Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

reflected xss in https://wordpress.com/start/account/user

Medium
A
Automattic
Submitted None
Actions:
View on HackerOne
Reported by secureighty

Vulnerability Details

Technical details and impact analysis

Cross-site Scripting (XSS) - Reflected
## Summary: xss after login at https://wordpress.com/start/account/user?variationName=free&redirect_to=blocked:alert(document.domain) ## Platform(s) Affected: web ## Steps To Reproduce: 1. auth normally 1. go to https://wordpress.com/start/account/user?variationName=free&redirect_to=blocked:alert(document.domain) **while already authenticated** and click continue 1. xss procs ## Supporting Material/References: █████ ## Impact XSS can be used to steal cookies, modify html content, and much more

Report Details

Additional information and metadata

State

Closed

Substate

Resolved

Submitted

Weakness

Cross-site Scripting (XSS) - Reflected