Stored XSS Led to OAuth App Credential Theft and Info Disclosure
1 min read
Summary
A stored cross-site scripting (XSS) vulnerability has been discovered by Ehtesham who was conducting a bug bounty hunt on target.
com.
The vulnerability allowed the executor to steal organisation details and OAuth application credentials.
This was possible due to an organisation name field which accepted and stored unsanitized user input.
This data is then rendered on a public-facing storefront page, allowing for the execution of malicious JavaScript code in the browser of any user who visits the page.
The vulnerability has been disclosed responsibly and it is hoped the issue has been resolved.