Stored XSS in

Our team leader found a stored XSS in When submiting a new ad, it was possible to add a XSS payload on data[person]. The ad got approved without reflection on the output of this field, it was sanitized. Afterwards when we try to edit the ad, the payload was launched, so the input wasn't sanitized when added to the database. Then we checked the "other ads from this person" and guess what? Stored XSS payload was launched and reflected on the page twice. This is dangerous because it runs automatically when the victim visits the page. The issue has been fixed now and the report in Hackerone has been publicly disclosed. It also had reference in the press.

Share this Post