Reflected XSS ON ASUS.

Hy this is Thejus Krishnan, This article on my recent finding of ASUS Web Application Vulnerability which was affected by cross Site Scripting.

When i was searching for an Asus product, i accidentally found out a sub domain

Url :, Here i tried XSS.

When i submitted the payload “dvs9c”><script>alert(‘hello’)</script>jnyf0" in the search parameter. BOOM..! i got XSS.

Vulnerable url :"><script>alert(“hello”)</script>jnyf0

Few Weeks after reporting this issue to Asus Security Team. I got a replay from Asus Team that the issue has been resolved.

Thanks for reading.

Timeline :

DEC 15 Reported the issue.

DEC 17 Responded

DEC 22 Fixed and HOF approved

DEC 28 Listed in HOF