ID H1:353334
Type hackerone
Reporter xpaw
Modified 2018-05-24T22:00:09
Description
Enter ">test in any of the 3 fields, save it and reload the page.
Impact
Stored XSS, could possibly break some internal features too as the stored value is not an integer.
The hacker selected the Cross-site Scripting (XSS) - Stored weakness. This vulnerability type requires contextual information from the hacker. They provided the following answers:
URL
https://partner.steamgames.com/apps/inventoryservice/[xxx]
{"id": "H1:353334", "hash": "acc95dc55aa01f8c6a3d1753726b6456", "type": "hackerone", "bulletinFamily": "bugbounty", "title": "Valve: Unfiltered input allows for XSS in \"Playtime Item Grants\" fields", "description": "Enter \">test in any of the 3 fields, save it and reload the page.\n\nImpact\nStored XSS, could possibly break some internal features too as the stored value is not an integer.\n\nThe hacker selected the Cross-site Scripting (XSS) - Stored weakness. This vulnerability type requires contextual information from the hacker. They provided the following answers:\n\nURL\nhttps://partner.steamgames.com/apps/inventoryservice/[xxx]", "published": "2018-05-17T08:21:13", "modified": "2018-05-24T22:00:09", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://hackerone.com/reports/353334", "reporter": "xpaw", "references": [], "cvelist": [], "lastseen": "2018-06-05T21:27:16", "history": [], "viewCount": 11, "enchantments": {"score": {"value": 0.5, "vector": "NONE", "modified": "2018-06-05T21:27:16"}, "dependencies": {"references": [], "modified": "2018-06-05T21:27:16"}, "vulnersScore": 0.5}, "objectVersion": "1.4", "bounty": 750.0, "bountyState": "resolved", "h1team": {"handle": "valve", "profile_picture_urls": {"medium": "https://profile-photos.hackerone-user-content.com/000/023/363/108249db69174477f86300d445fc8f4cb3ab98d2_medium.png?1504915279", "small": "https://profile-photos.hackerone-user-content.com/000/023/363/70bcb701fe28ae1bbc98b28ce88a5dd98e38a6b6_small.png?1504915279"}, "url": "https://hackerone.com/valve"}, "h1reporter": {"disabled": false, "hacker_mediation": false, "hackerone_triager": false, "is_me?": false, "profile_picture_urls": {"small": "https://profile-photos.hackerone-user-content.com/000/007/335/74b414a4cf51c1015ee5cbef9f82faa2377415ba_small.jpg?1402912859"}, "url": "/xpaw", "username": "xpaw"}, "_object_type": "robots.models.hackerone.HackerOneBulletin", "_object_types": ["robots.models.hackerone.HackerOneBulletin", "robots.models.base.Bulletin"]}
{}