Stored XSS vulnerability in hiveblockexplorer.com !! [SOLVED]

avatar
(Edited)


src


I was trying to understand better how Hive works at a technical level, so I was going through some documentation and exploring the content of blocks. I came across [a transaction](https://hiveblockexplorer.com/tx/8437cffaa71b2fcf292584f19ea407c6dfb40b24] that displayed the user logo at the end of the post text.

That immediately rang a bell. That image should not be there.. only text should be in that table cell!

Therefore I inspected the page and noticed that indeed some text was being parsed by the browser, meaning that it was not correctly sanitized on the server side.

I checked how the post text looked like in the hive block and I crafted a similar comment with some hidden code in it.

Result: I checked my new comment on hiveblockexplorer.com and the site executed my code!!

  • XSS ✅

{{ for more details on what XSS is see: https://www.imperva.com/learn/application-security/cross-site-scripting-xss-attacks }}

Proof:

If you want to check yourself, I stored my harmless XSS herePS. now fixed by @penguinpablo.

If you click on that link:

  • You will see the alert in the screenshot above;

  • After 10s you will be redirected to this post of mine.


This happens because the website parses my specially crafted TEXT as code and executed it! That should never happen.

The code stored on that page could obviously be used for evil things like redirecting users to a phishing page!

A user could fall victim of it because a malicious attacker could keep spamming these type of messages into blocks OR, even worse, they could send another user a link crafted in this way as a proof of previous payment, in order to try to steal their private keys.

Guys that maintain hiveblockexplorer.com (@penguinpablo), please fix this ASAP!
Contact me on Discord if you need more details.
#xss #abuse #security #disclosure #shipit #fixasap


UPDATE 1: the same vulnerability is also on steemblockexplorer.com .. but maybe we can leave it like that there. Freaking Justin loves thieves after all..

UPDATE 2: @penguinpablo today fixed the issue: https://hive.blog/hive/@penguinpablo/qfk9ge
Good stuff!!

Domain now removed from @keys-defender blacklist.
!remove hiveblockexplorer.com

Previous security disclosures of mine:

hivedev security phishing hacking palnet neoxian xss abuse
0
0
0.000
132 comments
avatar

Well done ! But please in the future contact the maintainer so he can patch the security issue before releasing it to the public. You are endangering the ecosystem by doing it that way.

0
0
0.000
Reply
avatar
(Edited)

True, but..

  • I did not share the exploit;
  • I have been trying to reach him on multiple channels already;
  • There's no session to be compromised on that site (as I mentioned in the post, only the redirection bit is dangerous).

👍

0
0
0.000
Reply
avatar
(Edited)

PS. @howo Today I launched this, better?? 😏😏
[auto-replies to posts and comments with known compromised domains or phishing links]
https://hive.blog/hive/@keys-defender/new-feature-phishing-detection-and-auto-reply

cc: @therealwolf @saboin

0
0
0.000
Reply
avatar

UPDATE: the same vulnerability is also on steemblockexplorer(...)

They don't need XSS to steal from users. People who use Steem these days should assume that their funds can be stolen at any moment.

0
0
0.000
Reply
avatar

Found also a new XSS not yet fixxed on the same site. Messaged u on Discord.

0
0
0.000
Reply
avatar

I'm not using a discord. Come to the https://openhive.chat
You can find me (@gandalf) on #general channel or #witness or #help.

0
0
0.000
Reply
avatar
0
0
0.000
Reply
avatar

Nope it's not resolved yet - just checked. @penguinpablo is not reachable on any Chat-Service so it have sent him a private memo in his wallet with Informations to the XSS i found.

0
0
0.000
Reply
avatar

@louis88
Make sure you clear your cache.
I don’t see your memo, if another field was not fixed you could send it to him encrypted with his public memo key so that only he can decrypt it with his private key.

0
0
0.000
Reply
avatar

Sure. i cleared the whole Site data in the Developer Console and opend the page where i stored the Script. And yes, i got the alert.

I have sent penguinpablo an encrypted memo on hive because he is the project owner. sure ;)

0
0
0.000
Reply
avatar
0
0
0.000
Reply
avatar

Do not click on any link on this post/comment

❗ ❗ ❗ ❗ ❗

It contains a link that is currently on my list as PHISHING   ❗
-> "https://hiveblockexplorer.com/tx/*"


More info: https://hive.blog/hive/@gaottantacinque/hiveblockexplorer-com-is-vulnerable-to-stored-xss
@keys-defender
0
0
0.000
Reply
avatar

Do not click on any link on this post/comment

❗ ❗ ❗ ❗ ❗

It contains a link that is currently on my list as PHISHING   ❗
-> "https://hiveblockexplorer.com/tx/*"


More info: https://hive.blog/hive/@gaottantacinque/hiveblockexplorer-com-is-vulnerable-to-stored-xss
@keys-defender
0
0
0.000
Reply
avatar

