Vulnerability : Cross-Site Scripting (XSS) - Reflected
Sub-domain : https://www2.projects.science.uu.nl
Vulnerable URL : https://www2.projects.science.uu.nl/VRsenaatszaal/index_old.php?image=images/hall_vr_06.jpg&is_stereo=true
Vulnerable Parameter : image
XSS Payload : %22%3E%3Cdetails%20open%20ontoggle=confirm(/XSS_By_Nayanjyoti_Roy/)%3E
Timeline :
Feb 19,2021 - Report Sent
Feb 19,2021 - Confirmation Received
Feb 26,2021 - Vulnerability Fixed
March 02,2021 - Listed on their Hall-Of-Fame page
Environment :
OS : Windows 10 Pro
Browser : Firefox
Version : 85.0.2 ( 64-bit )
Researcher Name : Nayanjyoti Roy
Proof-Of-Concept video :
0 Comments