The researcher has found a SSRF vulnerability in the applicationβs image export functionality. The app would take all the html as input and generate an image based on that. By manipulating the html code and adding a src
tag, it was possible to trigger a SSRF.