MyCrypto: Reflected XSS { support.mycrypto.com }

2018-03-08T06:55:43
ID H1:323566
Type hackerone
Reporter sup3r-b0y
Modified 2018-04-02T22:01:47

Description

A reflected XSS was reported by sup3r-b0y that was activated by displaying unsanitized values of query parameters. The MyCrypto team worked with sup3r-b0y to identify and verify the fix, and are happy to confirm that the vulnerability described in the report has now been fixed. We are happy to continue to work with the HackerOne community to determine and resolve issues on an ongoing basis.

A big thank you to sup3r-b0y for their help in identifying and resolving this issue!