4 matches found
Automattic: DOM-Based XSS in tumblr.com
Description Hi, i would like to report DOM-Based XSS that it's exactly like this one 882546, this one work just because the page /reblog/ID/OTHERID doesn't have a correct CSP rule. Steps to reproduce 1. go to https://www.tumblr.com/reblog/620008931446652928/JBuEvzz5 2. click in click me 3. click ...
Automattic: [tumblr.com] 69< Firefox Only XSS Reflected
Description : Hello, i have found a XSS Reflected in https://www.tumblr.com/abuse/start?prefill= But the XSS only works in versions of firefox that are below 70. Because its been blocked by CSP, but the version below 69 of firefox is vulnerable. Here's a great article about this subject...
Automattic: DOM-Based XSS in tumblr.com
Description Hi, i just found a XSS that i think it's a valid issue and i think it is in scope this time. To get the XSS the attacker needs to create a post in tumblr.com using...
Tumblr.com Cross Site Scripting
================================================================================================== $$$$$$$\ $$\ $$\ $$\ $$$$$$\ $$ $$\ | $$ | $$ | $$ $$\ $$ | $$ |$$\ $$$$$$$\ $$$$$$\ $$$$$$$\ $$$$$$\ $$$$$$$\ $$$$$$\ $$ | $$ / $$ | $$$$$$$\ |$$ |$$ |$$ $$\ $$ $$\ $$ $$\ $$ $$\ $$ $$\ $$ |...