You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Bug Report: Stored HTML Injection
Description: Hello Team,
I discovered a vulnerability where an attacker can execute a stored HTML injection that leads to an open redirect. This issue allows a malicious user to exploit the application by redirecting victims to arbitrary, potentially harmful websites.
Steps to Reproduce:
Navigate to https://support.runbox.com/index.php?/Tickets/
create an ticket that contains html injection payload
Inject the following HTML code in a comment field: free_reward_is_here
Observe that the HTML injection is executed.and victim will be redirectd on evil.com
Impact: This vulnerability has significant security implications:
Phishing & XSS: The attacker can host a phishing page or an XSS attack on the redirected site, potentially compromising the victim's credentials or executing malicious scripts.
This vulnerability allows an attacker to craft a malicious link that, when clicked by a user, redirects them to an external site. This can be exploited to direct users to phishing sites, initiate XSS attacks, or serve other malicious content. The open redirect can be used as a vector to further compromise the user's security by leading them to harmful websites.
Website Defacement: The appearance of the page can be altered, potentially damaging the reputation of the website.
This issue poses a threat to users' security by exposing them to phishing attacks and other malicious activities. Please prioritize the investigation and mitigation of this
The text was updated successfully, but these errors were encountered:
servity:- medium
storedhtmlinjection.mp4
Bug Report: Stored HTML Injection
Description: Hello Team,
I discovered a vulnerability where an attacker can execute a stored HTML injection that leads to an open redirect. This issue allows a malicious user to exploit the application by redirecting victims to arbitrary, potentially harmful websites.
Steps to Reproduce:
Navigate to https://support.runbox.com/index.php?/Tickets/
create an ticket that contains html injection payload
Inject the following HTML code in a comment field: free_reward_is_here
Observe that the HTML injection is executed.and victim will be redirectd on evil.com
Impact: This vulnerability has significant security implications:
Phishing & XSS: The attacker can host a phishing page or an XSS attack on the redirected site, potentially compromising the victim's credentials or executing malicious scripts.
This vulnerability allows an attacker to craft a malicious link that, when clicked by a user, redirects them to an external site. This can be exploited to direct users to phishing sites, initiate XSS attacks, or serve other malicious content. The open redirect can be used as a vector to further compromise the user's security by leading them to harmful websites.
Website Defacement: The appearance of the page can be altered, potentially damaging the reputation of the website.
This issue poses a threat to users' security by exposing them to phishing attacks and other malicious activities. Please prioritize the investigation and mitigation of this
The text was updated successfully, but these errors were encountered: