Summary by Opera Public Bug Bounty
An XSS was found involving two GET parameters which would be reflected into the page, allowing for javascript to be run.
Reflected Cross Site Scripting (XSS) on https://gamemaker.io/account/dashboard
Disclosed by abitsec- Program Opera Public Bug Bounty
- Disclosed date over 1 year ago
- Points 10
- Priority P3 Bugcrowd's VRT priority rating
- Status Resolved This vulnerability has been accepted and fixed
Summary by abitsec
A Reflected Cross-Site Scripting (XSS) vulnerability was found affecting multiple https://gamemaker.io endpoints via the error and notice URL parameters.