Do not click on any link on this post/comment

❗ ❗ ❗ ❗ ❗

It contains a link that is currently on my list as PHISHING   ❗
-> "https://hiveblockexplorer.com/tx/*"


More info: https://hive.blog/hive/@gaottantacinque/hiveblockexplorer-com-is-vulnerable-to-stored-xss
@keys-defender
0
0
0.000
Reply
avatar

Do not click on any link on this post/comment

❗ ❗ ❗ ❗ ❗

It contains a link that is currently on my list as PHISHING   ❗
-> "https://hiveblockexplorer.com/tx/*"


More info: https://hive.blog/hive/@gaottantacinque/hiveblockexplorer-com-is-vulnerable-to-stored-xss
@keys-defender
0
0
0.000
Reply
avatar

Do not click on any link on this post/comment

❗ ❗ ❗ ❗ ❗

It contains a link that is currently on my list as PHISHING   ❗
-> "https://hiveblockexplorer.com/tx/*"


More info: https://hive.blog/hive/@gaottantacinque/hiveblockexplorer-com-is-vulnerable-to-stored-xss
@keys-defender
0
0
0.000
Reply
avatar

Do not click on any link on this post/comment

❗ ❗ ❗ ❗ ❗

It contains a link that is currently on my list as PHISHING   ❗
-> "https://hiveblockexplorer.com/tx/*"


More info: https://hive.blog/hive/@gaottantacinque/hiveblockexplorer-com-is-vulnerable-to-stored-xss
@keys-defender
0
0
0.000
Reply
avatar

Do not click on any link on this post/comment

❗ ❗ ❗ ❗ ❗

It contains a link that is currently on my list as PHISHING   ❗
-> "https://hiveblockexplorer.com/tx/*"


More info: https://hive.blog/hive/@gaottantacinque/hiveblockexplorer-com-is-vulnerable-to-stored-xss
@keys-defender
0
0
0.000
Reply
avatar

Do not click on any link on this post/comment

❗ ❗ ❗ ❗ ❗

It contains a link that is currently on my list as PHISHING   ❗
-> "https://hiveblockexplorer.com/tx/*"


More info: https://hive.blog/hive/@gaottantacinque/hiveblockexplorer-com-is-vulnerable-to-stored-xss
@keys-defender
0
0
0.000
Reply
avatar

Do not click on any link on this post/comment

❗ ❗ ❗ ❗ ❗

It contains a link that is currently on my list as PHISHING   ❗
-> "https://hiveblockexplorer.com/tx/*"


More info: https://hive.blog/hive/@gaottantacinque/hiveblockexplorer-com-is-vulnerable-to-stored-xss
@keys-defender
0
0
0.000
Reply
avatar

Do not click on any link on this post/comment

❗ ❗ ❗ ❗ ❗

It contains a link that is currently on my list as PHISHING   ❗
-> "https://hiveblockexplorer.com/tx/*"


More info: https://hive.blog/hive/@gaottantacinque/hiveblockexplorer-com-is-vulnerable-to-stored-xss
@keys-defender
0
0
0.000
Reply
avatar

Do not click on any link on this post/comment

❗ ❗ ❗ ❗ ❗

It contains a link that is currently on my list as PHISHING   ❗
-> "https://hiveblockexplorer.com/tx/*"


More info: https://hive.blog/hive/@gaottantacinque/hiveblockexplorer-com-is-vulnerable-to-stored-xss
@keys-defender
0
0
0.000
Reply
avatar

Do not click on any link on this post/comment

❗ ❗ ❗ ❗ ❗

It contains a link that is currently on my list as PHISHING   ❗
-> "https://hiveblockexplorer.com/tx/*"


More info: https://hive.blog/hive/@gaottantacinque/hiveblockexplorer-com-is-vulnerable-to-stored-xss
@keys-defender
0
0
0.000
Reply
avatar

Do not click on any link on this post/comment

❗ ❗ ❗ ❗ ❗

It contains a link that is currently on my list as PHISHING   ❗
-> "https://hiveblockexplorer.com/tx/*"


More info: https://hive.blog/hive/@gaottantacinque/hiveblockexplorer-com-is-vulnerable-to-stored-xss
@keys-defender
0
0
0.000
Reply
avatar

Do not click on any link on this post/comment

❗ ❗ ❗ ❗ ❗

It contains a link that is currently on my list as PHISHING   ❗
-> "https://hiveblockexplorer.com/tx/*"


More info: https://hive.blog/hive/@gaottantacinque/hiveblockexplorer-com-is-vulnerable-to-stored-xss
@keys-defender
0
0
0.000
Reply
avatar

Do not click on any link on this post/comment

❗ ❗ ❗ ❗ ❗

It contains a link that is currently on my list as PHISHING   ❗
-> "https://hiveblockexplorer.com/tx/*"


More info: https://hive.blog/hive/@gaottantacinque/hiveblockexplorer-com-is-vulnerable-to-stored-xss
@keys-defender
0
0
0.000
Reply
avatar

