OkCupid: XSS in "Questions" search module

ID H1:3420
Type hackerone
Reporter nahamsec
Modified 2014-04-09T16:00:39


So I was browsing the website, looking at users and such and came across the link: "Y'all got some issues" which takes you to the following link: http://www.okcupid.com/profile/quadhonk/questions?cf=regular_indirect which also has a search function. Giving it the above string will show you the result: "><img src=x onerror=prompt(1);>