Reflected Cross-site Scripting Vulnerability via JSON Error Message
Low
I
Inflection
Submitted None
Team Summary
Official summary from Inflection
Researcher uncovered a vulnerability where invalid JSON input was reflected back in the server error response. A specially-crafted invalid JSON request could then be used to trigger a reflected XSS on any page where the server error response was rendered in HTML.
Actions:
Reported by
cosmopolitan_fi
Report Details
Additional information and metadata
State
Closed
Substate
Resolved
Submitted
Weakness
Cross-site Scripting (XSS) - Reflected