| Title | FITSTATS Technologies AthleteMonitoring N/A Cross Site Scripting |
|---|
| Description | Hello, I found an XSS vulnerability in the username parameter of the application, see that it is a service sold to several organizations and governments.
Vendor URL: https://www.athletemonitoring.com/
On the home page and following url you have all the clients.: https://www.athletemonitoring.com/clients/
PoC:
https://example.com/login.php?username=%22%3E%3Csvg%2Fonload=confirm%28%27xss-c4ng4c31r0%27%29%3E |
|---|
| User | c4ng4c3ir0 (UID 38456) |
|---|
| Submission | 02/20/2025 18:59 (1 Year ago) |
|---|
| Moderation | 03/02/2025 16:32 (10 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 298108 [FITSTATS Technologies AthleteMonitoring up to 20250302 /login.php Username cross site scripting] |
|---|
| Points | 16 |
|---|