TikTok: HTML Injection on Company Name on Email

2020-10-30T08:34:25
ID H1:1022655
Type hackerone
Reporter gnux
Modified 2020-12-31T20:28:20

Description

By changing the company name to any HTML code on the TikTok Creator Marketplace, an attacker could potentially use this to send phishing emails to users containing injected HTML payload. We thank @gnux for reporting this to our team and confirming the resolution!