Saturday, October 10, 2015

XSS in Pinterest Developers (Bug Bounty)

I recently found an XSS in Pinterest developer website. It only took 2 days for Pinterest to fix it. At first glance, Pinterest told me that it is self-xss but I sent further info and realized it is a reflected xss and that it is eligible for a bounty.

Steps to reproduce: 

               1. Go to
               2. then go to widget builder
               3. In the custom image enter the payload
               4. XSS pop-up





No comments:

Post a Comment