HTML Injection in Subscan view in yogeshojha/rengine

Valid

Reported on

Apr 25th 2022


Description

HTML code is executed in the Subscan feature

Proof of Concept

1. Add a scan engine: <h1>HTMLInjection
2. Go to "subdomains" for a target and add a Subscan using the scan engine.
3. Initiate a Subscan
4. View the subscan

Impact

HTML injection,

We are processing your report and will contact the yogeshojha/rengine team within 24 hours. a month ago
nerrorsec submitted a
a month ago
Yogesh Ojha validated this vulnerability a month ago
nerrorsec has been awarded the disclosure bounty
The fix bounty is now up for grabs
The researcher's credibility has increased: +7
Yogesh Ojha confirmed that a fix has been merged on 8f8cc0 a month ago
nerrorsec has been awarded the fix bounty
Yogesh Ojha
a month ago

Maintainer


Thank you!

nerrorsec
a month ago

Researcher


Thanks to you dai for rengiNe 1.1🙂

to join this conversation