cross site scripting reflected
Medium
M
MTN Group
Submitted None
Actions:
Reported by
alitoni224
Vulnerability Details
Technical details and impact analysis
## Summary:
[cross site scripting reflected]
## Steps To Reproduce:
[at first hello
[Found that via the script site payload is reflected '-alert(1)-' It was tested on Chrome and Firefox browsers as shown in the pictures below ]
1. [Simply open the link https://mtn-investor.com/mtn-cmd/index.php ]
1. [In the search button, enter the payload '-alert(1)-' ]
1. [You will notice the reflection]
## Supporting Material/References:
[list any additional material (e.g. screenshots, logs, etc.)]
* [https://owasp.org/www-community/attacks/xss/]
## Impact
As in any vulnerability via scripted sites. The top line is that an attacker might steal cookies to abuse users' session.
- phishing scam
- Some important input data stolen
Report Details
Additional information and metadata
State
Closed
Substate
Resolved
Submitted
Weakness
Cross-site Scripting (XSS) - Reflected