www.goldenline.pl Stored XSS

Website:

https://www.goldenline.pl/profil - in user’s profile edition

Description:

Vulnerability occurs in field with class=”user-headline title”, where input wasn’t sanitized, which could lead to exploitation:

Colorized style of input payload

Which looks quite innocent in profile view:

Colorized input in profile view

…and really interesting during listing all possible candidates bsy HR departments:

Colorized input in search view

Another vulnerability occurs in input with id=”user_personal_info_website1desc”, where input also wasn’t sanitized, which could lead to exploitation:

1
alert('Polecamy');

Working alert while watching candidates profile

Timeline:

- 28-02-2016: Discovered
- 29-02-2016: Vendor notified
- 29-02-2016: Issues resolved

Thanks from vendor:

Thanks from vendor