Refltected XSS primagames.com

Reflected XSS Primagames.com | by Friendly - Freedium Milestone: 20GB Reached We’ve reached 20GB of stored data — thank you for helping us grow! Patreon Ko-fi Liberapay Close < Go to the original Reflected XSS Primagames.com Long story short, I've emailed them a few times, tweeted at them and no answer to fix their security. Friendly Follow ~1 min read · August 6, 2018 (Updated: August 6, 2018) · Free: Yes I have decided to do a full disclosure regarding this. You have a reflected XSS vulnerability located at this domain: https://shop.primagames.com/us/search?p= This was tested on the latest version of Firefox 61.0.1 (64-bit). By entering this payload in the URL, you are able to execute a script (XSS): …. We get the famous confirm(1) to popup! Impact: This allows an attacker to inject custom Javascript codes that can be used to steal information from Primagames's user base and lure them to malicious websites on the internet on behalf of Primagames's website. Once again, this post is NOT meant to do anything harmful to the website. I am just a security researcher who is trying to help secure your website — other websites as well. I hope you see this post and fix your issue very soon and secure your users. If you have any questions or comments, feel free to message me on Twitter @Skeletorkeys Thanks for reading. #security #relfected-xss #xs #full-discloure Reporting a Problem Sometimes we have problems displaying some Medium posts. If you have a problem that some images aren't loading - try using VPN. Probably you have problem with access to Medium CDN (or fucking Cloudflare's bot detection algorithms are blocking you).