Do not click on any link on this post/comment

❗ ❗ ❗ ❗ ❗

It contains a link that is currently on my list as PHISHING   ❗
-> "https://hiveblockexplorer.com/tx/*"


More info: https://hive.blog/hive/@gaottantacinque/hiveblockexplorer-com-is-vulnerable-to-stored-xss
@keys-defender
0
0
0.000
Reply
avatar

Do not click on any link on this post/comment

❗ ❗ ❗ ❗ ❗

It contains a link that is currently on my list as PHISHING   ❗
-> "https://hiveblockexplorer.com/tx/*"


More info: https://hive.blog/hive/@gaottantacinque/hiveblockexplorer-com-is-vulnerable-to-stored-xss
@keys-defender
0
0
0.000
Reply
avatar

Do not click on any link on this post/comment

❗ ❗ ❗ ❗ ❗

It contains a link that is currently on my list as PHISHING   ❗
-> "https://hiveblockexplorer.com/tx/*"


More info: https://hive.blog/hive/@gaottantacinque/hiveblockexplorer-com-is-vulnerable-to-stored-xss
@keys-defender
0
0
0.000
Reply
avatar

Do not click on any link on this post/comment

❗ ❗ ❗ ❗ ❗

It contains a link that is currently on my list as PHISHING   ❗
-> "https://hiveblockexplorer.com/tx/*"


More info: https://hive.blog/hive/@gaottantacinque/hiveblockexplorer-com-is-vulnerable-to-stored-xss
@keys-defender
0
0
0.000
Reply
avatar

Do not click on any link on this post/comment

❗ ❗ ❗ ❗ ❗

It contains a link that is currently on my list as PHISHING   ❗
-> "https://hiveblockexplorer.com/tx/*"


More info: https://hive.blog/hive/@gaottantacinque/hiveblockexplorer-com-is-vulnerable-to-stored-xss
@keys-defender
0
0
0.000
Reply
avatar

Do not click on any link on this post/comment

❗ ❗ ❗ ❗ ❗

It contains a link that is currently on my list as PHISHING   ❗
-> "https://hiveblockexplorer.com/tx/*"


More info: https://hive.blog/hive/@gaottantacinque/hiveblockexplorer-com-is-vulnerable-to-stored-xss
@keys-defender
0
0
0.000
Reply
avatar

Do not click on any link on this post/comment

❗ ❗ ❗ ❗ ❗

It contains a link that is currently on my list as PHISHING   ❗
-> "https://hiveblockexplorer.com/tx/*"


More info: https://hive.blog/hive/@gaottantacinque/hiveblockexplorer-com-is-vulnerable-to-stored-xss
@keys-defender
0
0
0.000
Reply
avatar

Do not click on any link on this post/comment

❗ ❗ ❗ ❗ ❗

It contains a link that is currently on my list as PHISHING   ❗
-> "https://hiveblockexplorer.com/tx/*"


More info: https://hive.blog/hive/@gaottantacinque/hiveblockexplorer-com-is-vulnerable-to-stored-xss
@keys-defender
0
0
0.000
Reply
avatar

Do not click on any link on this post/comment

❗ ❗ ❗ ❗ ❗

It contains a link that is currently on my list as PHISHING   ❗
-> "https://hiveblockexplorer.com/tx/*"


More info: https://hive.blog/hive/@gaottantacinque/hiveblockexplorer-com-is-vulnerable-to-stored-xss
@keys-defender
0
0
0.000
Reply
avatar

Do not click on any link on this post/comment

❗ ❗ ❗ ❗ ❗

It contains a link that is currently on my list as PHISHING   ❗
-> "https://hiveblockexplorer.com/tx/*"


More info: https://hive.blog/hive/@gaottantacinque/hiveblockexplorer-com-is-vulnerable-to-stored-xss
@keys-defender
0
0
0.000
Reply
avatar

Do not click on any link on this post/comment

❗ ❗ ❗ ❗ ❗

It contains a link that is currently on my list as PHISHING   ❗
-> "https://hiveblockexplorer.com/tx/*"


More info: https://hive.blog/hive/@gaottantacinque/hiveblockexplorer-com-is-vulnerable-to-stored-xss
@keys-defender
0
0
0.000
Reply
avatar

Do not click on any link on this post/comment

❗ ❗ ❗ ❗ ❗

It contains a link that is currently on my list as PHISHING   ❗
-> "https://hiveblockexplorer.com/tx/*"


More info: https://hive.blog/hive/@gaottantacinque/hiveblockexplorer-com-is-vulnerable-to-stored-xss
@keys-defender
0
0
0.000
Reply
avatar

Do not click on any link on this post/comment

❗ ❗ ❗ ❗ ❗

It contains a link that is currently on my list as PHISHING   ❗
-> "https://hiveblockexplorer.com/tx/*"


More info: https://hive.blog/hive/@gaottantacinque/hiveblockexplorer-com-is-vulnerable-to-stored-xss
@keys-defender
0
0
0.000
Reply
avatar

