Automattic: xss in app.simplenote.com

2014-05-27T19:29:18
ID H1:13703
Type hackerone
Reporter derknet
Modified 2014-07-08T10:00:28

Description

Hello Automattic,

I found xss here app.simplenote.com

XSS Payload: <a href="jAvAsCrIpT:prompt(document.cookie)">CLICK ME TO PROMPT</a>

Proof of Concept: http://i.imgur.com/8Ai0deF.png

Thanks, Jerold Camacho