Reflected XSS on via 'channel' parameter
Discovered by gnux on Wordpress

This issue took 0 Days and 4 hours to triage and 0 Days and 13 hours to close the report once triaged.

Hi there, I just found a reflected XSS on domain.

steps to reproduce :

  1. visit this link :
  2. xss pop up will occurs

POC: see:wp reflected xss.png

Note: it works on the latest version of firefox


some of xss impact like stealing cookies, session hijacking, etc ..