InVision: Reflective XSS in projects.invisionapp.com

2015-08-08T08:48:16
ID H1:81201
Type hackerone
Reporter alyssa_herrera
Modified 1970-01-01T00:00:00

Description

I discovered a vulnerability in the commenting system, when you leave a comment with <svg onload=alert(document.domain)> and click post comment it will trigger an alert. I will be including a video to help understand this vulnerability