ads.twitter.com xss

Disclosed: 2014-11-17 14:30:51 By arbitrarycode To x

Unknown

Vulnerability Details

Cross-Site Scripting vulnerability exists in card[name] parameter when creating/cloning a card via script https://ads.twitter.com/accounts/18ce53wrkma/cards/new?card_type=7. Here is the simple test vector: </title><script>alert(document.cookie)</script><title> After the card is created XSS becomes persistent and can be triggered via https://ads.twitter.com/accounts/18ce53wrkma/cards/show?url_id=42qj.

Actions

View on HackerOne

Report Stats

Report ID: 27511
State: Closed
Substate: resolved
Upvotes: 2

ads.twitter.com xss

Vulnerability Details

Actions

Report Stats

Share this report