Reflected Cross Site Scripting (XSS) on https://gamemaker.io/account/dashboard

Disclosed by
abitsec's avatar
abitsec
  • Engagement Opera Public Bug Bounty
  • Disclosed date over 2 years ago
  • Points 10
  • Priority P3 Bugcrowd's VRT priority rating
  • Status Resolved This vulnerability has been accepted and fixed
Summary by Opera Public Bug Bounty

An XSS was found involving two GET parameters which would be reflected into the page, allowing for javascript to be run.

Summary by abitsec

A Reflected Cross-Site Scripting (XSS) vulnerability was found affecting multiple https://gamemaker.io endpoints via the error and notice URL parameters.

Activity
  1. Joshua’s avatar
    Joshua Customer published the disclosure report

    ()

  2. abitsec’s avatar
    abitsec sent a message

    ()

  3. abitsec’s avatar
    abitsec requested disclosure

    ()

  4. Joshua’s avatar
    Joshua Customer rewarded abitsec

    ()

  5. abitsec’s avatar
    abitsec sent a message

    ()

  6. FlyEye’s avatar
    FlyEye Customer sent a message

    ()

  7. FlyEye’s avatar
    FlyEye Customer changed the state to Resolved

    ()

  8. Joshua’s avatar
    Joshua Customer changed the state to Unresolved

    ()

  9. Joshua’s avatar
    Joshua Customer rewarded abitsec 10 points

    ()

  10. abitsec’s avatar
    abitsec sent a message

    ()

  11. abitsec’s avatar
    abitsec created the submission

    ()