Algolia: [github.algolia.com] XSS

2016-07-31T10:30:18
ID H1:155576
Type hackerone
Reporter bogdantcaciuc
Modified 2016-09-01T11:32:23

Description

Hello , i found a Cross-Site-Scripting in your github subdomain. All you have to do is to search in this input ( i attached input.PNG )

Search about ,,document domain'' Alert was executed , because you don't sanitize the query which comes from github

Search about ,,svg onload'' -> github.algolia.com

Thanks.