Lucene search

K
hackeroneGnuxH1:1022655
HistoryOct 30, 2020 - 8:34 a.m.

TikTok: HTML Injection on Company Name on Email

2020-10-3008:34:25
gnux
hackerone.com
$79
55

By changing the company name to any HTML code on the TikTok Creator Marketplace, an attacker could potentially use this to send phishing emails to users containing injected HTML payload. We thank @gnux for reporting this to our team and confirming the resolution!