We thank @andresbebe for the report and for providing clear reproduction steps with a proof-of-concept code demonstrating the vulnerability. MercadoLibre acknowledged the issue and worked on a fix internally. A vulnerability has been identified in the Point Smart application where users can navigate outside the intended application environment through a link. This navigation capability potentially allows for the vectorization of phishing attacks.

Actions:

View on HackerOne

Reported by andresbebe

Report Details

Additional information and metadata

State

Closed

Substate

Resolved