Self xss
Low
Vulnerability Details
Hello,
I found self xss your main domain.
I m sending details and I attached poc video.
Pls open
https://nextcloud.com/about/
Use burp suite and active intercept.
Refresh this url.
And pls add this payload your url.
></title>"><script>alert(205)</script>'"><marquee><h1>nextcloud.com</h1></marquee>
Pls click intercept off and page refreshing.
Now you see xss alert.
## Impact
https://github.com/dxa4481/XSSJacking
Exploit and Impact kit for self xss
Regards.
Actions
View on HackerOneReport Stats
- Report ID: 388527
- State: Closed
- Substate: resolved
- Upvotes: 11