Do not click on any link on this post/comment

❗ ❗ ❗ ❗ ❗

It contains a link that is currently on my list as PHISHING   ❗
-> "https://hiveblockexplorer.com/tx/*"


More info: https://hive.blog/hive/@gaottantacinque/hiveblockexplorer-com-is-vulnerable-to-stored-xss
@keys-defender
0
0
0.000
Reply
avatar

Do not click on any link on this post/comment

❗ ❗ ❗ ❗ ❗

It contains a link that is currently on my list as PHISHING   ❗
-> "https://hiveblockexplorer.com/tx/*"


More info: https://hive.blog/hive/@gaottantacinque/hiveblockexplorer-com-is-vulnerable-to-stored-xss
@keys-defender
0
0
0.000
Reply
avatar

Do not click on any link on this post/comment

❗ ❗ ❗ ❗ ❗

It contains a link that is currently on my list as PHISHING   ❗
-> "https://hiveblockexplorer.com/tx/*"


More info: https://hive.blog/hive/@gaottantacinque/hiveblockexplorer-com-is-vulnerable-to-stored-xss
@keys-defender
0
0
0.000
Reply
avatar

Do not click on any link on this post/comment

❗ ❗ ❗ ❗ ❗

It contains a link that is currently on my list as PHISHING   ❗
-> "https://hiveblockexplorer.com/tx/*"


More info: https://hive.blog/hive/@gaottantacinque/hiveblockexplorer-com-is-vulnerable-to-stored-xss
@keys-defender
0
0
0.000
Reply
avatar

Do not click on any link on this post/comment

❗ ❗ ❗ ❗ ❗

It contains a link that is currently on my list as PHISHING   ❗
-> "https://hiveblockexplorer.com/tx/*"


More info: https://hive.blog/hive/@gaottantacinque/hiveblockexplorer-com-is-vulnerable-to-stored-xss
@keys-defender
0
0
0.000
Reply
avatar

Do not click on any link on this post/comment

❗ ❗ ❗ ❗ ❗

It contains a link that is currently on my list as PHISHING   ❗
-> "https://hiveblockexplorer.com/tx/*"


More info: https://hive.blog/hive/@gaottantacinque/hiveblockexplorer-com-is-vulnerable-to-stored-xss
@keys-defender
0
0
0.000
Reply
avatar

Do not click on any link on this post/comment

❗ ❗ ❗ ❗ ❗

It contains a link that is currently on my list as PHISHING   ❗
-> "https://hiveblockexplorer.com/tx/*"


More info: https://hive.blog/hive/@gaottantacinque/hiveblockexplorer-com-is-vulnerable-to-stored-xss
@keys-defender
0
0
0.000
Reply
avatar

Do not click on any link on this post/comment

❗ ❗ ❗ ❗ ❗

It contains a link that is currently on my list as PHISHING   ❗
-> "https://hiveblockexplorer.com/tx/*"


More info: https://hive.blog/hive/@gaottantacinque/hiveblockexplorer-com-is-vulnerable-to-stored-xss
@keys-defender
0
0
0.000
Reply
avatar

Do not click on any link on this post/comment

❗ ❗ ❗ ❗ ❗

It contains a link that is currently on my list as PHISHING   ❗
-> "https://hiveblockexplorer.com/tx/*"


More info: https://hive.blog/hive/@gaottantacinque/hiveblockexplorer-com-is-vulnerable-to-stored-xss
@keys-defender
0
0
0.000
Reply
avatar

Do not click on any link on this post/comment

❗ ❗ ❗ ❗ ❗

It contains a link that is currently on my list as PHISHING   ❗
-> "https://hiveblockexplorer.com/tx/*"


More info: https://hive.blog/hive/@gaottantacinque/hiveblockexplorer-com-is-vulnerable-to-stored-xss
@keys-defender
0
0
0.000
Reply
avatar

Do not click on any link on this post/comment

❗ ❗ ❗ ❗ ❗

It contains a link that is currently on my list as PHISHING   ❗
-> "https://hiveblockexplorer.com/tx/*"


More info: https://hive.blog/hive/@gaottantacinque/hiveblockexplorer-com-is-vulnerable-to-stored-xss
@keys-defender
0
0
0.000
Reply
avatar

Do not click on any link on this post/comment

❗ ❗ ❗ ❗ ❗

It contains a link that is currently on my list as PHISHING   ❗
-> "https://hiveblockexplorer.com/tx/*"


More info: https://hive.blog/hive/@gaottantacinque/hiveblockexplorer-com-is-vulnerable-to-stored-xss
@keys-defender
0
0
0.000
Reply
avatar

Do not click on any link on this post/comment

❗ ❗ ❗ ❗ ❗

It contains a link that is currently on my list as PHISHING   ❗
-> "https://hiveblockexplorer.com/tx/*"


More info: https://hive.blog/hive/@gaottantacinque/hiveblockexplorer-com-is-vulnerable-to-stored-xss
@keys-defender
0
0
0.000
Reply
avatar

