U.S. Dept Of Defense: Stored XSS vulnerability on a DoD website

ID H1:202496
Type hackerone
Reporter rashedhasan007
Modified 2017-05-31T21:13:02


A stored cross-site scripting vulnerability was found on a Department of Defense website which may trick a web user into executing a malicious script, potentially revealing a user's web session information or modify web content. @rashedhasan007 was able to demonstrate this vulnerability by crafting a specially formatted URL. Thank you!