Bug #2195: XSS in API - /app/payment/create_direct_payment - bug_infosecbridge - ftcash

Bug #2195

XSS in API - /app/payment/create_direct_payment

Added by arvind singh almost 2 years ago.

Status:

New

Priority:

High

Assignee:

vrushali Dutta

Start date:

11/27/2023

Due date:

% Done:

Estimated time:

Description

XSS payload accepted in amount field

POST /app/payment/create_direct_payment HTTP/2
Host: www.ftcash.com
Cookie: _ga=GA1.2.1646646439.1699877061; _gid=GA1.2.1722653074.1699877061; _gat=1; _ga_V9XQYRHY04=GS1.2.1699877061.1.0.1699877061.60.0.0; ci_session_id=q30kkj6h0e56937ue94lekrh0j

user_id=629249+&message=7905427008+1Clickhere&email=brijeshsinghcs0013%40gmail.com&user_name=Brij

Also available in: Atom PDF

Project

General

Profile

bug_infosecbridge

Issues

Bug #2195

XSS in API - /app/payment/create_direct_payment