OkCupid: XSS in "Questions" search module

2014-03-06T23:00:31
ID H1:3420
Type hackerone
Reporter nahamsec
Modified 2014-04-09T16:00:39

Description

So I was browsing the website, looking at users and such and came across the link: "Y'all got some issues" which takes you to the following link: http://www.okcupid.com/profile/quadhonk/questions?cf=regular_indirect which also has a search function. Giving it the above string will show you the result: "><img src=x onerror=prompt(1);>