[Vulnerability Report] Non-Persistent XSS on Beats By Dre

---------Following is the email which i had sent to Apple Product Security----------

Vulnerability type: Non-Persistent XSS

Affected URL: https://tempo.api.beatsbydre.com/v1/login/?return=%22%3E%3C/form%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E

Attack Scenario: An attacker is able to trick an authenticated user into visiting a malicious URL,
which is capable of stealing user's session and take over his apple account.

Best Regards
 Amit Kumar


Amit Sangra

Author & Editor

Amit is a Security Engineer acknowledged by Google, Apple, Microsoft, eBay, Intel and other top companies for reporting security issues in their web services.


  1. In both case, results are unpredictable regardless of quantity of} games have been performed, how many of} wins or losses have occurred, the velocity at which a sport is performed, the wager amount or sort, etc. Playing on a gambling machine is taking part in} a sport of probability. 소울카지노 There are often many millions of different potential outcomes of a sport.