Pornhub: Mobile Reflect XSS / CSRF at Advertisement Section on Search page

ID H1:379705
Type hackerone
Reporter jtjisgod
Modified 2019-05-06T19:41:03


The researcher identified a search query parameter vulnerable to cross-site scripting in the Mobile view. It is same vulnerability of redtube's mobile search page. The report is #380246 . This vulnerability is performed XSS because protecting with adding slashes at double quoters. At the tag's attribute, Adding slashes can't protect XSS. So, Should replace double quoters to something to protect XSS.