Reflected XSS Vulnerability on CompTIA Marketplace

R
Description

Reflected Cross-Site Scripting (XSS) may allow an attacker to execute JavaScript code in the context of the victim’s browser. This may lead to unauthorised actions being performed, unauthorised access to data, stealing of session information, denial of service, etc. An attacker needs to coerce a user into visiting a link with the XSS payload to be properly exploited against a victim.

The CompTIA marketplace search section is vulnerable to reflected XSS due to lack of sufficient sanitisation allows an attacker to execute JavaScript code in the context of a victim’s browser.

XSS Payload

Disclosure Timeline
  • Issue Reported: January 22, 2018
  • Issue Resolved: February 10, 2018
  • Rewarded: March 2, 2018

 

About Me
InfoSec Researcher & Penetration Tester
By Ziaur Rashid

Categories

Recent Posts