Stored XSS in wis.pr
Unknown
Vulnerability Details
Hi,
I detected a Stored XSS in wis.pr. These are the steps to reproduce the bug:
1. Create a new group named: Test>"<script>alert('test');</script>
2. Copy the sharing URL (http://wis.pr/*****).
3. Open this URL in a browser.
Please find the attached screenshots.
Fix: Sanitize the output in twitter:description meta. Please find attached the screenshot named "fix.jpg".
Don't hesitate to contact me if you need further details.
Actions
View on HackerOneReport Stats
- Report ID: 149571
- State: Closed
- Substate: resolved
- Upvotes: 7