Samsung Cross Site Scripting

2013-06-01T00:00:00
ID PACKETSTORM:121830
Type packetstorm
Reporter David Tapia
Modified 2013-06-01T00:00:00

Description

                                        
                                            `Hi all!  
  
Mi name is David Tapia. I would like to disclose an XSS vulnerability in  
images.samsung.com. I tried to warn them two months ago using their bug  
bounty program, but they answered me saying that it is only available for  
their Smart TVs . I totally agree with them but they could have fixed it  
since this happened almost 3 months ago.  
  
The same vulnerability could be exploited in a domain of Adobe Scene 7, but  
they already have fixed it (without giving me any Security Acknowledgment).  
  
Here is the proof of concept:  
  
http://images.samsung.com/s7ondemand/brochure/flash_brochure.jsp?company=samsung&sku=&config=233%22;alert%28'XSS'%29;//&zoomwidth  
=  
  
Best Regards,  
  
David Tapia  
`