Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

xss filter bypass [polldaddy]

A
Automattic
Submitted None
Actions:
View on HackerOne
Reported by paresh_parmar

Vulnerability Details

Technical details and impact analysis

Cross-site Scripting (XSS) - Generic
Hi, previously reported xss https://hackerone.com/reports/107405 which is fixed, but i am able to bypass that fix. Payload for bypass : `<a href="javascript&colon;alert&lpar;document&period;domain&rpar;">Click Here</a>` # Steps: - Login into Polldaddy account polldaddy.com - go to ___POLLS___ and create new poll - in answers. enter xss payload `<a href="javascript&colon;alert&lpar;document&period;domain&rpar;">Click Here</a>` {F217173} - Save it - go here :where you can edit style https://polldaddy.com/polls/XXXXX/style-edit/ {F217170} scroll down and click on it , xss will trigger. {F217172} Ref: https://hackerone.com/reports/107405 Thanks

Report Details

Additional information and metadata

State

Closed

Substate

Resolved

Submitted

Weakness

Cross-site Scripting (XSS) - Generic