braga-retailcenter.com Cross Site Scripting vulnerability

Open Bug Bounty ID: OBB-1005468 Security Researcher Gh05tPT Helped patch 6901 vulnerabilities Received 10 Coordinated Disclosure badges Received 48 recommendations , a holder of 10 badges for responsible and coordinated disclosure, found a security vulnerability affecting braga-retailcenter.com...

OLX: XSS - main page - search[user_id] parameter

Hi, how you doing? This is a pretty straight foward XSS in the main page. Affected parameter: searchuserid Direct Link: https://www.olx.pt/braga/?searchuserid=1zqjeu'":/1zqjeu;9, ;prompt9;&view=galleryWide Tested in updated firefox. Impact XSS allows a intruder to inject html and client side...