a stored xss in slack integration https://onerror.slack.com/services/import
Unknown
Vulnerability Details
location of the stored xss bug :
https://hunter22.slack.com/admin/name
in team name :put this payload :"><img src=x onerror=prompt(document.domain)>
stored xss executed here:
https://hunter22.slack.com/services/import
Actions
View on HackerOneReport Stats
- Report ID: 33018
- State: Closed
- Substate: resolved
- Upvotes: 4