Cross-site Scripting https://www.zendesk.com/product/pricing/

Disclosed: 2015-12-09 02:06:13 By mdv To zendesk

Unknown

Vulnerability Details

Hello. https://www.zendesk.com/product/pricing/#?cvo_sid1=%22/alert%28%221%22%29/%22 This XSS can be done on most pages of this site. Vulnerable param is cvo_sid1. For the XSS i used "/alert("1")/" Tested in Mozilla Firefox

Actions

View on HackerOne

Report Stats

Report ID: 89624
State: Closed
Substate: resolved
Upvotes: 3

Cross-site Scripting https://www.zendesk.com/product/pricing/

Vulnerability Details

Actions

Report Stats

Share this report