1 matches found
HackerOne: Content Spoofing via reports
The reportid param simply returns whatever entered , instead of showing report id's only. This can result in content injection in the reports field. For example check this one : http://goo.gl/py2V8j...