 - Update flashmediaelement.swf to 2.21.1 Feel free to contact me if you need further assistance. Best, -David Sopas

Actions

View on HackerOne

Report Stats

Report ID: 137905
State: Closed
Substate: resolved
Upvotes: 10

Reflected XSS on business-blog.zomato.com - Part I

Vulnerability Details

Actions

Report Stats

Share this report