Razer US: XSS on Saved Carts page

ID H1:283727
Type hackerone
Reporter gdinar
Modified 2018-08-07T17:22:01


The saved cart endpoint was vulnerable to a reflective XSS due to lack of sanitization of cartcode which is inserted back in the HTML document, which could allow execution of malicious Javascript on the client.