TikTok: HTML Injection on Company Name on Email

ID H1:1022655
Type hackerone
Reporter gnux
Modified 2020-12-31T20:28:20


By changing the company name to any HTML code on the TikTok Creator Marketplace, an attacker could potentially use this to send phishing emails to users containing injected HTML payload. We thank @gnux for reporting this to our team and confirming the resolution!