Reflected XSS via HTML Injection - 2

Disclosed by

Engagement Undisclosed
Disclosed date 9 Sep 2022 over 2 years ago
Priority P3 Bugcrowd's VRT priority rating
Status Resolved This vulnerability has been accepted and fixed

Summary by Poc-as

Summary

I found a cross site scripting on https://fr.shopping.rakuten.com/connect

POC

url : https://fr.shopping.rakuten.com/connect?clubsubscription="><iframe%20src="data:text/html;base64,PHN2Zy9vbmxvYWQ9YWxlcnQoMSk%2b"></iframe>

Explanation

When I connect to the above URL, the value of the url parameter is inserted into the DOM without escaping, resulting in HTML Injection. So I can use this to be trigger XSS because HTML Injection happens. Thanks

Activity

Akitsugu_Ito Customer published the disclosure report
3 years ago(09 Sep 2022 01:05:37 UTC)
Akitsugu_Ito Customer changed the state to Resolved
3 years ago(08 Feb 2022 06:11:44 UTC)
Poc-as sent a message
3 years ago(30 Oct 2021 10:28:34 UTC)
Poc-as requested disclosure
4 years ago(04 Oct 2021 11:25:57 UTC)
Akitsugu_Ito Customer changed the state to Unresolved
4 years ago(04 Oct 2021 05:40:44 UTC)
Tal_Bugcrowd changed the state to Triaged
4 years ago(03 Oct 2021 14:18:40 UTC)
Tal_Bugcrowd sent a message
4 years ago(03 Oct 2021 14:18:39 UTC)
Poc-as created the submission
4 years ago(30 Sep 2021 19:27:36 UTC)