I found some XSS issue in suppliers.teslamotors.com domain.
Steps To Reproduce:
Note: For Intercepting the Request. I used Firefox Add-on Tamper Data.
1- Visit: https://suppliers.teslamotors.com/supplier/
2- Type username and password in the given fields.
3- Before Click on Login Button, Run TAMPER DATA and start to Tamper.
4- Back to Page, Click on check box "Remember me"
5- Click on Login button. Your request is now tampered by tamper data. replace parameter 'remember-me' value "1" with your {XSS payload}.
6- Click on "OK" Button.
7- XSS Pop Up !!!
Snap Shot:
Video PoC:
Steps To Reproduce:
Note: For Intercepting the Request. I used Firefox Add-on Tamper Data.
1- Visit: https://suppliers.teslamotors.com/supplier/
2- Type username and password in the given fields.
3- Before Click on Login Button, Run TAMPER DATA and start to Tamper.
4- Back to Page, Click on check box "Remember me"
5- Click on Login button. Your request is now tampered by tamper data. replace parameter 'remember-me' value "1" with your {XSS payload}.
6- Click on "OK" Button.
7- XSS Pop Up !!!
Snap Shot:
Video PoC: