Reflected XSS on help.steampowered.com
State Resolved (Closed)
Disclosed publicly 2019-01-07T20:14:15.601Z
Reported To
Weakness Cross-site Scripting (XSS) - Reflected
Bounty $750
Collapse


Timeline
submitted a report to Valve .
2018-08-04T08:13:15.999Z

URL: https://help.steampowered.com/en/wizard/HelpWithGameIssue/?appid=704740&issueid=125&option=%3Ch1%3Eunfiltered

It puts option option into a translation token <div class="help_page_title">#Help_Game_MissingItemsTitle{user controlled string here}

And if there's no such translation token, it just prints out the entire user input unescaped.

Impact

XSS.

Regards,
Frans

dukefleed Activities::Comment
2018-08-04T08:41:36.486Z
Hello @xpaw, Thank you for the report. We are currently reviewing this and will get in touch with you once our review is complete. Regards, @dukefleed


dukefleed Activities::ReportSeverityUpdated
2018-08-04T08:45:14.482Z


dukefleed Activities::BugTriaged
2018-08-04T08:45:18.428Z
Thank you for your submission! Your report has been validated, and it has been submitted to the appropriate remediation team for review. They will let the HackerOne triage team know the final ruling on this report, and if/when a fix will be implemented. The HackerOne triage team will follow-up after the remediation team has assessed the impact of this report. Please note that the status and severity are subject to changes. Kind regards, @dukefleed


Activities::BountyAwarded
2018-08-08T00:00:29.843Z


chrisk Activities::BugResolved
2018-08-08T00:00:44.922Z
Thanks for the report, we have deployed a fix for the issue.


xpaw Activities::AgreedOnGoingPublic
2018-08-09T14:32:56.677Z


bgilmore Activities::AgreedOnGoingPublic
2019-01-07T20:14:15.559Z


bgilmore Activities::ReportBecamePublic
2019-01-07T20:14:15.618Z