U.S. Dept Of Defense: DOM Based XSS on an Army website

ID H1:191407
Type hackerone
Reporter juliocesar
Modified 2017-01-12T16:03:27


A U.S. Army website was vulnerable to a DOM based cross-site scripting attack which may be used to trick a web user into executing a malicious script, potentially revealing a user's browser cookies or modify web content. juliocesar was able to demonstrate this vulnerability by crafting a specially formatted URL. Thanks juliocesar!