Flash XSS on swfupload.swf showing at app.mavenlink.com
Unknown
Vulnerability Details
Hello Security I like to report a XSS that affect all users. This flash XSS can be very dangerous.
Vulnerable URL:
https://app.mavenlink.com/flash/swfupload.swf?movieName="]);}catch(e){}if(!self.a)self.a=!alert(document.domain);//
I attach image of Proof:
Any problem reproducing this bug please let me know.
PS: This Work with all browsers.
Regards.
Actions
View on HackerOneReport Stats
- Report ID: 21150
- State: Closed
- Substate: resolved
- Upvotes: 2