OLX: XSS in OLX.pl ("title" in new advertisement)

2017-09-11T10:06:15
ID H1:267473
Type hackerone
Reporter d4w
Modified 2018-07-18T09:14:20

Description

Hello, I found XSS vulnerability in "new advertisement" in OLX.pl Step to reproduce: 1. Go to https://www.olx.pl/nowe-ogloszenie/ 2. Put this payload "<svg/onload=prompt(document.cookie)>" in "add-title" element 3. Complete all data in this form and click Next 4. On the next page we can see executed XSS

Regards, 4rch