Stored XSS via Discussion Title and Send as Email attribute in [marketplace.informatica.com]
High
Vulnerability Details
POC
===
1. Under "Your Stuff" choose to "Create a Discussion/Ask a question"
2. Choose a space to submit your discussion/question. Any space will do.
3. Title your discussion with the payload `"><img src=x onerror=alert(1)>`
4. Choose "Post message" to publish.
5. View the message as any user. Under "Actions" choose to "Send as Email"
6. Observe XSS poc alert box"
Please let me know if you have any questions.
Actions
View on HackerOneReport Stats
- Report ID: 203912
- State: Closed
- Substate: resolved
- Upvotes: 9