U.S. Dept Of Defense: Reflected XSS on a DoD website

2016-12-28T01:11:55
ID H1:194294
Type hackerone
Reporter amsda
Modified 2017-05-31T21:39:31

Description

A cross-site scripting vulnerability was found on a Department of Defense website which may trick a web user into executing a malicious script, potentially revealing a user's web session information or modify web content. @eugui was able to demonstrate this vulnerability by crafting a specially formatted URL.