Basics

Author:

Company:

Website:

Timestamp:

Summary

Reflected Cross-Site Scripting (XSS) on Page foo Request Variable bar

Vulnerability

Type:

Severity:

Steps

Screenshots

I recommend using direct links to images uploaded on imageshar.es or imgur.

Source Code

If applicable, include source code. e.g. a sample size of code around the injected XSS. This helps identify the location of the vulnerability in their templating or project source code.

<div class="foo"><script>alert(1);</script></div>

Additional Information

Include relevant information such as stipulations that are good to know that are not included in the steps and/or OWASP articles explaining vulnerability and possible solutions.

This is vulnerable because the user input is not encoded when displayed back in the page request body. You can find more information on XSS here: https://www.owasp.org/index.php/Cross-site_Scripting_%28XSS%29

Format

BBCode

HTML

Text

HackerOne

Bounty Report Generator