javascript: and mailto: links are allowed on users' profiles
Unknown
Vulnerability Details
For user's Profile settings, you accept website URLs like mailto:[email protected] and even javascript:alert(1). The Content Security Policy directive in Chrome catches the JavaScript one, but older browsers will almost certainly execute the code, allowing for session stealing or XSS code execution attacks when the link is clicked.
Your JS prints "Website is not valid.", but hitting return still submits it.
Actions
View on HackerOneReport Stats
- Report ID: 4184
- State: Closed
- Substate: resolved
- Upvotes: 7