Ubiquiti Inc.: Reflected cross-site scripting (XSS) vulnerability in scores.ubnt.com allows attackers to inject arbitrary web script via p parameter.

Dear Ubiquiti Networks bug bounty team, Short Description --- scores.ubnt.com is still vulnerable to reflected XSS, a form of client-side code injection wherein one can execute malicious scripts into a page. The fix to https://hackerone.com/reports/158484 does not suffice for some browsers mainly...

Ubiquiti Inc.: [scores.ubnt.com] DOM based XSS at form.html

Hello, I would like to report that the 130889 bug hasn't been fixed completely. The removeTags function has been added, however an attacker is still able to inject Javascript as parameter values without any HTML tags:...

Ubiquiti Inc.: Reflected XSS in scores.ubnt.com

Parameter p in https://scores.ubnt.com/form.html?uid=1&p=airFiber is vulnerable to XSS. If a user logs in at https://account.ubnt.com/login and visits https://scores.ubnt.com/form.html?uid=1&p=airFiber"alertdocument.cookie;, a message box will be presented with his cookie. Attached is a POC...