Mavenlink: Flash XSS on swfupload.swf showing at app.mavenlink.com

2014-07-23T03:17:46
ID H1:21150
Type hackerone
Reporter panchocosil
Modified 2014-07-24T17:48:10

Description

Hello Security I like to report a XSS that affect all users. This flash XSS can be very dangerous.

Vulnerable URL:

https://app.mavenlink.com/flash/swfupload.swf?movieName="]);}catch(e){}if(!self.a)self.a=!alert(document.domain);//

I attach image of Proof:

Any problem reproducing this bug please let me know.

PS: This Work with all browsers.

Regards.