Reflected XSS and sensitive data exposure, including payment details, on lioncityrentals.com.sg
High
U
Uber
Submitted None
Team Summary
Official summary from Uber
lioncityrentals.com.sg employed a Wordpress installation that possessed a vulnerable plugin, Formidable Forms, which was vulnerable to reflected XSS, and exposed sensitive form data. Thanks again for the report, @healdb!
Actions:
Reported by
healdb
Report Details
Additional information and metadata
State
Closed
Substate
Resolved
Bounty
$4000.00
Submitted
Weakness
Cleartext Transmission of Sensitive Information