Cross Site Scripting Vulnerability - Developer portal

hashim
Participant I

There's a vulnerability in the developer portal (that allows developers to create apps for the API).

The vulnerable fields are when you create an app it asks you for the Name and Description. Putting the XSS payload in there will generate results. For example, an attacker could even access a user's cookies.

This will result in this:

8524-screenshot-6.png

8525-screenshot-5.png

If a fix could be rolled out for all input boxes where they prevent Cross Site Scripting, that'd be super!

0 0 53
0 REPLIES 0