Square: XSS [BookFresh]

ID H1:25332
Type hackerone
Reporter eronx
Modified 2014-11-17T14:30:48


Hi there,

I found a Cross Site Scripting in the bookfresh website, what I found it to be significant is, its publicly facing.

Any user who points his browser to : Proof of Concept XSS*

Then will be greeted by a javascript pop up.

Kindly have a look sir.

Cheers, Clifford