Vulnerability Summary
A Reflected XSS vulnerability was identified in a navigation/routing endpoint of a financial institution's web application. The callback GET parameter is reflected unsanitized into a JavaScript context on the client side, allowing arbitrary code execution.
A Reflected XSS vulnerability was identified in a navigation/routing endpoint of a financial institution's web application. The callback GET parameter is reflected unsanitized into a JavaScript context on the client side, allowing arbitrary code execution.
What made this finding particularly interesting is that a WAF was in place, blocking common XSS payloads. The bypass was achieved by combining dynamic code execution (Function()) with location.hash as an out-of-band payload delivery channel, effectively smuggling the malicious code outside the WAF's inspection scope entirely.
hackerone-reportsHackerOne disclosed report --> https://hackerone.com/reports/3594137 by aikido_security
tonysecStored Cross-Site Scripting via SVG File Upload Filter Bypass
No comments yet.
Be the first to share your thoughts
Log in to join the discussion.
Sign In