Hello Orange Hacker -
First and foremost, we thank you again for reporting this issue to us.
We have carefully reviewed your submission and engaged our development team to have a closer look. It was determined that the web page mentioned in your reports shows the expected behaviour for a web page displaying search results. Please feel free to disclose your findings.
We hope you continue to engage in our program.
Once again, thank you,
Eugenio @ Meraki
I found a text injection
Steps to reproduce:
1.open the browser
2.Open the website
3.Edit the url as shown https://meraki.cisco.com/?s=
4.After = enter the below in url
5.Text injection
Impact:
An attacker can use text injection vulnerability to present a customized message on the application that can phish users into believing that the message is legitimate. The intent is typical to tick victims, although sometimes the actual purpose may be to simply misrepresent the organization or an individual.
*.meraki.com
Web App
https://meraki.cisco.com/?s=Text%20injection
I found a text injection
Steps to reproduce:
1.open the browser
2.Open the website
3.Edit the url as shown https://meraki.cisco.com/?s=
4.After = enter the below in url
5.Text injection
Impact:
An attacker can use text injection vulnerability to present a customized message on the application that can phish users into believing that the message is legitimate. The intent is typical to tick victims, although sometimes the actual purpose may be to simply misrepresent the organization or an individual.
