lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date: Thu, 17 Sep 2020 21:14:51 +0000
From: Juan Avila <>
To: "" <>
Subject: [FD] Navy Federal Reflective Cross Site Scripting (XSS)

Navy Federal - (

Front pubic facing application


David Reyes

Vulnerability Summary
The endpoint did not sanitize HTML characters. It was possible to pass HTML code which triggered an XSS.
Technical Details
The parameter "type" failed to properly sanitize HTML characters resulting in reflective XSS.ß

Reference OWASP top 10.

07 May 2019 - Adaptive Security Consulting discovered a series of vulnerabilities in medical records management and
search applications being considered by our client
September 2020 - Endpoint no longer appears to be vulnerable to XSS.

Juan Avila
Arthrocyber, LLC
Cell (682)238-7188

Sent through the Full Disclosure mailing list
Web Archives & RSS:

Powered by blists - more mailing lists