Vimeo Search - XSS Vulnerability [http://vimeo.com/search]

Disclosed: 2015-01-23 20:36:52 By shamrocksu88 To vimeo

Unknown

Vulnerability Details

I found a XSS vulnerability in Vimeo Search. Keeping it short so that it does not go duplicate. Payload: "onmouseover=alert(1)> Live Demo: http://vimeo.com/search?q=%22onmouseover%3Dalert%281%29%3E Search @ http://vimeo.com/search with above payload. The culprit here is the Couch Mode feature. After searching hover over broken couch mode link, alert should be triggered. POC attached. Special character are not encoded. We are able to break out of tag triggering XSS.

Actions

View on HackerOne

Report Stats

Report ID: 44798
State: Closed
Substate: resolved
Upvotes: 2

Vimeo Search - XSS Vulnerability [http://vimeo.com/search]

Vulnerability Details

Actions

Report Stats

Share this report