Content Spoofing via reports

Disclosed: 2016-05-25 02:17:19 By testoid To security

Unknown

Vulnerability Details

The `report_id[]` param simply returns whatever entered , instead of showing report id's only. This can result in content injection in the reports field. For example check this one : http://goo.gl/py2V8j

Actions

View on HackerOne

Report Stats

Report ID: 32137
State: Closed
Substate: resolved
Upvotes: 4

Content Spoofing via reports

Vulnerability Details

Actions

Report Stats

Share this report