2 matches found
Razer US: Reflected XSS on domain support.razerzone.com
The researcher hisxo discovered a reflected XSS vulnerability on support.razerzone.com. hisxo also worked with H1 Triage to provide a valid PoC that demonstrated payload delivery using Burp Suite. We appreciate the extra work and look forward to working with the researcher in the future...
Razer US: Reflected XSS on the https://deals.razerzone.com/json/translation endpoint
Thanks to SP1D3RS for the great report and working with the team on this one. This was a trivial POST-XSS, caused by using text/html Content-Type on the JSON endpoint, and ability to control the part of the response using unsanitized input. Why I disclosed it if this is a trivial issue? I pretty...