Possibility to overwrite any file in the vpe.cdn.vimeo.tv leads to the Stored XSS for the all customers on the embed.vhx.tv
High
V
Vimeo
Submitted None
Team Summary
Official summary from Vimeo
By modifying the Content-Type to be blank, during a PUT command, the researcher was able to upload files to the CDN. This has been resolved.
Actions:
Reported by
sp1d3rs
Report Details
Additional information and metadata
State
Closed
Substate
Resolved
Submitted
Weakness
Improper Access Control - Generic