Cross Site Scripting at https://app.oberlo.com/
Medium
Vulnerability Details
1- create an account from **https://app.oberlo.com/**
2- path to https://app.oberlo.com/settings/account/profile
3- inject javascript code or xss payload at **Name** form
4- it will be printed at page and executed
payload that i used it **"><img src=x onerror=alert(document.domain)>**
## Impact
This vulnerability can be used by attacker to serve malicious JavaScript against any user.
Actions
View on HackerOneReport Stats
- Report ID: 542258
- State: Closed
- Substate: resolved
- Upvotes: 16