Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

Reflected XSS at /category/ on a Atavis theme

Medium
A
Automattic
Submitted None
Actions:
View on HackerOne
Reported by bugra

Vulnerability Details

Technical details and impact analysis

Cross-site Scripting (XSS) - Reflected
## Summary: Hi team, This report is similar to #947790 You fixed the XSS on search, but I found another XSS at `/category/xsspayload` For PoC you can check these URLs : https://magazine.atavist.com/category/%22%3E%3Csvg%20onload%3Dalert%60XSS%60%3E https://docs.atavist.com/category/%22%3E%3Csvg%20onload%3Dalert%60XSS%60%3E You can encode " ' < > characters with HTML encoding in this endpoint. ## Impact Reflected XSS - cookie stealing Thanks, Bugra

Report Details

Additional information and metadata

State

Closed

Substate

Resolved

Submitted

Weakness

Cross-site Scripting (XSS) - Reflected