[chatws25.stream.highwebmedia.com] - Reflected XSS in c parameter

Disclosed: 2018-09-26 12:15:35 By kazan71p To chaturbate
Medium
Vulnerability Details
Hi Team, Found that `chatws25.stream.highwebmedia.com` is vulnerable to reflected XSS in `c` parameter, we can verify it with following URL, it is also a Cloudflare filter bypass: https://chatws25.stream.highwebmedia.com/ws/007/tgpraolp/htmlfile?c=███ ``` https://chatws25.stream.highwebmedia.com/ws/007/tgpraolp/htmlfile?c=███████ ``` {F350412} ## Impact One of the most common XSS attack vectors is to hijack legitimate user accounts by stealing their session cookies.
Actions
View on HackerOne
Report Stats
  • Report ID: 413442
  • State: Closed
  • Substate: resolved
  • Upvotes: 13
Share this report