HTML Injection in email via Name field
Low
Vulnerability Details
Hello Gents,
I would like to report an issue where attackers are able to inject HTML into the `Name` field at `app.qualified.dev`.
### Steps to reproduce:
1. Please register at https://app.qualified.dev/signup
2. Inject the `Name`field with any HTML payload.
3. Open the victim's test email, HTML will be executed.
### Proof of concept:
+ {F1744498}
## Impact
HTML Injection
Actions
View on HackerOneReport Stats
- Report ID: 1581499
- State: Closed
- Substate: resolved
- Upvotes: 73