Uber: Reflected XSS on Partners Subdomain
There was a reflected cross site scripting vulnerability at https://partners.uber.com/. By providing a specifically crafted value, it was possible for an attacker to inject malicious content into the partners.uber.com site, which would then be executed when the site is loaded. We enjoyed working...