U.S. Dept Of Defense: HTML Injection/Load Images vulnerability on a DoD website

2017-01-02T19:26:14
ID H1:195356
Type hackerone
Reporter jon_bottarini
Modified 2017-03-16T18:35:29

Description

A Department of Defense website was misconfigured in a manner that may have allowed a malicious user to inject remote content into a website. @jon_bottarini was able to demonstrate this vulnerability by crafting a specially formatted URL. Thanks @jon_bottarini!