HTML Injection in Business Name Parameter in Payapps
Medium
A
Autodesk
Submitted None
Team Summary
Official summary from Autodesk
A HTML injection vulnerability was found in Autodesk Payapps, which could have allowed an attacker to inject arbitrary HTML content in emails sent to users on signup. Autodesk has fixed the vulnerability and we thank @0xsom3a for reporting this issue.
Actions:
Reported by
0xsom3a
Report Details
Additional information and metadata
State
Closed
Substate
Resolved
Submitted
Weakness
Code Injection