Rockstar Games: DOM XSS on https://www.rockstargames.com/GTAOnline/feedback

In this report, the researcher identified a DOM-based Cross-Site Scripting vulnerability in the /GTAOnline/feedback endpoint. As we worked together on resolving this matter, the researcher helped us identify other parts of the GTA Online sub-site that suffered from the same vulnerability due to...

Rockstar Games: Dom based XSS on www.rockstargames.com/GTAOnline/features/freemode

In this report, the researcher identified a DOM-Based XSS vulnerability on www.rockstargames.com/GTAOnline/features/freemode. This type of attack can result in cookie theft, or enable CSRF and phishing attacks. With the researcher's help we were able to identify the cause of the vulnerability and...

Rockstar Games: DOM based XSS on /GTAOnline/de/news/article via "returnUrl" parameter

In this report, the researcher identified a DOM-based cross-site scripting vulnerability affecting localized versions of the GTA Online screenshots site, e.g. https://www.rockstargames.com/GTAOnline/jp/screens/. We have pushed out an update fixing this vulnerability so that it is no longer...

Rockstar Games: DOM BASED XSS ON https://www.rockstargames.com/GTAOnline/features

In this report, the researcher identified a DOM-based Cross-Site Scripting vulnerability under the GTAOnline section of the main site. This could have left to theft of cookies if left unresolved. Interestingly, a core factor in this vulnerability was a regression of a previously identified and...