Airbnb: [] XSS via Cookie flash

ID H1:197334
Type hackerone
Reporter bobrov
Modified 2018-04-03T23:33:58


By corrupting the value of a cookie on the domain, bobrov was able to execute an XSS payload. Because cookies cannot be set cross-domain, this did require another vulnerability to be exploitable. Furthermore, because of CSP, this was only exploitable in Internet Explorer 11. The issue was fixed with enhanced output encoding.

Thanks to bobrov for this well-documented finding!