Showing 13 Result(s)

Liking GitHub repositories on behalf of other users — Stored XSS in WebComponents.org

Video:   Steps to reproduce: 1. Create a Polymer element and publish it to github2. Set the repo homepage URL to: javascript:alert(document.domain)3. Publish it via https://www.webcomponents.org/publish4. Go to the element’s webcomponents.org page and click the homepage link     What can you do with this XSS: It’s possible if the user has authenticated …