U.S. Dept Of Defense: Reflected XSS on a DoD website

ID H1:190427
Type hackerone
Reporter juliocesar
Modified 2017-06-16T16:11:08


A cross-site scripting vulnerability was found on a Department of Defense website which may trick a web user into executing a malicious script, potentially revealing a user's web session information or modify web content. @juliocesar was able to demonstrate this vulnerability by crafting a specially formatted URL.