Friday, November 13, 2015

XSS in Slack (Bug bounty)

I have found a Cross Site Scripting vulnerability in Slack. The XSS lies in the creation of new post. The XSS can be triggered by formatting text as code. Just type in the payload then change it to code format. The bug has been fixed by the Slack security team. The link of my report can be found here:

Image POC:



No comments:

Post a Comment