Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

DOM-Based XSS in tumblr.com

Medium
A
Automattic
Submitted None
Actions:
View on HackerOne
Reported by keer0k

Vulnerability Details

Technical details and impact analysis

Cross-site Scripting (XSS) - DOM
# Description Hi, i would like to report DOM-Based XSS that it's exactly like this one #882546, this one work just because the page /reblog/ID/OTHER_ID doesn't have a correct CSP rule. # Steps to reproduce 1. go to `https://www.tumblr.com/reblog/620008931446652928/JBuEvzz5` 2. click in `click me` 3. click in open 4. XSS will be triggered ## Impact it is possible to perform malicious actions on the victim's account

Report Details

Additional information and metadata

State

Closed

Substate

Resolved

Submitted

Weakness

Cross-site Scripting (XSS) - DOM