Do not click on any link on this post/comment

❗ ❗ ❗ ❗ ❗

It contains a link that is currently on my list as PHISHING   ❗
-> "https://hiveblockexplorer.com/tx/*"


More info: https://hive.blog/hive/@gaottantacinque/hiveblockexplorer-com-is-vulnerable-to-stored-xss
@keys-defender
0
0
0.000
Reply
avatar

Do not click on any link on this post/comment

❗ ❗ ❗ ❗ ❗

It contains a link that is currently on my list as PHISHING   ❗
-> "https://hiveblockexplorer.com/tx/*"


More info: https://hive.blog/hive/@gaottantacinque/hiveblockexplorer-com-is-vulnerable-to-stored-xss
@keys-defender
0
0
0.000
Reply
avatar

Do not click on any link on this post/comment

❗ ❗ ❗ ❗ ❗

It contains a link that is currently on my list as PHISHING   ❗
-> "https://hiveblockexplorer.com/tx/*"


More info: https://hive.blog/hive/@gaottantacinque/hiveblockexplorer-com-is-vulnerable-to-stored-xss
@keys-defender
0
0
0.000
Reply
avatar

Do not click on any link on this post/comment

❗ ❗ ❗ ❗ ❗

It contains a link that is currently on my list as PHISHING   ❗
-> "https://hiveblockexplorer.com/tx/*"


More info: https://hive.blog/hive/@gaottantacinque/hiveblockexplorer-com-is-vulnerable-to-stored-xss
@keys-defender
0
0
0.000
Reply
avatar

Do not click on any link on this post/comment

❗ ❗ ❗ ❗ ❗

It contains a link that is currently on my list as PHISHING   ❗
-> "https://hiveblockexplorer.com/tx/*"


More info: https://hive.blog/hive/@gaottantacinque/hiveblockexplorer-com-is-vulnerable-to-stored-xss
@keys-defender
0
0
0.000
Reply
avatar

Do not click on any link on this post/comment

❗ ❗ ❗ ❗ ❗

It contains a link that is currently on my list as PHISHING   ❗
-> "https://hiveblockexplorer.com/tx/*"


More info: https://hive.blog/hive/@gaottantacinque/hiveblockexplorer-com-is-vulnerable-to-stored-xss
@keys-defender
0
0
0.000
Reply
avatar

Do not click on any link on this post/comment

❗ ❗ ❗ ❗ ❗

It contains a link that is currently on my list as PHISHING   ❗
-> "https://hiveblockexplorer.com/tx/*"


More info: https://hive.blog/hive/@gaottantacinque/hiveblockexplorer-com-is-vulnerable-to-stored-xss
@keys-defender
0
0
0.000
Reply
avatar

Do not click on any link on this post/comment

❗ ❗ ❗ ❗ ❗

It contains a link that is currently on my list as PHISHING   ❗
-> "https://hiveblockexplorer.com/tx/*"


More info: https://hive.blog/hive/@gaottantacinque/hiveblockexplorer-com-is-vulnerable-to-stored-xss
@keys-defender
0
0
0.000
Reply
avatar

Do not click on any link on this post/comment

❗ ❗ ❗ ❗ ❗

It contains a link that is currently on my list as PHISHING   ❗
-> "https://hiveblockexplorer.com/tx/*"


More info: https://hive.blog/hive/@gaottantacinque/hiveblockexplorer-com-is-vulnerable-to-stored-xss
@keys-defender
0
0
0.000
Reply
avatar

Do not click on any link on this post/comment

❗ ❗ ❗ ❗ ❗

It contains a link that is currently on my list as PHISHING   ❗
-> "https://hiveblockexplorer.com/tx/*"


More info: https://hive.blog/hive/@gaottantacinque/hiveblockexplorer-com-is-vulnerable-to-stored-xss
@keys-defender
0
0
0.000
Reply
avatar

Do not click on any link on this post/comment

❗ ❗ ❗ ❗ ❗

It contains a link that is currently on my list as PHISHING   ❗
-> "https://hiveblockexplorer.com/tx/*"


More info: https://hive.blog/hive/@gaottantacinque/hiveblockexplorer-com-is-vulnerable-to-stored-xss
@keys-defender
0
0
0.000
Reply
avatar

Do not click on any link on this post/comment

❗ ❗ ❗ ❗ ❗

It contains a link that is currently on my list as PHISHING   ❗
-> "https://hiveblockexplorer.com/tx/*"


More info: https://hive.blog/hive/@gaottantacinque/hiveblockexplorer-com-is-vulnerable-to-stored-xss
@keys-defender
0
0
0.000
Reply
avatar

Do not click on any link on this post/comment

❗ ❗ ❗ ❗ ❗

It contains a link that is currently on my list as PHISHING   ❗
-> "https://hiveblockexplorer.com/tx/*"


More info: https://hive.blog/hive/@gaottantacinque/hiveblockexplorer-com-is-vulnerable-to-stored-xss
@keys-defender
0
0
0.000
Reply
avatar

