[Vulnerability Report] Persistent XSS at Jotform

Persistent XSS @ Developers section

Vulnerable Service: https://developers.jotform.com

Description: The service mentioned above is vulnerable to Persistent XSS, due to which an attacker is able to steal user cookies which may lead to account hijacking.

Demo XSS thread:
- Click on "For Testing Purposes" to see the alert message.

Payload: javascript:alert('I_Am_Vulnerable_To_XSS');

Steps of Reproduction:
-Create a new thread & in thread editor click "Add hyperlink" button.
-Now instead of URL, paste payload there.
-"http://" will be automatically added to the payload, you need to remove that.

Proof of Concept:


Amit Sangra

Author & Editor

Amit is a Security Engineer acknowledged by Google, Apple, Microsoft, eBay, Intel and other top companies for reporting security issues in their web services.


Post a Comment