Localize: Stored XSS

2014-04-17T18:29:21
ID H1:7873
Type hackerone
Reporter daksh
Modified 2014-04-20T02:53:31

Description

Hey!!

Steps to reproduce :

1) while making account add xss payload in username like : "><img src=a onerror=prompt(1);> 2) login using this . 3) Go to settings tab (http://www.localize.io/pages/settings) 4) XSS ll get executed .

Attached PoC .

Daksh