XSS in login.gov.pl

Your experience of helping website owners
Post Reply
Jacek25465244
Posts:2
Joined:Mon Aug 08, 2022 2:22 pm
XSS in login.gov.pl

Post by Jacek25465244 » Mon Jun 26, 2023 10:08 pm

Hey, I reported a reflected XSS in login.gov.pl
This is the most trivial reflected XSS with <script>alert(1)</script> in the url that you can imagine.
I got informed that your team cannot reproduce that...
Crying shame...
Maybe don't get into hacking if such a complicated attack is more than you can handle.
Just letting you know in case you want to investigate what's wrong with your platform.
I was also reporting an issue with not being able to access my previous account- also no response.
Just letting you know about all the bad experiences I had with you. I would strongly recommend you to investigate who was verifying that vulnerabilities I reported and how.
Another issue I reported is also classified as cannot reproduce, even if it's clearly reproducible.
And one of my issues was classified as "Wrong vulnerability type" even though it's popping up an alert(1). Guess what kind of vulnerability that is.
I'm proceeding with reporting the vulnerability using another platform.
Have a day as good as the quality of your platform
Jacek
Top
Post Reply

Return to “Coordinated and Responsible Disclosure”

Who is online

Users browsing this forum: No registered users and 1 guest