Informatica: [] Reflected Cross Site Scripting and Open Redirect

ID H1:178278
Type hackerone
Reporter bogdantcaciuc
Modified 2017-04-29T15:08:23


Hi ! I just want to report you a vulnerability in your subdomain ,,parc''


In this link the vulnerable parameter is ,,endpoint''. Once the parameter takes the value of a XSS vector or a website link the code is executed after we complete the form.

Steps to reproduce

Go to

After you complete the form, alert executed document.domain .

and Open redirect: after you complete the form, you are redirected to

I think it's valid because in your scope is * Thanks for attention !