What's new

Reflected XSS Vulnerability in Crunchbase


Indian Security Researcher, Nikhil Kulkarni, has discovered Reflected Cross site scripting vulnerability in the official website of CrunchBase, a free wiki-style directory of people, technology companies, and investors.

The real name field in the User page  found to be vulnerable to XSS attack.  Nikhil immediately report about the vulnerability to TechCrunch  and was told not to disclose this issue until its rectified.

The security flaw was rectified after he reported but later again he was still able to find XSS again.  So he reported them again.

"And the reply I got was that the earlier when they fixed the XSS issue they found some other codes were breaking and hence forth they had to remove the XSS Prevention code." Researcher said.

The vulnerability successfully has been fixed now.