Date: 1/22/2019
Description:
The Bartels Giant Burger app is vulnerable to a self directed, cross site scripting error. This occurs after the user enters in a term like "<plaintext>" into the location search box.
I would assume that a number of other XSS errors can be triggered in this box.
This is easier to show than it is to describe, so please see the attached video:
Steps to Reproduce:.@BartelsGiant There is a minor #XSS error with your iOS app#XSS #XSSiOSapp pic.twitter.com/R4apHmD386— iPad Mini Bugs (@iPad_App_Bugs) January 22, 2019
1. Download the Bartels Giant Burger app
2. Launch the app
3. Select "Locations" from the sidebar
4. From the "Find Your Store" screen, click inside the "Zip or City, State" input box
5. Enter in "<plaintext>" and run a search
Result: A search of "<plaintext>" in the "Find Your Store" location box of the Bartels Giant Burger app results in an XSS error
Expected: A search of "<plaintext>" in the "Find Your Store" location box in the Bartles Giant Burger app should not result in an XSS error
No comments:
Post a Comment