Upserve : Reflected XSS on (affects IE users only)

ID H1:469841
Type hackerone
Reporter stealthy
Modified 2019-08-06T19:30:46


The REQUEST_URI was assigned as the value of a hidden field in the login form without proper escaping resulting in a reflected cross-site scripting bug. Browsers were mitigating the issue and IE was only impacted if XSS protection was disabled. We've improved the sanitization of this field. The value of REQUEST_URI was not correctly sanitizing user input, in this case, double-quotes. However, due to URL encoding, this was only exploitable in IE.'"--><script>confirm(document.cookie)</script>

Upserve handled this report quickly and professionally. I am looking forward to working with them again in the future.