Html injection on subscription email
Medium
C
CS Money
Submitted None
Team Summary
Official summary from CS Money
A flaw in `getresponse` service allowed an attacker to inject HTML code in the `Name` field when subscribing to cs.money newsletter.
Actions:
Reported by
benjamin-mauss
Report Details
Additional information and metadata
State
Closed
Substate
Resolved
Bounty
$300.00
Submitted
Weakness
Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)