Hi everyone !
I found an Stored XSS vulnerability on the site of a very famous media in a European country (Top 3 of the country).
The JWT-Token that identifies the login session is not secure and may recover through Javascript code.
This means that the vulnerability allows you to steal a user/administrator’s cookies and take control of their account.
Do you think it is possible to sell the vulnerability itself? And if yes, how much?
Thank you in advance for your answers!
I found an Stored XSS vulnerability on the site of a very famous media in a European country (Top 3 of the country).
The JWT-Token that identifies the login session is not secure and may recover through Javascript code.
This means that the vulnerability allows you to steal a user/administrator’s cookies and take control of their account.
Do you think it is possible to sell the vulnerability itself? And if yes, how much?
Thank you in advance for your answers!
