U.S. Dept Of Defense: Stored XSS vulnerability on a DoD website

2017-02-01T00:21:40
ID H1:202496
Type hackerone
Reporter rashedhasan007
Modified 2017-05-31T21:13:02

Description

A stored cross-site scripting vulnerability was found on a Department of Defense website which may trick a web user into executing a malicious script, potentially revealing a user's web session information or modify web content. @rashedhasan007 was able to demonstrate this vulnerability by crafting a specially formatted URL. Thank you!