Telekom Magenta Musik 360 - Multiple Cross Site Scripting Vulnerabilities

Editorial_Staff_Team's picture

Telekom Magenta Musik 360 - CERT Coordinates

The videos shows the reproduce for the german telekom in a new service they did publish in 2019 Q1. The vulnerabilities are persistent and non-persistent cross site scripting issues within the front / backend of the online service. Remote attackers are able to inject own malicious script codes to the registration process in the exception handling. After the inject the malformed codes are as well exectuable in the backend against managers or administrators of the cms.

The security issues were reported to the telekom cz bug bounty and cert team. The issues was resolved within 2 weeks after the notify of the security contact. Feel free to preview the video of the identification process and reproduce.

Reference(s):

https://www.telekom.com/de/verantwortung/sicherheit/details/danksagungen

Rate this article: 
Average: 5 (4 votes)

Comments

kipa's picture

nice research & cool short video

Add new comment

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.