Multiple XSS in

Simple reflected XSS bug in Avans’ search box:"/><script>alert('XSS')</script>

Another set of unfiltered input fields was in:

which is a Step 3/4 after adding a product to the cart. Filling those fields with a standard value of:


redirects to the:

which pops an alert box.

Bonus: It was possible to create an account without a password.

Bugs’ lifespans were short, because of a quick reaction. Good job.

Leave a Reply

Your email address will not be published. Required fields are marked *