blind xss in apple

This is my report about blind xss in apple via user agent

Steps to reproduce :

go to :

URL: https://support.apple.com/fr-fr/ht204204

and use Tamper Data

for alter the data

and inject this payload :

</SCript><svG/onLoad=alert(document.domain)>

in user agent input

and we got xss alert

regards,

TAHA

2 Replies to “blind xss in apple”

Leave a Reply