Self XSS in Timeline
Unknown
Vulnerability Details
Copy the url `javascript:` XSS payload to any Timeline, then click url will trigger XSS.
{F796167}
{F796161}
I previously reported a storefront url XSS at #841361, then admin copy the url to Timeline is possibly.
## Impact
Self XSS
Actions
View on HackerOneReport Stats
- Report ID: 854299
- State: Closed
- Substate: resolved
- Upvotes: 15