Reflected XSS on card.starbucks.com.sg/unsub.php via the 'ct' Parameter
Medium
S
Starbucks
Submitted None
Team Summary
Official summary from Starbucks
gnux discovered a reflected XSS in https://card.starbucks.com.sg/unsub.php due to an unsanitized user-input via the ct parameter. @gnux— thank you for reporting this vulnerability and confirming the resolution.
Actions:
Reported by
gnux
Report Details
Additional information and metadata
State
Closed
Substate
Resolved
Submitted
Weakness
Cross-site Scripting (XSS) - Reflected