Websites opened from reports can change url of report page

Disclosed: 2017-02-25 11:57:56 By devil13 To security

Medium

Vulnerability Details

This issue is similar to #124889, but it is only exploitable via MS Edge or Internet Explorer 11 Proof Of Concept: Clicking on a link set to "http://d214mfsab.org/same.html" (including this one) will change the still-open report page to http://example.com. This works on current versions of MS Edge and Internet Explorer 11.

Actions

View on HackerOne

Report Stats

Report ID: 189726
State: Closed
Substate: resolved
Upvotes: 50

Websites opened from reports can change url of report page

Vulnerability Details

Actions

Report Stats

Share this report