Full Disclosure mailing list archives
XSS in images.samsung.com
From: David Tapia <tapiadavid44 () gmail com>
Date: Fri, 31 May 2013 01:06:09 +0200
Hi all! Mi name is David Tapia. I would like to disclose an XSS vulnerability in images.samsung.com. I tried to warn them two months ago using their bug bounty program, but they answered me saying that it is only available for their Smart TVs . I totally agree with them but they could have fixed it since this happened almost 3 months ago. The same vulnerability could be exploited in a domain of Adobe Scene 7, but they already have fixed it (without giving me any Security Acknowledgment). Here is the proof of concept: http://images.samsung.com/s7ondemand/brochure/flash_brochure.jsp?company=samsung&sku=&config=233%22;alert%28'XSS'%29;//&zoomwidth = Best Regards, David Tapia
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- XSS in images.samsung.com David Tapia (May 31)