DOM-Based XSS in tumblr.com

Disclosed: 2021-02-02 21:38:45 By keer0k To automattic

Medium

Vulnerability Details

# Description Hi, i would like to report DOM-Based XSS that it's exactly like this one #882546, this one work just because the page /reblog/ID/OTHER_ID doesn't have a correct CSP rule. # Steps to reproduce 1. go to `https://www.tumblr.com/reblog/620008931446652928/JBuEvzz5` 2. click in `click me` 3. click in open 4. XSS will be triggered ## Impact it is possible to perform malicious actions on the victim's account

Actions

View on HackerOne

Report Stats

Report ID: 949382
State: Closed
Substate: resolved
Upvotes: 56

DOM-Based XSS in tumblr.com

Vulnerability Details

Actions

Report Stats

Share this report