U.S. Dept Of Defense: Reflected XSS on a DoD website

ID H1:194294
Type hackerone
Reporter amsda
Modified 2017-05-31T21:39:31


A cross-site scripting vulnerability was found on a Department of Defense website which may trick a web user into executing a malicious script, potentially revealing a user's web session information or modify web content. @eugui was able to demonstrate this vulnerability by crafting a specially formatted URL.