XSS at https://app.goodhire.com/member/GH.aspx
Medium
I
Inflection
Submitted None
Team Summary
Official summary from Inflection
Unescaped input from a URL parameter in the checkout flow was being used as a JavaScript variable for determining what cart contents to render. By manipulating the URL parameter, the researcher was able to execute arbitrary JavaScript on the page.
Actions:
Reported by
exception
Report Details
Additional information and metadata
State
Closed
Substate
Resolved