ID H1:1022655 Type hackerone Reporter gnux Modified 2020-12-31T20:28:20
Description
By changing the company name to any HTML code on the TikTok Creator Marketplace, an attacker could potentially use this to send phishing emails to users containing injected HTML payload. We thank @gnux for reporting this to our team and confirming the resolution!
{"id": "H1:1022655", "type": "hackerone", "bulletinFamily": "bugbounty", "title": "TikTok: HTML Injection on Company Name on Email", "description": "By changing the company name to any HTML code on the TikTok Creator Marketplace, an attacker could potentially use this to send phishing emails to users containing injected HTML payload. We thank @gnux for reporting this to our team and confirming the resolution!", "published": "2020-10-30T08:34:25", "modified": "2020-12-31T20:28:20", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://hackerone.com/reports/1022655", "reporter": "gnux", "references": [], "cvelist": [], "lastseen": "2021-01-12T17:35:40", "viewCount": 3, "enchantments": {"dependencies": {}, "score": {"value": 1.3, "vector": "NONE"}, "backreferences": {}, "exploitation": null, "vulnersScore": 1.3}, "bounty": 79.0, "bountyState": "resolved", "h1team": {"url": "https://hackerone.com/tiktok", "handle": "tiktok", "profile_picture_urls": {"small": "https://profile-photos.hackerone-user-content.com/variants/roYPkZznCDFmy4VGkFPnbDrc/3afcb5c896247e7ee8ada31b1c1eb8657e22241f911093acfe4ec7e97a3a959a", "medium": "https://profile-photos.hackerone-user-content.com/variants/roYPkZznCDFmy4VGkFPnbDrc/eb31823a4cc9f6b6bb4db930ffdf512533928a68a4255fb50a83180281a60da5"}}, "h1reporter": {"disabled": false, "username": "gnux", "url": "/gnux", "profile_picture_urls": {"small": "https://hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com/variants/m4i224jz92r3v1kc354tdej5lsaa/3afcb5c896247e7ee8ada31b1c1eb8657e22241f911093acfe4ec7e97a3a959a?response-content-disposition=inline%3B%20filename%3D%22oronaminC_Easy-Resize.com.jpg%22%3B%20filename%2A%3DUTF-8%27%27oronaminC_Easy-Resize.com.jpg&response-content-type=image%2Fjpeg&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=ASIAQGK6FURQ4V3Q4URX%2F20210112%2Fus-west-2%2Fs3%2Faws4_request&X-Amz-Date=20210112T173539Z&X-Amz-Expires=3600&X-Amz-SignedHeaders=host&X-Amz-Security-Token=IQoJb3JpZ2luX2VjEPn%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEaCXVzLXdlc3QtMiJHMEUCIQC366JSHn9tdo4Mjy8aboeu68tHSpuRUCm0YrJKL4WQ3QIgAInPhRyIMjffubt1ET85C%2FYRf2O7UEf1Wo2f7zOGwhYqvQMIwv%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FARABGgwwMTM2MTkyNzQ4NDkiDBvwAKQ5yskNWsTeQiqRA2Rr0XHNXtKbXafJ%2FMdhIM1emjTjVdb50WftYHjy%2BYdxx3MaCc0Ag2nY4vP9Ej%2Bm8LD2DIXPAk26lMMWs5a3YGfMgBKIvOajLtuiEROD7o8hn%2BBF65k2CCI8PzHOeEtgdyXPrzyiUxwKMutA43Ssq83csTGGfxvE9HEcLpG0kK1U9EpG6P%2FLuP%2BHVCbDkan2Qk1F5IuPoYEKZ7RocjNhTX9z85mrgjFo8kCdEyO9zQnqpxz7vc2Y%2F1vseagSfCGjBcsyw73uM7yJvoJtFePM%2FztnRZmFfcqImsOv6lzPp764xEqgDadRTj7IlRBYZrHoKL5q5vbRRmJmXR9Qa%2F%2BYV2Ih0m1RPrr5FGblJJCEQQzpvqLImNYVQDLOfKOApavG2uh98U7s9cias%2BFlMLJnj8zjJKlsFjXtg9esbR4OLLZ2869st3ZBfYb8epiQ2F%2BuXf%2FClOeSSg2DncSqF1aN9UyNSwTUj5ZCf%2BWHCoRAZnqr4v7Sic%2F9vpkqq5g9qZyEcx3xlhxqn0fnEX0qL5jY%2B8mwMOek9%2F8FOusBHjuJscS%2F6Ny64z0O4l9P0ZAlxIA8ksP8iKTBxWzjmoC0ijRacGlKnnlhqkQRPpKSO6aZxOBIOepMtbdxAuG8QL4BetHfBWB3ekV92rUiDitOwvi5d5Wx0Z%2BjfAkgJ5xmINyRWMTXl8R3hFFeAeZgCoUAd0hi%2FpVgc4A1PbRVXUr9dj8xE5HlHTUM0AVZi%2FyqcCGlYutz8gjwGpaHYa40ASCchnlkv2UIMRqaKo7pkNCZ4uFeLZvSfPeCB4W8UD0yY42OB145BzLR3JaHE%2FmE1BAsan7kP5S%2FLeeGStoYTlDCnMwmXsZNIiaCng%3D%3D&X-Amz-Signature=99b23fd29d7b7512918292056ac1276fda7845463d2f727ffef68272b45aa6f5"}, "is_me?": false, "cleared": true, "hackerone_triager": false, "hacker_mediation": false}, "immutableFields": [], "cvss2": {}, "cvss3": {}, "_state": {"dependencies": 1646047099}}
