RXSS on https://travel.state.gov/content/travel/en/search.html

Disclosed: 2023-03-08 01:59:30 By tmz900 To us-department-of-state

Medium

Vulnerability Details

## Summary: Hello team, I Found RXSS via `segFilter` parameter on url : `https://travel.state.gov/content/travel/en/search.html/?search_input=hello&data-sia=false&data-con=false&search_btn=&segFilter=x%27%29%3bconfirm%28%271` Open url, you will see an alert box pop up: {F2096019} ## Impact Steal session cookies to account takeovers execute JS code

Actions

View on HackerOne

Report Stats

Report ID: 1818628
State: Closed
Substate: resolved
Upvotes: 28

RXSS on https://travel.state.gov/content/travel/en/search.html

Vulnerability Details

Actions

Report Stats

Share this report