Stored XSS on https://apps.topcoder.com/wiki/plugins/socialbookmarking/updatebookmark.action
High
L
Lab45
Submitted None
Actions:
Reported by
meryem0x
Vulnerability Details
Technical details and impact analysis
## Summary:
Hi :) Adding javascript url causes to stored XSS when creating bookmark.
## Steps To Reproduce:
Go to https://apps.topcoder.com/wiki/plugins/socialbookmarking/updatebookmark.action . Write `blocked:alert(document.domain)` on url input and fill other areas. After create, go `https://apps.topcoder.com/wiki/display/tcwiki/<TITLE>` and when you click the title on this page, XSS will execute.
PoC:
https://apps.topcoder.com/wiki/display/tcwiki/powerpuff_hackerone_test
{F816754}
## Impact
XSS can use to steal cookies or to run arbitrary code on victim's browser.
Report Details
Additional information and metadata
State
Closed
Substate
Resolved
Submitted
Weakness
Cross-site Scripting (XSS) - Stored