Zendesk: Cross-site Scripting https://www.zendesk.com/product/pricing/

2015-09-19T11:48:48
ID H1:89624
Type hackerone
Reporter mdv
Modified 2015-12-09T02:06:13

Description

Hello. https://www.zendesk.com/product/pricing/#?cvo_sid1=%22/alert%28%221%22%29/%22 This XSS can be done on most pages of this site. Vulnerable param is cvo_sid1. For the XSS i used "/alert("1")/" Tested in Mozilla Firefox