Telekom Magenta Musik 360 - Multiple Cross Site Scripting Vulnerabilities

Telekom Magenta Musik 360 - CERT Coordinates

The videos shows the reproduce for the german telekom in a new service they did publish in 2019 Q1. The vulnerabilities are persistent and non-persistent cross site scripting issues within the front / backend of the online service. Remote attackers are able to inject own malicious script codes to the registration process in the exception handling. After the inject the malformed codes are as well exectuable in the backend against managers or administrators of the cms.

The security issues were reported to the telekom cz bug bounty and cert team. The issues was resolved within 2 weeks after the notify of the security contact. Feel free to preview the video of the identification process and reproduce.


Rate this article: 
Average: 4 (9 votes)


nice research & cool short video

such xss could lead to much damage by attacks in the wild. well acknowledged.

Add new comment

Plain text

  • No HTML tags allowed.