Stored XSS in Templates>Enahance>Social Badges
Unknown
Vulnerability Details
Hi, just like the report #237927, I found stored XSS in Templates>Enhance> Social Badges section.
1. Go to templates section and click on one of your templates.
2. Enhance> Social Badges.
3. Enter the payload: javascript:alert(1) in any of the social networking button url.
4. You'll see that the xss is being triggered.
Note: The similar social sections in Call to Action button are not accepting this payload, so but this is not fixed in Social Badges section.
Thanks.
Actions
View on HackerOneReport Stats
- Report ID: 238906
- State: Closed
- Substate: resolved
- Upvotes: 7