Stored XSS Via Ads Account Name

Medium

TikTok

Submitted None

Team Summary

Official summary from TikTok

A Stored Cross-Site Scripting (XSS) vulnerability was found in the TikTok Ads account name setup, which could have resulted in the execution of JavaScript code within a user's browser. This vulnerability has been resolved. We thank @rioncool22 for reporting this to our team.

Actions:

View on HackerOne

Reported by rioncool22

Report Details

Additional information and metadata

State

Closed

Substate

Resolved

Bounty

$1000.00

Submitted

Weakness

Cross-site Scripting (XSS) - Stored