Self-DoS due to template injection via email field in password reset form on access.acronis.com

Disclosed: 2022-05-03 06:41:50 By sudo_bash To acronis
None
Vulnerability Details
## Summary HI acronis security team , how are you I hope everyone is OK in the other side of the screen . I found Template Injection in [https://access.acronis.com/reset_password/new] via the mail input . ## Steps To Reproduce: 1. Open [https://access.acronis.com/reset_password/new] and Enter the mail Payload : sudo_bash{{8*8}}@wearehackerone.com 2. After submite the mail , The resulte will Reflect in the page with the mail adress . ## Impact - AngularJs CCTI may lead to xss .
Actions
View on HackerOne
Report Stats
  • Report ID: 1265344
  • State: Closed
  • Substate: informative
  • Upvotes: 3
Share this report