XSS in L.mapbox.shareControl in mapbox.js

Disclosed: 2016-05-03 22:37:49 By enderun07 To mapbox
Unknown
Vulnerability Details
Hi Mapbox I've found a xss vulnerability on mapbox sharing system. I've a project called with "'><img src=a onerror=confirm(2)>"><script>alert(1);</script><iframe onload=alert(97)>"><svg onload=alert(2);>"onmouseover="confirm(2);<input onfocus=prompt(1) autofocus>"--> </script><svg/onload=';alert(/XSSPOSED/);'>" than click it and copy the share URL and go to URL than click the the marked area than you will see the vulnerability
Actions
View on HackerOne
Report Stats
  • Report ID: 99245
  • State: Closed
  • Substate: resolved
  • Upvotes: 3
Share this report