Starbucks: DOM-based XSS in store.starbucks.co.uk on IE 11
We've found DOM XSS on store.starbucks.co.uk and other related domains such as store.starbucks.fr and store.starbucks.ca. It appears to be a JQuery based DOM XSS in the parseHTML sink. In order to trigger the XSS you need to use IE11 and the PoC will visit the url first, wait 5 seconds and then...