https://polldaddy.com storage.swf XSS
Unknown
Vulnerability Details
Hi,
I found a flash based XSS located here :
`https://polldaddy.com/swf/storage.swf?onload=alert(1)`
It happends in the `ExternalInterface.Call` Function, when a parameter is inserted unfiltered it will allow XSS, you can patch it by only allowing :
A-Z a-z 0-9
Best regards,
Olivier Beg
Actions
View on HackerOneReport Stats
- Report ID: 9522
- State: Closed
- Substate: resolved
- Upvotes: 2