2 matches found
HackerOne: Possible PII Disclosure via Advanced Vetting Process - ██████
Possible PII disclosure was identified in the HackerOne Advanced Vetting process. Unauthorized users were able to download a CSV file containing the names, usernames, and other personal details of users who had accepted the Advanced Vetting terms. The issue was observed in a sandboxed program, bu...
HackerOne: Stored Cross-Site Scripting vulnerability in example Custom Digital Agreement
The advanced vetting settings page is vulnerable to a Cross-Site Scripting XSS vulnerability by passing the unsanitized Program Name into a Markdown component, which expects sanitized HTML to be given. This leads to a stored XSS vulnerability that can be exploited by a program member when the...