TTS Bug Bounty: Blind Stored XSS In "Report a Problem" on www.data.gov/issue/

2019-06-15T16:23:49
ID H1:615840
Type hackerone
Reporter rioncool22
Modified 2019-08-07T20:03:52

Description

Step To Produce : 1. Open : https://www.data.gov/issue/ 2. fill "Issue Title" and "Description" With XSSHunter Payload 3. XSS Fired In https://labs.data.gov/crm/admin/report/662445

Impact

Can steal admin cookies