Dark C0d3rs

Dark C0d3rs > Exploit Log > Research Papers/Vulnerability reports > HackerOne Disclosed Reports - 2025-03-21
Full Version: HackerOne Disclosed Reports - 2025-03-21
You're currently viewing a stripped down version of our content. View the full version with proper formatting.

hashXploiter

03-22-2025, 07:00 PM
Logo
Medium
resolved

Cache Poisoning Allows Zero Interaction Store XSS


Bug reported by Sam Ark was disclosed at March 22, 2025, 12:35 pm   |   Cross-site Scripting (XSS) - Stored

The vulnerability allowed an attacker to perform a cache poisoning attack, which resulted in a zero-interaction stored cross-site scripting (XSS) vulnerability on the Trendyol website. The attack was achieved by modifying the User-Agent header and adding a malicious parameter to the URL, which was then cached by the server and executed when visited by a victim.


Dark C0d3rs > Exploit Log > Research Papers/Vulnerability reports > HackerOne Disclosed Reports - 2025-03-21