Stored XSS in comments
Unknown
Vulnerability Details
Hi , I have found an XSS vulnerability in commenting on articles.
Steps to reproduce:
1. Go to an article on your website for example: https://testingthatweb.zendesk.com/hc/en-us/articles/204094081
2. Type this in the comment box: `[Click here](javascript:alert(1))`
3. after the comment is posted , you'll see your comment , press on the link `Click Here` and you got your XSS
Thanks , Please tell me if you are having any problems reproducing this bug.
M.
Actions
View on HackerOneReport Stats
- Report ID: 82725
- State: Closed
- Substate: resolved
- Upvotes: 3