A reflected HTML injection vulnerability is identified in the search parameter of the contact (FAQ) page on ███████. This vulnerability allows for the injection and execution of arbitrary HTML and script code in the context of other users' web browsers. The issue is demonstrated through the successful injection of an HTML anchor tag, which is subsequently reflected in the page's response.

Actions:

View on HackerOne

Reported by the-white-evil

Report Details

Additional information and metadata

State

Closed

Substate

Resolved

Submitted

Weakness

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)