ID H1:3037 Type hackerone Reporter nahamsec Modified 2014-04-04T17:40:14
Description
URL: http://www.okcupid.com/profile
The "First thing people usually notice about me" (or any other filed in that page) could be set as an XSS by giving it the following string as a value: <img src=# onerror=alert(document.cookie)>.
{"id": "H1:3037", "type": "hackerone", "bulletinFamily": "bugbounty", "title": "OkCupid: XSS In Profle", "description": "URL: http://www.okcupid.com/profile\r\n\r\nThe \"First thing people usually notice about me\" (or any other filed in that page) could be set as an XSS by giving it the following string as a value: <img src=# onerror=alert(document.cookie)>.\r\n\r\n", "published": "2014-03-04T04:19:19", "modified": "2014-04-04T17:40:14", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://hackerone.com/reports/3037", "reporter": "nahamsec", "references": [], "cvelist": [], "lastseen": "2018-04-19T17:34:10", "viewCount": 9, "enchantments": {"score": {"value": 0.5, "vector": "NONE", "modified": "2018-04-19T17:34:10", "rev": 2}, "dependencies": {"references": [], "modified": "2018-04-19T17:34:10", "rev": 2}, "vulnersScore": 0.5}, "bounty": 0.0, "bountyState": "resolved", "h1team": {"profile_picture_urls": {"small": "https://profile-photos.hackerone-user-content.com/000/000/054/87b4f3e8d043b2e0d0e476fccf15defd32268a45_small.jpg?1392928046", "medium": "https://profile-photos.hackerone-user-content.com/000/000/054/f4c5fba2235eb450c0cdc083ad9a479396bc7195_medium.jpg?1392928046"}, "url": "https://hackerone.com/okcupid", "handle": "okcupid"}, "h1reporter": {"hacker_mediation": false, "username": "nahamsec", "hackerone_triager": false, "profile_picture_urls": {"small": "https://profile-photos.hackerone-user-content.com/000/002/413/85221d37c113d4ba0afa15ee61c368d37ec637d0_small.png?1516918330"}, "disabled": false, "url": "/nahamsec", "is_me?": false}}
