Details:
In some fantasy world, the home page of lotus123 H1B is vulnerable to an imaginary Cross-Site Scripting attack.
Visit home page of lotus123 H1B
Open the browser's javascript console
Type alert(/xss!/) and press enter
Profit!
Impact
In our fantasy world, exploiting this vulnerability allows us to run an external script on your website that for example steals the cookies of the users that's facing the XSS and thus gaining access to the account of the victim.
medmahmoudi26
commented
2 years ago
Link: https://hackerone.com/reports/1717171
Date: 2022-09-29 19:40:19 UTC
By: demo-hacker
Weakness: Absolute Path Traversal
Details:
In some fantasy world, the home page of lotus123 H1B is vulnerable to an imaginary Cross-Site Scripting attack.
alert(/xss!/)and press enterImpact
In our fantasy world, exploiting this vulnerability allows us to run an external script on your website that for example steals the cookies of the users that's facing the XSS and thus gaining access to the account of the victim.