#7 Webtune App - XSS in song and album fields with string input

Description

Fields in song and album that accept string, e.g song's title, singer, and genre, vulnerable to XSS. For example, if we put an input of a string like this:

1 <script>alert(123)</script>

When the song or album is loaded to the browser, the script is also executed. It is obviously dangerous

#7 Webtune App - XSS in song and album fields with string input

Description

Example