A security researcher, Rafay Baloch, has discovered Cross site scripting vulnerability in the StumbleUpon , One of the famous social bookmarking website with alexa rank of 149.
“Few days before, while i was hunting for vulnerabilities inside stumbleupon.com,” Rafay said in his blog post. “Fiddler helped me obtain a non persistent XSS vulnerability inside stumbleupon”
He send notification about the vulnerability to StumbleUpon, however there is no response from other side.
“For security reasons i cannot disclose the URL and parameters for the injection, I hope stumbleupon fixes the vulnerability pretty soon.” researcher said.
At the time of writing, the vulnerability is not patched and we are able to exploit the vulnerability. In fact, i inject a redirection code that successfully redirects me to the given url. So Continue Reading StumbleUpon vulnerable to Reflected Cross site scripting