Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

Admin Macro Description Stored XSS

Medium
Z
Zendesk
Submitted None

Team Summary

Official summary from Zendesk

A description field only available to account Administrators allowed for unexpected input which could be triggered to execute JavaScript if viewed by lower-level roles under certain circumstances. Thanks to @hariharan21 for their great work!

Actions:
View on HackerOne
Reported by hariharan-s

Report Details

Additional information and metadata

State

Closed

Substate

Resolved

Submitted

Weakness

Cross-site Scripting (XSS) - Stored