You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I have found Reflected XSS(Cross Site Scripting) in one of your domain https://academy.synchrobit.io/ which can be used to manipulate users or steal users' cookies & this vulnerability has also been assigned a CVE CVE-2021-24746 that is The Social Sharing Plugin WordPress plugin before 3.3.40 does not escape the viewed post URL before outputting it back in onclick attributes when the "Enable 'More' icon" option is enabled (which is the default setting), leading to a Reflected Cross-Site Scripting issue
Hey Sec Team,
I have found Reflected XSS(Cross Site Scripting) in one of your domain https://academy.synchrobit.io/ which can be used to manipulate users or steal users' cookies & this vulnerability has also been assigned a CVE CVE-2021-24746 that is The Social Sharing Plugin WordPress plugin before 3.3.40 does not escape the viewed post URL before outputting it back in onclick attributes when the "Enable 'More' icon" option is enabled (which is the default setting), leading to a Reflected Cross-Site Scripting issue
Vulnerable url: https://academy.synchrobit.io/get-an-unlimited-amount-of-shiba-inu-for-free-on-synchrobit-hybird-exchange/?a"><script>alert(document.domain)</script>
Image is attached as POC
--
Best
Divya Singh
The text was updated successfully, but these errors were encountered: