OLX: XSS in OLX.pl ("title" in new advertisement)

ID H1:267473
Type hackerone
Reporter d4w
Modified 2018-07-18T09:14:20


Hello, I found XSS vulnerability in "new advertisement" in OLX.pl Step to reproduce: 1. Go to https://www.olx.pl/nowe-ogloszenie/ 2. Put this payload "<svg/onload=prompt(document.cookie)>" in "add-title" element 3. Complete all data in this form and click Next 4. On the next page we can see executed XSS

Regards, 4rch