HTML Injection in Subscan view in yogeshojha/rengine

Valid

Reported on

Apr 25th 2022

Description

HTML code is executed in the Subscan feature

Proof of Concept

1. Add a scan engine: <h1>HTMLInjection
2. Go to "subdomains" for a target and add a Subscan using the scan engine.
3. Initiate a Subscan
4. View the subscan

Impact

HTML injection,

We are processing your report and will contact the yogeshojha/rengine team within 24 hours. a month ago

nerrorsec submitted a

patch

a month ago

Yogesh Ojha validated this vulnerability a month ago

nerrorsec has been awarded the disclosure bounty

The fix bounty is now up for grabs

The researcher's credibility has increased: +7

Yogesh Ojha confirmed that a fix has been merged on 8f8cc0 a month ago

nerrorsec has been awarded the fix bounty

Yogesh Ojha

commented a month ago

Maintainer

Thank you!

nerrorsec

commented a month ago

Researcher

Thanks to you dai for rengiNe 1.1🙂

to join this conversation

We are processing your report and will contact the yogeshojha/rengine team within 24 hours. a month ago

nerrorsec submitted a

patch

a month ago

Yogesh Ojha validated this vulnerability a month ago

nerrorsec has been awarded the disclosure bounty

The fix bounty is now up for grabs

The researcher's credibility has increased: +7

Yogesh Ojha confirmed that a fix has been merged on 8f8cc0 a month ago

nerrorsec has been awarded the fix bounty

Yogesh Ojha

commented a month ago

Maintainer

Thank you!

nerrorsec

commented a month ago

Researcher

Thanks to you dai for rengiNe 1.1🙂

to join this conversation