Do not click on any link on this post/comment

❗ ❗ ❗ ❗ ❗

It contains a link that is currently on my list as PHISHING   ❗
-> "https://hiveblockexplorer.com/tx/*"


More info: https://hive.blog/hive/@gaottantacinque/hiveblockexplorer-com-is-vulnerable-to-stored-xss
@keys-defender
0
0
0.000
Reply
avatar

Do not click on any link on this post/comment

❗ ❗ ❗ ❗ ❗

It contains a link that is currently on my list as PHISHING   ❗
-> "https://hiveblockexplorer.com/tx/*"


More info: https://hive.blog/hive/@gaottantacinque/hiveblockexplorer-com-is-vulnerable-to-stored-xss
@keys-defender
0
0
0.000
Reply
avatar

Do not click on any link on this post/comment

❗ ❗ ❗ ❗ ❗

It contains a link that is currently on my list as PHISHING   ❗
-> "https://hiveblockexplorer.com/tx/*"


More info: https://hive.blog/hive/@gaottantacinque/hiveblockexplorer-com-is-vulnerable-to-stored-xss
@keys-defender
0
0
0.000
Reply
avatar

Do not click on any link on this post/comment

❗ ❗ ❗ ❗ ❗

It contains a link that is currently on my list as PHISHING   ❗
-> "https://hiveblockexplorer.com/tx/*"


More info: https://hive.blog/hive/@gaottantacinque/hiveblockexplorer-com-is-vulnerable-to-stored-xss
@keys-defender
0
0
0.000
Reply
avatar

Do not click on any link on this post/comment

❗ ❗ ❗ ❗ ❗

It contains a link that is currently on my list as PHISHING   ❗
-> "https://hiveblockexplorer.com/tx/*"


More info: https://hive.blog/hive/@gaottantacinque/hiveblockexplorer-com-is-vulnerable-to-stored-xss
@keys-defender
0
0
0.000
Reply
avatar

Do not click on any link on this post/comment

❗ ❗ ❗ ❗ ❗

It contains a link that is currently on my list as PHISHING   ❗
-> "https://hiveblockexplorer.com/tx/*"


More info: https://hive.blog/hive/@gaottantacinque/hiveblockexplorer-com-is-vulnerable-to-stored-xss
@keys-defender
0
0
0.000
Reply
avatar

Do not click on any link on this post/comment

❗ ❗ ❗ ❗ ❗

It contains a link that is currently on my list as PHISHING   ❗
-> "https://hiveblockexplorer.com/tx/*"


More info: https://hive.blog/hive/@gaottantacinque/hiveblockexplorer-com-is-vulnerable-to-stored-xss
@keys-defender
0
0
0.000
Reply
avatar

Do not click on any link on this post/comment

❗ ❗ ❗ ❗ ❗

It contains a link that is currently on my list as PHISHING   ❗
-> "https://hiveblockexplorer.com/tx/*"


More info: https://hive.blog/hive/@gaottantacinque/hiveblockexplorer-com-is-vulnerable-to-stored-xss
@keys-defender
0
0
0.000
Reply
avatar

Do not click on any link on this post/comment

❗ ❗ ❗ ❗ ❗

It contains a link that is currently on my list as PHISHING   ❗
-> "https://hiveblockexplorer.com/tx/*"


More info: https://hive.blog/hive/@gaottantacinque/hiveblockexplorer-com-is-vulnerable-to-stored-xss
@keys-defender
0
0
0.000
Reply
avatar

Do not click on any link on this post/comment

❗ ❗ ❗ ❗ ❗

It contains a link that is currently on my list as PHISHING   ❗
-> "https://hiveblockexplorer.com/tx/*"


More info: https://hive.blog/hive/@gaottantacinque/hiveblockexplorer-com-is-vulnerable-to-stored-xss
@keys-defender
0
0
0.000
Reply
avatar

Do not click on any link on this post/comment

❗ ❗ ❗ ❗ ❗

It contains a link that is currently on my list as PHISHING   ❗
-> "https://hiveblockexplorer.com/tx/*"


More info: https://hive.blog/hive/@gaottantacinque/hiveblockexplorer-com-is-vulnerable-to-stored-xss
@keys-defender
0
0
0.000
Reply
avatar

Do not click on any link on this post/comment

❗ ❗ ❗ ❗ ❗

It contains a link that is currently on my list as PHISHING   ❗
-> "https://hiveblockexplorer.com/tx/*"


More info: https://hive.blog/hive/@gaottantacinque/hiveblockexplorer-com-is-vulnerable-to-stored-xss
@keys-defender
0
0
0.000
Reply
avatar

Do not click on any link on this post/comment

❗ ❗ ❗ ❗ ❗

It contains a link that is currently on my list as PHISHING   ❗
-> "https://hiveblockexplorer.com/tx/*"


