Responsible Responsible Disclosure Split Wise Stored XSS

Splitwise is a Providence, RI based company that makes it easy to split bills with friends and family and yes i am user of Split wise. Recently, found stored XSS in Split wise add amount module.  This can be used to easily steal the cookies of the our friend as well as make it was possible redirect page to other page, where victim can be trapped easily.

Reported this bug on Aug 21 2013 and fixed on next day

POC:

Following payload executed successfully

< script >(sessionStorage[!-1]=alert)(!-1) < / s cript>

” > < s  cript> Alert(1)< / script>

Iframe execution demonstration

Thanks for sending me T-shirt and some more security bugs are on the way