SSRF & Blind XSS in Gravatar email
High
A
Automattic
Submitted None
Team Summary
Official summary from Automattic
Nathan Cavitt (rockybandana) reported a blind XSS issue in the Gravatar service, which was due to incorrect/insufficient sanitization on adding emails to one's profile. The report was of good quality and the issue was fixed within a couple of days of report.
Actions:
Reported by
rockybandana
Report Details
Additional information and metadata
State
Closed
Substate
Resolved
Submitted
Weakness
Cross-site Scripting (XSS) - Stored