Possibility to overwrite any file in the vpe.cdn.vimeo.tv leads to the Stored XSS for the all customers on the embed.vhx.tv

Disclosed: 2019-07-10 19:12:30 By sp1d3rs To vimeo

High

Vulnerability Details

No vulnerability description provided or it is restricted.

Actions

View on HackerOne

Report Stats

Report ID: 452559
State: Closed
Substate: resolved
Upvotes: 72

Share this report