Stored XSS against all Chaturbate users using an application name
Medium
C
Chaturbate
Submitted None
Team Summary
Official summary from Chaturbate
The hacker discovered that the tooltip on the app page did not protect against XSS attack in the application name. We quickly resolved this issue. The impact for a new attacker was limited as they would only appear under new apps.
Actions:
Reported by
nahamsec
Report Details
Additional information and metadata
State
Closed
Substate
Resolved
Submitted
Weakness
Cross-site Scripting (XSS) - Stored