Starbucks: Singapore - XXE at

ID H1:762251
Type hackerone
Reporter rugb
Modified 2020-07-22T16:04:44


rugb discovered the endpoint at* was found vulnerable to XML eXternal Entity (XXE) processing. This permitted arbitrary reading of files on the remote server. This asset is not rated as critical as it does not contain sensitive data.

@rugb — thank you for reporting this vulnerability and for confirming the resolution.