HTML Injection on https://www.mycrypto.com/
M
MyCrypto
Submitted None
Team Summary
Official summary from MyCrypto
A vulnerability was reported by t-pwn that allowed arbitrary HTML injection via the notifier functionality. After a keystore file was uploaded, the filename would be shown without first sanitizing it. MyCrypto has since fixed our notification to no longer display the unsanitized filename.
Actions:
Reported by
t-pwn
Report Details
Additional information and metadata
State
Closed
Substate
Resolved
Submitted
Weakness
Code Injection