Informatica: Stored XSS via Discussion Title and Send as Email attribute in [marketplace.informatica.com]

2017-02-06T18:05:31
ID H1:203912
Type hackerone
Reporter fillawful
Modified 2017-04-08T12:39:29

Description

POC

  1. Under "Your Stuff" choose to "Create a Discussion/Ask a question"
  2. Choose a space to submit your discussion/question. Any space will do.
  3. Title your discussion with the payload "><img src=x onerror=alert(1)>
  4. Choose "Post message" to publish.
  5. View the message as any user. Under "Actions" choose to "Send as Email"
  6. Observe XSS poc alert box"

Please let me know if you have any questions.