Reflected XSS in (

My first valid XSS bug submission to Nokia was a textbook example of a reflected Cross-Site Scripting vulnerability.

It was enough to abuse the „Search” box with the payload below, albeit it worked only in Internet Explorer browser:


After visiting the following URL, the JavaScript code was executed:</script><script/%00%00v%00%00>alert('')</script>


[November 30th 2013] - bug was reported
[January 3rd 2014] - bug was fixed

Dodaj komentarz

Twój adres email nie zostanie opublikowany. Pola, których wypełnienie jest wymagane, są oznaczone symbolem *