More info: https://hive.blog/hive/@gaottantacinque/hiveblockexplorer-com-is-vulnerable-to-stored-xss
@keys-defender
0
0
0.000
Reply
avatar

Do not click on any link on this post/comment

❗ ❗ ❗ ❗ ❗

It contains a link that is currently on my list as PHISHING   ❗
-> "https://hiveblockexplorer.com/tx/*"


More info: https://hive.blog/hive/@gaottantacinque/hiveblockexplorer-com-is-vulnerable-to-stored-xss
@keys-defender
0
0
0.000
Reply
avatar

Do not click on any link on this post/comment

❗ ❗ ❗ ❗ ❗

It contains a link that is currently on my list as PHISHING   ❗
-> "https://hiveblockexplorer.com/tx/*"


More info: https://hive.blog/hive/@gaottantacinque/hiveblockexplorer-com-is-vulnerable-to-stored-xss
@keys-defender
0
0
0.000
Reply
avatar

Do not click on any link on this post/comment

❗ ❗ ❗ ❗ ❗

It contains a link that is currently on my list as PHISHING   ❗
-> "https://hiveblockexplorer.com/tx/*"


More info: https://hive.blog/hive/@gaottantacinque/hiveblockexplorer-com-is-vulnerable-to-stored-xss
@keys-defender
0
0
0.000
Reply
avatar

Do not click on any link on this post/comment

❗ ❗ ❗ ❗ ❗

It contains a link that is currently on my list as PHISHING   ❗
-> "https://hiveblockexplorer.com/tx/*"


More info: https://hive.blog/hive/@gaottantacinque/hiveblockexplorer-com-is-vulnerable-to-stored-xss
@keys-defender
0
0
0.000
Reply
avatar

Do not click on any link on this post/comment

❗ ❗ ❗ ❗ ❗

It contains a link that is currently on my list as PHISHING   ❗
-> "https://hiveblockexplorer.com/tx/*"


More info: https://hive.blog/hive/@gaottantacinque/hiveblockexplorer-com-is-vulnerable-to-stored-xss
@keys-defender
0
0
0.000
Reply
avatar

Do not click on any link on this post/comment

❗ ❗ ❗ ❗ ❗

It contains a link that is currently on my list as PHISHING   ❗
-> "https://hiveblockexplorer.com/tx/*"


More info: https://hive.blog/hive/@gaottantacinque/hiveblockexplorer-com-is-vulnerable-to-stored-xss
@keys-defender
0
0
0.000
Reply
avatar

Do not click on any link on this post/comment

❗ ❗ ❗ ❗ ❗

It contains a link that is currently on my list as PHISHING   ❗
-> "https://hiveblockexplorer.com/tx/*"


More info: https://hive.blog/hive/@gaottantacinque/hiveblockexplorer-com-is-vulnerable-to-stored-xss
@keys-defender
0
0
0.000
Reply
avatar

Do not click on any link on this post/comment

❗ ❗ ❗ ❗ ❗

It contains a link that is currently on my list as PHISHING   ❗
-> "https://hiveblockexplorer.com/tx/*"


More info: https://hive.blog/hive/@gaottantacinque/hiveblockexplorer-com-is-vulnerable-to-stored-xss
@keys-defender
0
0
0.000
Reply
avatar

Do not click on any link on this post/comment

❗ ❗ ❗ ❗ ❗

It contains a link that is currently on my list as PHISHING   ❗
-> "https://hiveblockexplorer.com/tx/*"


More info: https://hive.blog/hive/@gaottantacinque/hiveblockexplorer-com-is-vulnerable-to-stored-xss
@keys-defender
0
0
0.000
Reply
avatar

Do not click on any link on this post/comment

❗ ❗ ❗ ❗ ❗

It contains a link that is currently on my list as PHISHING   ❗
-> "https://hiveblockexplorer.com/tx/*"


More info: https://hive.blog/hive/@gaottantacinque/hiveblockexplorer-com-is-vulnerable-to-stored-xss
@keys-defender
0
0
0.000
Reply
avatar

Do not click on any link on this post/comment

❗ ❗ ❗ ❗ ❗

It contains a link that is currently on my list as PHISHING   ❗
-> "https://hiveblockexplorer.com/tx/*"


More info: https://hive.blog/hive/@gaottantacinque/hiveblockexplorer-com-is-vulnerable-to-stored-xss
@keys-defender
0
0
0.000
Reply
avatar

Do not click on any link on this post/comment

❗ ❗ ❗ ❗ ❗

It contains a link that is currently on my list as PHISHING   ❗
-> "https://hiveblockexplorer.com/tx/*"


More info: https://hive.blog/hive/@gaottantacinque/hiveblockexplorer-com-is-vulnerable-to-stored-xss
@keys-defender
0
0
0.000
Reply
avatar

Do not click on any link on this post/comment

❗ ❗ ❗ ❗ ❗

It contains a link that is currently on my list as PHISHING   ❗
-> "https://hiveblockexplorer.com/tx/*"


