Razer US: XSS on Saved Carts page

2017-10-28T10:13:39
ID H1:283727
Type hackerone
Reporter gdinar
Modified 2018-08-07T17:22:01

Description

The saved cart endpoint was vulnerable to a reflective XSS due to lack of sanitization of cartcode which is inserted back in the HTML document, which could allow execution of malicious Javascript on the client.