OLX: XSS in OLX.pl ("title" in new advertisement)

Hello, I found XSS vulnerability in "new advertisement" in OLX.pl Step to reproduce: 1. Go to https://www.olx.pl/nowe-ogloszenie/ 2. Put this payload "" in "add-title" element 3. Complete all data in this form and click Next 4. On the next page we can see executed XSS Regards, 4rch...

olx.pl XSS vulnerability

Vulnerable URL: http://olx.pl/nowe-ogloszenie/ Details: Description| Value ---|--- Patched:| Yes, at Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 489 VIP website status:| Yes Check olx.pl SSL connection:| Grade: A Coordinated Disclosure Timeline: Description| Val...

OLX: stored XSS in olx.pl - ogloszenie TITLE element - moderator acc can be hacked

Hello, The OLX.PL is vulnerable to stored XSS attack. When adding new advertisement, it is possible to put a payload in its title here I used Titlealert1 I see ads are being pre-moderated, however it can remain uncaught also the length limit in title field is enough to insert into it e.g. a BeEF...

OLX.pl - ogłoszenia lokalne - Customized SSL, Dangerous filesystem permissions, WebView SSL handling enabled vulnerabilities

HackApp vulnerability scanner discovered that application OLX.pl - ogłoszenia lokalne published at the 'play' market has multiple vulnerabilities...