OkCupid: XSS Vulnerability Found!

ID H1:9869
Type hackerone
Reporter karshxz7593
Modified 2014-05-26T03:02:03


Good Day okcupid Security Team!

i just want to report that i found a bug on your website. what i've found out is a xss vulnerability with the use of third party app facebook. at first i upload an image in facebook and name it as "><img src=x onerror=alert(document.cookie);> then go to okcupid.com then i click upload image and i click the facebook icon then viola! an alert box popup containing the cookie information of a user.