TomTom: Reflected Cross Site Scripting vuln in tomtom.com

2019-04-16T18:40:25
ID H1:540428
Type hackerone
Reporter omnicient
Modified 2019-06-13T22:37:25

Description

Hello Tomtom security team

I found a reflected cross site scripting security vulnerability in tomtom.com https://www.tomtom.com/nl_nl/search/?q=27%22--%3E%3CDetails%20Open%20OnToggle=confirm(document.domain)%3E

This payload when loaded displays the domain the XSS vulnerability occurs in www.tomtom.com

in the q= param here,

Welcome to Hackerone,

Ben

Impact

An attacker could use this to load malicious scripts in a users browser or control the browser with malicious code.