Rockstar Games: DOM XSS on https://www.rockstargames.com/GTAOnline/feedback

2020-02-24T20:57:23
ID H1:803934
Type hackerone
Reporter netfuzzer
Modified 2020-06-11T18:57:19

Description

In this report, the researcher identified a DOM-based Cross-Site Scripting vulnerability in the /GTAOnline/feedback endpoint. As we worked together on resolving this matter, the researcher helped us identify other parts of the GTA Online sub-site that suffered from the same vulnerability due to code re-use. The vulnerability has now been fully resolved.