2 matches found
User can potentially bypass the processFollow call during the migration process and follow users for free
Lines of code Vulnerability details Impact User can potentially follow users that require to pay a fee upon a follow for free during a migration process. Proof of Concept Malicious user can be watching a mempool and wait for the user to migrate his profile to V2. He is specifically watching a...
Vimeo: XSS on vimeo.com/home after other user follows you
Description If some user follows you on Vimeo, the Name of the user appears in the header of your Home like "Name followed you. The staff posted...". The problem is that the Name is not escaped, which allows to insert HTML code. Proof of concept 1. Using the attacker's account, go to...