xss injection
53n4d opened this issue ยท 2 comments
53n4d commented
Hi, how are you?
I want to report xss vulnerability in aws s3 explorer. POC is below:
Click on the settings icon in the top right corner. Popup will open to enter S3 bucket name.
Type a payload as you can see on this image, and press enter:
And you'll get an xss:
john-aws commented
Thanks for the report and a quick way to repro the problem.
53n4d commented
Just to inform, i reported this to: https://cveform.mitre.org/ as a cve request, to inform users about affected version, because xss is usually high or critical vulnerability.
Thank you for your prompt response and quick fix.