A Security Researcher Adwiteeya Agrawal has discovered Non-persistent Cross site scripting(XSS) Security flaw in the Change.org.
Change.org is the web's leading platform for social change, empowering anyone, anywhere to start petitions that make a difference.
The vulnerability has been discovered in the Simple Search Form used in the website. The developer fails to validate the search keyword given by the user.
POC:
Change.org is the web's leading platform for social change, empowering anyone, anywhere to start petitions that make a difference.
The vulnerability has been discovered in the Simple Search Form used in the website. The developer fails to validate the search keyword given by the user.
POC:
https://www.change.org/search?utf8=✓&q=<script>alert("XSS By Adwiteeya Agrawal")</script>