{"id": "H1:267783", "type": "hackerone", "bulletinFamily": "bugbounty", "title": "Mail.ru: Stored XSS and html injection in biz.mail.ru", "description": "Domain, site, application: biz.mail.ru\n\nTesting environment: Latest chrome\n\nSteps to reproduce\n\n1) go to biz.mail.ru, login\n2) go to \"My company\"\n3) create a department named as \"></div></form></script><script>alert()</script><iframe src=\"www.google.com\" onload=\"alert()\">\n4) add an employee in that department\n5) create a new subdepartment\n6) add the employee from step 4 in our subdepartment\n\nActual results: \n\nPayload says for itself\n\nPoC, exploit code, screenshots, video, references, additional resources:\n\nIn attachments .gif\n", "published": "2017-09-12T15:45:16", "modified": "2017-12-27T14:26:26", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://hackerone.com/reports/267783", "reporter": "ruvlol", "references": [], "cvelist": [], "lastseen": "2019-01-08T14:00:12", "viewCount": 2, "enchantments": {"score": {"value": 0.2, "vector": "NONE", "modified": "2019-01-08T14:00:12", "rev": 2}, "dependencies": {"references": [], "modified": "2019-01-08T14:00:12", "rev": 2}, "vulnersScore": 0.2}, "bounty": 250.0, "bountyState": "resolved", "h1team": {"handle": "mailru", "profile_picture_urls": {"medium": "https://profile-photos.hackerone-user-content.com/000/000/065/07da688e1d8801d35fdb85376bd9d64e424e6dab_medium.png?1542897520", "small": "https://profile-photos.hackerone-user-content.com/000/000/065/b5353ff7c53e16da116c7f4e73cc5687ec7d8809_small.png?1542897520"}, "url": "https://hackerone.com/mailru"}, "h1reporter": {"disabled": false, "hacker_mediation": false, "hackerone_triager": false, "is_me?": false, "profile_picture_urls": {"small": "https://profile-photos.hackerone-user-content.com/000/191/587/24ecbfa49d84a2015c9d0094a46bb2d7da946a9f_small.jpg?1546941033"}, "url": "/ruvlol", "username": "ruvlol"}}

{}