Korea - Reflected XSS on https://www.istarbucks.co.kr/app/getGiftStock.do via "skuNo" and "skuImgUrl" parameters
Medium
S
Starbucks
Submitted None
Team Summary
Official summary from Starbucks
rexvuz discovered the endpoint at https://www.istarbucks.co.kr/app/getGiftStock.do was susceptible to a reflected cross-site scripting vulnerability via the skuNo and skuImgUrl parameters. @rexvuz — thank you for reporting this vulnerability and for confirming the resolution.
Actions:
Reported by
rexvuz
Report Details
Additional information and metadata
State
Closed
Substate
Resolved
Submitted
Weakness
Cross-site Scripting (XSS) - Reflected