Persistent Cross-site scripting vulnerability settings.
Unknown
Vulnerability Details
Hello,
I created an account with as group name `"><img src=x onerror=alert(4)>`, after that I went to settings and found a Cross-site scripting vulnerability located at that page.
The url for me : https://app.respond.ly/6sjp/settings/account
I have a proof of concept in the attachment.
best regards
Olivier Beg
Actions
View on HackerOneReport Stats
- Report ID: 7898
- State: Closed
- Substate: resolved
- Upvotes: 1