Polymail, Inc.: XSPA on API service endpoint

2019-12-04T21:38:05
ID H1:751625
Type hackerone
Reporter kunal94
Modified 2019-12-07T01:59:54

Description

Batch endpoint on the api was vulnerable to XSPA due to incorrect validation of url parameter in the request body.