[website] Script injection in newsletter signup https://brave.com/brave_youth_program_signup.html
Medium
Vulnerability Details
go to https://brave.com/brave_youth_program_signup.html
click become an ambasador
insert malicious payloads in the fields <a href='evil,com'>YOU JUST WON 1m$ </a>
you will receive a mail like in the image attached.
You can send phising emails and do other bad stuff.
If you need more details i'm here.
Actions
View on HackerOneReport Stats
- Report ID: 175403
- State: Closed
- Substate: resolved
- Upvotes: 9