DOM Based XSS in Discourse Search
High
Vulnerability Details
###Steps to Reproduce:
1. Load http://try.discourse.org
2.Now From Top Right Corner Click on Search Button
3. Enter payload their
###Payload:
@<script>prompt(1337)</script>gmail.com
4: Now in new windows that opens click on advance search and The XSS will Occur :)
5: Now copy the link and send to victim there the XSS will Occur To
Thanks
Khizer Javed
Actions
View on HackerOneReport Stats
- Report ID: 191890
- State: Closed
- Substate: resolved
- Upvotes: 29