Automattic: [intensedebate.com] XSS Reflected POST-Based on update/tumblr2/{$id}

Summary: Hello, I have found an XSS Reflected POST-Based on https://www.intensedebate.com/update/tumblr2/$id. The parameter $POST'txtCode' is reflected and is not sanitized. To trigger the XSS an attacker need to create a site and invite the victim in their own site and give then full permissions...

Automattic: [intensedebate.com] XSS Reflected POST-Based

Summary: Hello, i have found a XSS Reflected POST-Based in https://www.intensedebate.com/ajax.php. Vulnerables URL : POST /https://www.intensedebate.com/ajax.php Vulnerables Parameters: $POST'txt'; Payload azertyuiop Steps to reproduce 1. Open the xss.html and will you see a javascript pop-up You...