I. VULNERABILITY ------------------------- Vulnerability Cross-Site Scripting (XSS) II. PROOF OF CONCEPT ------------------------- URL: http://tradukka.com/translate/en/es/ State: Fix & Patch Vector: '> III. SYSTEMS AFFECTED ------------------------- The vulnerability affects the Translator Tradukka: http://tradukka.com IV. CREDITS ------------------------- These vulnerabilities have been discovered by Francisco Javier Santiago Vázquez aka "n0ipr0cs" ( https://es.linkedin.com/in/francisco-javier-santiago-v%C3%A1zquez-1b654050). (https://twitter.com/n0ipr0cs). V. DISCLOSURE TIMELINE ------------------------- April 03, 2016: Vulnerability acquired by Francisco Javier Santiago Vázquez. aka "n0ipr0cs" April 03, 2016 Responsible disclosure to Tradukka Security Team. April 04, 2016 Solution - Fix & Patch April 04, 2016 Disclosure VI. Links ------------------------ POC :- http://www.estacion-informatica.com/2016/04/xss-en-tradukka.html *Francisco Javier Santiago Vázquez Ethical Hacker and Forensic Analyst *