Reflected XSS on business-blog.zomato.com - Part I
Z
Zomato
Submitted None
Actions:
Reported by
dsopas
Vulnerability Details
Technical details and impact analysis
Hi guys,
I would like to report a reflected XSS on business-blog.zomato.com.
1. Open Chrome and Firefox (latest versions)
2. Open https://business-blog.zomato.com/wp-includes/js/mediaelement/flashmediaelement.swf?jsinitfunctio%gn=alert`1`
3. Payload is executed
Check the attached screenshot.
Solution:
- Update Wordpress to 4.5.2
- Update flashmediaelement.swf to 2.21.1
Feel free to contact me if you need further assistance.
Best,
-David Sopas
Report Details
Additional information and metadata
State
Closed
Substate
Resolved
Submitted
Weakness
Cross-site Scripting (XSS) - Generic