Unrestricted File Upload Results in Cross-Site Scripting Attacks
Medium
U
Uber
Submitted None
Team Summary
Official summary from Uber
It was found that an attacker can upload any type of file including HTML files when adding a menu during the onboarding process after signing up at https://www.ubereats.com/restaurant/en-CA/signup.
Actions:
Reported by
hunt4p1zza
Report Details
Additional information and metadata
State
Closed
Substate
Resolved
Submitted
Weakness
Cross-site Scripting (XSS) - Stored