This is my report about blind xss in apple via user agent
Steps to reproduce :
go to :
URL: https://support.apple.com/fr-fr/ht204204
and use Tamper Data
for alter the data
and inject this payload :
</SCript><svG/onLoad=alert(document.domain)>
in user agent input
and we got xss alert
regards,
TAHA
Its no blind xss !
it is not xss either 🙂