Translate
First i found this bug in logitech company and report it to hackerOne
but they responded " This tool is from a 3rd party vendor and we are wondering if they know about the issue or if you have reached out to them about this yet. www.sdl.com is the vendor in question"
as you all see URL encoded GET input error was set to login.invalid'"()&% can trigger xss
and JS will execute
sorry I haven't been able to share link because of public and responsible disclosures
you can contact me at fikrikhoir9089@gmail.com
Generated Image Alt-Text
[edited by: RWS Community AI at 4:00 PM (GMT 0) on 14 Nov 2024]
