DOM XSS on https://www.███████
Medium
Vulnerability Details
#Description
DOM XSS can be achieved due to missing sanitation when setting the source of an iframe.
#POC
1. Visit https://www.████frame.html#javascript:alert(document.domain)
2. View alert
#Vulnerable Code
```javascript
function Load()
{
str=document.location.hash,idx=str.indexOf('#')
if(idx>=0) str=str.substr(1);
if(str) PPTSld.location.replace(str);
}
```
## Impact
An attacker could execute arbitrary javascript on another user.
Actions
View on HackerOneReport Stats
- Report ID: 922496
- State: Closed
- Substate: resolved
- Upvotes: 8