XSS Reflected on my_report
Low
S
Semrush
Submitted None
Actions:
Reported by
r0hack
Vulnerability Details
Technical details and impact analysis
Еще раз привет. На этот раз, кроме HTML-инъекции проходит полноценный XSS в дашбоарде пользователя.
Payload: https://www.semrush.com/my_reports/api/v1/document%22%3E%3Cimg%20src=x%20onerror=alert(document.cookie)%3E/4007861
PoC: На скрине
## Impact
Кража сессионных куков.
Report Details
Additional information and metadata
State
Closed
Substate
Resolved
Submitted
Weakness
Cross-site Scripting (XSS) - Reflected