+- Dark C0d3rs (https://darkcoders.wiki)
+-- Forum: Exploit Log (https://darkcoders.wiki/Forum-Exploit-Log)
+--- Forum: Research Papers/Vulnerability reports (https://darkcoders.wiki/Forum-Research-Papers-Vulnerability-reports)
+--- Thread: HackerOne Disclosed Reports - 2025-03-21 (/Thread-HackerOne-Disclosed-Reports-2025-03-21)
HackerOne disclosed reports - 2025-03-21 - hashXploiter - 03-22-2025
Medium
resolved
resolved
Cache Poisoning Allows Zero Interaction Store XSS
Bug reported by Sam Ark was disclosed at March 22, 2025, 12:35 pm | Cross-site Scripting (XSS) - Stored
The vulnerability allowed an attacker to perform a cache poisoning attack, which resulted in a zero-interaction stored cross-site scripting (XSS) vulnerability on the Trendyol website. The attack was achieved by modifying the User-Agent header and adding a malicious parameter to the URL, which was then cached by the server and executed when visited by a victim.