Self-XSS on partners.uber.com
Unknown
Vulnerability Details
Hi,
I found a reflected XSS vulnerability in password reset page https://partners.uber.com/reset-password.
I have tested this vulnerability in the latest Chrome and Firefox browsers.
Reproduction Steps:
1- Go to https://login.uber.com/forgot-password and reset password. Then, Click password reset link on your mailbox.
2- Paste "><img src=x onerror=prompt(document.domain)> as your new password and submit.
3- Wait and see XSS payload fired.
Also I added screenshots.
Thanks,
Actions
View on HackerOneReport Stats
- Report ID: 138622
- State: Closed
- Substate: informative
- Upvotes: 1