Stored XSS in snapmatic comments
Medium
R
Rockstar Games
Submitted None
Team Summary
Official summary from Rockstar Games
In this report, the researcher found that we were not filtering < and > characters the same as < and >. This allowed the researcher to craft XSS POCs that bypassed our filters, particularly on UGC comments. We have updated our filters to amend this oversight.
Actions:
Reported by
alexbirsan
Report Details
Additional information and metadata
State
Closed
Substate
Resolved
Bounty
$1000.00
Submitted
Weakness
Cross-site Scripting (XSS) - Stored