Stored XSS in wis.pr
W
Whisper
Submitted None
Actions:
Reported by
huntingforbugs
Vulnerability Details
Technical details and impact analysis
Hi,
I detected a Stored XSS in wis.pr. These are the steps to reproduce the bug:
1. Create a new group named: Test>"<script>alert('test');</script>
2. Copy the sharing URL (http://wis.pr/*****).
3. Open this URL in a browser.
Please find the attached screenshots.
Fix: Sanitize the output in twitter:description meta. Please find attached the screenshot named "fix.jpg".
Don't hesitate to contact me if you need further details.
Report Details
Additional information and metadata
State
Closed
Substate
Resolved
Bounty
$100.00
Submitted
Weakness
Cross-site Scripting (XSS) - Generic