Stored XSS with CRLF injection via post message to user feed
Medium
R
Rockstar Games
Submitted None
Team Summary
Official summary from Rockstar Games
In this report, the researcher was able to demonstrate a Stored XSS vulnerability in User Feeds. This vulnerability leveraged CRLF injection in order to bypass existing filters and execute the payload. With their help we were able to improve our filtering and sanitization rules in order to prevent this and similar attacks.
Actions:
Reported by
fa1rlight
Report Details
Additional information and metadata
State
Closed
Substate
Resolved
Submitted
Weakness
Cross-site Scripting (XSS) - Stored