More info: https://hive.blog/hive/@gaottantacinque/hiveblockexplorer-com-is-vulnerable-to-stored-xss
@keys-defender
0
0
0.000
Reply
avatar

Do not click on any link on this post/comment

❗ ❗ ❗ ❗ ❗

It contains a link that is currently on my list as PHISHING   ❗
-> "https://hiveblockexplorer.com/tx/*"


More info: https://hive.blog/hive/@gaottantacinque/hiveblockexplorer-com-is-vulnerable-to-stored-xss
@keys-defender
0
0
0.000
Reply
avatar

Do not click on any link on this post/comment

❗ ❗ ❗ ❗ ❗

It contains a link that is currently on my list as PHISHING   ❗
-> "https://hiveblockexplorer.com/tx/*"


More info: https://hive.blog/hive/@gaottantacinque/hiveblockexplorer-com-is-vulnerable-to-stored-xss
@keys-defender
0
0
0.000
Reply
avatar

Do not click on any link on this post/comment

❗ ❗ ❗ ❗ ❗

It contains a link that is currently on my list as PHISHING   ❗
-> "https://hiveblockexplorer.com/tx/*"


More info: https://hive.blog/hive/@gaottantacinque/hiveblockexplorer-com-is-vulnerable-to-stored-xss
@keys-defender
0
0
0.000
Reply
avatar

Do not click on any link on this post/comment

❗ ❗ ❗ ❗ ❗

It contains a link that is currently on my list as PHISHING   ❗
-> "https://hiveblockexplorer.com/tx/*"


More info: https://hive.blog/hive/@gaottantacinque/hiveblockexplorer-com-is-vulnerable-to-stored-xss
@keys-defender
0
0
0.000
Reply
avatar

Do not click on any link on this post/comment

❗ ❗ ❗ ❗ ❗

It contains a link that is currently on my list as PHISHING   ❗
-> "https://hiveblockexplorer.com/tx/*"


More info: https://hive.blog/hive/@gaottantacinque/hiveblockexplorer-com-is-vulnerable-to-stored-xss
@keys-defender
0
0
0.000
Reply
avatar

Do not click on any link on this post/comment

❗ ❗ ❗ ❗ ❗

It contains a link that is currently on my list as PHISHING   ❗
-> "https://hiveblockexplorer.com/tx/*"


More info: https://hive.blog/hive/@gaottantacinque/hiveblockexplorer-com-is-vulnerable-to-stored-xss
@keys-defender
0
0
0.000
Reply
avatar

Do not click on any link on this post/comment

❗ ❗ ❗ ❗ ❗

It contains a link that is currently on my list as PHISHING   ❗
-> "https://hiveblockexplorer.com/tx/*"


More info: https://hive.blog/hive/@gaottantacinque/hiveblockexplorer-com-is-vulnerable-to-stored-xss
@keys-defender
0
0
0.000
Reply
avatar

Do not click on any link on this post/comment

❗ ❗ ❗ ❗ ❗

It contains a link that is currently on my list as PHISHING   ❗
-> "https://hiveblockexplorer.com/tx/*"


More info: https://hive.blog/hive/@gaottantacinque/hiveblockexplorer-com-is-vulnerable-to-stored-xss
@keys-defender
0
0
0.000
Reply
avatar

Do not click on any link on this post/comment

❗ ❗ ❗ ❗ ❗

It contains a link that is currently on my list as PHISHING   ❗
-> "https://hiveblockexplorer.com/tx/*"


More info: https://hive.blog/hive/@gaottantacinque/hiveblockexplorer-com-is-vulnerable-to-stored-xss
@keys-defender
0
0
0.000
Reply
avatar

Do not click on any link on this post/comment

❗ ❗ ❗ ❗ ❗

It contains a link that is currently on my list as PHISHING   ❗
-> "https://hiveblockexplorer.com/tx/*"


More info: https://hive.blog/hive/@gaottantacinque/hiveblockexplorer-com-is-vulnerable-to-stored-xss
@keys-defender
0
0
0.000
Reply
avatar

Do not click on any link on this post/comment

❗ ❗ ❗ ❗ ❗

It contains a link that is currently on my list as PHISHING   ❗
-> "https://hiveblockexplorer.com/tx/*"


More info: https://hive.blog/hive/@gaottantacinque/hiveblockexplorer-com-is-vulnerable-to-stored-xss
@keys-defender
0
0
0.000
Reply
avatar

Thank you for pointing this out.

It has been fixed. The URL below is now safe. Make sure it is not loading from your browser cache (even though it is harmless anyway).

https://www.hiveblockexplorer.com/tx/95c5b404d935cf1beba7d90bade6948f116e199e

0
0
0.000
Reply
avatar

please check your memo. i found another XSS which is also dangerous like the other.

0
0
0.000
Reply
avatar

Hi, I can see that you are doing well here on Hive. You should try our Upvote service, we have just opened up for registration. Take a look at our lates post. We need more members. 😉

0
0
0.000
Reply