HTML Injection through Account Name field on TikTok ads portal being rendered on emails
Low
T
TikTok
Submitted None
Team Summary
Official summary from TikTok
The Account Name field on the TikTok Ads Portal did not have restrictions on HTML tag injections which an attacker could have potentially used for phishing attacks. We thank @nagli for reporting this to our team and confirming the resolution.
Actions:
Reported by
nagli
Report Details
Additional information and metadata
State
Closed
Substate
Resolved
Submitted
Weakness
Code Injection