U.S. Dept Of Defense: Persistent XSS vulnerability on a DoD website

2016-12-02T17:42:48
ID H1:187759
Type hackerone
Reporter korprit
Modified 2017-02-14T16:43:45

Description

A cross-site scripting vulnerability was found on a Department of Defense website which may trick a web user into executing a malicious script, potentially revealing a user's web session information or modify web content. korprit was able to demonstrate this vulnerability by crafting a specially formatted URL. Thanks korprit!