Stored XSS In Red Hat® Subdomain

What is Stored XSS?

The Subdomain:

<img src=xyz
<img src=x onerror=alert(‘TEST’)>

The Sweet XSS:

  1. I searched for the question “How to use <script>”
  2. The results will fetch all the blog posts from various sites having that query.
  3. As the contents being shown in the results are not filtered, the script in the content of the blog will get executed.

Mitigation:

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store