XSS vulnerability through a URL parameter
An attacker can send a user to a malicious URL that contains a parameter with some JavaScript that gets rendered and executed on the page as is.
Lots of effort to encode user input in the context of the HTML, however on this occasion, the developers have missed what should be an integer in the URL and trusted that in the context of some JavaScript.
Creating an attack where the JS was valid was tricky on this occasion as it was dumped in the page twice in different situations. Luckily JS loves a function as input to most things so wrapping the attack in a function kept the JS valid and executable.
$('.js-input-amount').val(function(){alert}); var selectedAmount=function(){alert};
Reported Fixed Unknown
Back