Slickdeals: Save with Coupons app for iOS (version 5.14.1)
Date: 03/24/20
Description:
The Slickdeals: Save with Coupons app (version 5.14.1) for iOS has a minor XSS problem.
The app has "Request Username" option. If the user enters in the standard XSS term of "<plaintext>"..
Steps to Reproduce:
1. Download and launch the Slickdeals: Save with Coupons app for iOS
2. Select profile
3. Sign Up with either a Google or Facebook account
4. Select "Edit Username" from the pop-up
5. From the "Change Username" screen, enter in <plaintext>
6. Click on "Request Username"
7. Note "</p></div><footer><button class =" appears
8. Start looking for other XSS problems
Result: Entering in the standard XSS test term of "<plaintext>" in the "Request Username" area of the app results in an error indicative of an XSS failure
Expected: The Slickdeals app should handled the entry of "<plaintext>" gracefully - shouldn't display an error message that would encourage additional searches for XSS problems
No comments:
Post a Comment