Uber: Reflected XSS in https://eng.uberinternal.com and https://coeshift.corp.uber.internal/

The base parameter of /oidauth/prompt on multiple uberinternal.com subdomains was not sanitized before being reflected into the page body, making it vulnerable to reflected XSS. Additionally, these pages were affected by a clickjacking vulnerability that made exploitation easier, since a click wa...

Uber: Reflected XSS on multiple uberinternal.com domains

The base parameter of /oidauth/prompt on multiple uberinternal.com subdomains was not sanitized before being reflected into the page body, making it vulnerable to reflected XSS. Additionally, these pages were affected by a clickjacking vulnerability that made exploitation easier, since a click wa...