Cross-site Scripting (XSS) in /updates-pro/archive/
Critical
Vulnerability Details
Hey guys.
The dir parameter on /updates-pro/archive/ seems to be vulnerable to Cross-site Scripting.
Steps to reproduce:
1- Navigate to: https://www.mapsmarker.com/updates-pro/archive/?dir=v3.0.1
2- Add this to the url: <svG onLoad=prompt(9)>
3- Result in attached printsceen.
Or quite simple visit:
https://www.mapsmarker.com/updates-pro/archive/?dir=v3.0.1%3CsvG%20onLoad=prompt(1)%3E
Actions
View on HackerOneReport Stats
- Report ID: 235866
- State: Closed
- Substate: resolved
- Upvotes: 5