Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog Latest Updates Security News
Sign In Sign Up

Reflected XSS at https://█████████ via "███" parameter

Medium
U
U.S. Dept Of Defense
Submitted None
Actions:
View on HackerOne
Reported by pelegn

Vulnerability Details

Technical details and impact analysis

Cross-site Scripting (XSS) - Reflected
**Description:** There is Reflected Cross site scripting issue at the following url: https://█████████ ## Proof Of Concept https://███████?████████=%22%3E%3Cimg%20src=x%20onerror=alert(document.domain)%3E █████ Best Regards @pelegn ## Impact Cookies Exfiltration SOAP Bypass CORS Bypass Executing javascript on the victim behalf ## System Host(s) ████████ ## Affected Product(s) and Version(s) ## CVE Numbers ## Steps to Reproduce Navigate to https://█████?████████=%22%3E%3Cimg%20src=x%20onerror=alert(document.domain)%3E ## Suggested Mitigation/Remediation Actions

Report Details

Additional information and metadata

State

Closed

Substate

Resolved

Submitted

Weakness

Cross-site Scripting (XSS) - Reflected