Reflected-XSS Vulnerability in Change.org

Sponsored Links
A Security Researcher Adwiteeya Agrawal has discovered Non-persistent Cross site scripting(XSS) Security flaw in the Change.org.

Change.org is the web's leading platform for social change, empowering anyone, anywhere to start petitions that make a difference.


The vulnerability has been discovered in the Simple Search Form used in the website. The developer fails to validate the search keyword given by the user.

POC:
 https://www.change.org/search?utf8=✓&q=<script>alert("XSS By Adwiteeya Agrawal")</script>

Category: / / /

Share this with Your friends: