html inj в чате трансляции
Summary by the hacker
xss была докинута в комментарии через
"><iframe href=жаваскрипт:алерт()>
Здравствуйте, обнаружил , что в чате трансляции на https://vk.com/video/ нет фильтрации html тегов, и можно грузить айфреймы, формы и тд
'{%mask_value%}
Reward
₽65,000
VKontakte
VK
Report No.: 4412
Created: February 16, 2024, 15:59
Disclosed: July 16, 13:32
Status: Fixed
Type: Vulnerability
Severity:
High
Author:AlexShev
Files
image.png
Comments
By
AlexShev
February 16, 2024
By
MrYadro
February 16, 2024
By
MrYadro
February 16, 2024
By
AlexShev
February 16, 2024
By
hack
February 26, 2024
By
AlexShev
March 3, 2024
By
wellenc_lex_vk
March 20, 2024
By
AlexShev
August 2, 2024
By
MrYadro
August 2, 2024