cross site scripting reflected

Disclosed: 2024-09-09 14:38:09 By alitoni224 To mtn_group
Medium
Vulnerability Details
## Summary: [cross site scripting reflected] ## Steps To Reproduce: [at first hello [Found that via the script site payload is reflected '-alert(1)-' It was tested on Chrome and Firefox browsers as shown in the pictures below ] 1. [Simply open the link https://mtn-investor.com/mtn-cmd/index.php ] 1. [In the search button, enter the payload '-alert(1)-' ] 1. [You will notice the reflection] ## Supporting Material/References: [list any additional material (e.g. screenshots, logs, etc.)] * [https://owasp.org/www-community/attacks/xss/] ## Impact As in any vulnerability via scripted sites. The top line is that an attacker might steal cookies to abuse users' session. - phishing scam - Some important input data stolen
Actions
View on HackerOne
Report Stats
  • Report ID: 1496897
  • State: Closed
  • Substate: resolved
  • Upvotes: 73
Share this report