Html injection on ██████.informatica.com via search.html?q=1
Medium
I
Informatica
Submitted None
Team Summary
Official summary from Informatica
Researcher identified an injection vulnerability on a staging website. We responded by fixing the issue on both staging and production instances of the site. We would like to thank the researcher for responsibly disclosing the issue to us.
Actions:
Reported by
lu3ky-13
Vulnerability Details
Technical details and impact analysis
hello dear
I have found HTML injection on ██████.informatica.com
parameters injectable search.html?q=1
URL : https://████████.informatica.com/search.html?q=1%22%3E%3Cimg%20src=https://www.no-gods-no-masters.com/images_designs/anonymous-gandhi-d001001207265.png%3E%E2%80%[email protected]%20%22
payload ; 1"><img src=https://www.no-gods-no-masters.com/images_designs/anonymous-gandhi-d001001207265.png>”@x.y "
https://█████.informatica.com/search.html?q=1%3Ca%20href=%22//bf.am%22%3EWelcome%3C/a%3E
payload : <a href="//bf.am">Welcome</a>
## Impact
Phising
Abusing other user
Defacing
Report Details
Additional information and metadata
State
Closed
Substate
Resolved
Submitted
Weakness
Code Injection