LeaseWeb: DOM Based XSS in Checkout

2015-12-17T00:10:09
ID H1:105688
Type hackerone
Reporter eronx
Modified 2016-02-26T11:14:00

Description

Hey,

This works in all browsers I suppose and regardless if the user is currently authenticated or not. Simply go over to : https://www.leaseweb.com/checkout-success/16893#"><img src=x onerror=alert(document.cookie)>.

Attached herewith is the screenshot.

Thanks!