OkCupid: XSS In Profle

2014-03-04T04:19:19
ID H1:3037
Type hackerone
Reporter nahamsec
Modified 2014-04-04T17:40:14

Description

URL: http://www.okcupid.com/profile

The "First thing people usually notice about me" (or any other filed in that page) could be set as an XSS by giving it the following string as a value: <img src=# onerror=alert(document.cookie)>.