Hi TD security team, there is a reflected XSS vulnerability at http://marketsandresearch.td.com
. As you are most likely aware, XSS vulnerabilities can have significant security implications, including allowing an attacker to inject malicious JS code into the application, which is then executed in the browser of any user who views the affected page. This can be used to steal sensitive information, such as login credentials or personal information, from the userβs browser. XSS vulnerabilities can also be used to perform other malicious actions, such as redirecting the user to a malicious website or installing malware on their computer.
http://marketsandresearch.td.com
/tdwca/Public/Stocks/TechnicalInsight/ca/TD'-alert('def1ant')-'?=
to the URL. The full URL with payload is:http://marketsandresearch.td.com/tdwca/Public/Stocks/TechnicalInsight/ca/TD'-alert('def1ant')-'?=
{F2172024}
XSS vulnerabilities can have significant security implications, including allowing an attacker to inject malicious JS code into the application, which is then executed in the browser of any user who views the affected page. This can be used to steal sensitive information, such as login credentials or personal information, from the userβs browser. XSS vulnerabilities can also be used to perform other malicious actions, such as redirecting the user to a malicious website or installing malware on their computer.