xss vulnerability in http://ubermovement.com/community/daniel
Unknown
Vulnerability Details
Hey,
there's a xss vulnerability affecting http://ubermovement.com/community/daniel that may lead to phishing attacks and CSRF attacks.
Steps to reproduce:
1. Visit http://ubermovement.com/community/daniel?citySource=javascript:alert(%27XSSED%27);//
2. Click in "Back to community"
3. See the xss alert.
See the attached screenshot.
Wonder if this would be eligible for a bug bounty?
Cheers,
Mario.
Actions
View on HackerOneReport Stats
- Report ID: 142946
- State: Closed
- Substate: resolved
- Upvotes: 14