Insightly - HackerOne Reports
View on HackerOne2
Total Reports
1
Critical
0
High
1
Medium
0
Low
Email verification bypass via request to endpoint "accounts.insightly.com/signup/provisionuser"
Reported by:
akostak
|
Disclosed:
Critical
Weakness: Improper Authorization
returnUrl= allow attacker to redirect users to the another phising website and takeover credientials
Reported by:
basant0x01
|
Disclosed:
Medium
Weakness: Improper Authentication - Generic