Singapore - Unrestricted File Upload Leads to XSS on campaign.starbucks.com.sg/api/upload
Medium
S
Starbucks
Submitted None
Team Summary
Official summary from Starbucks
ko2sec discovered it was possible to upload arbitrary content on https://campaign.starbucks.com.sg/api/upload, leading to a stored XSS. This site was decommissioned. @ko2sec — thank you for reporting this vulnerability and for confirming the resolution.
Actions:
Reported by
ko2sec
Report Details
Additional information and metadata
State
Closed
Substate
Resolved
Submitted
Weakness
Cross-site Scripting (XSS) - Stored