New Relic: Unsafe HTML in reset password email and Account verification in email is missing in Sign up

2016-02-05T03:41:28
ID H1:114807
Type hackerone
Reporter karthic
Modified 2016-09-25T23:24:20

Description

Issue :1 did not receive password reset email, although it looks like newrelic delivered it to gmail. On inspection I can see that the email contains unescaped user input (name) that might be interfering with delivery.

Issue 2 : Account verification in email is missing in Sign up