HTML Injection in Subscan view in yogeshojha/rengine

Valid

Reported on

Apr 25th 2022


Description

HTML code is executed in the Subscan feature

Proof of Concept

1. Add a scan engine: <h1>HTMLInjection
2. Go to "subdomains" for a target and add a Subscan using the scan engine.
3. Initiate a Subscan
4. View the subscan

Impact

HTML injection,

We are processing your report and will contact the yogeshojha/rengine team within 24 hours. 2 months ago
nerrorsec submitted a
2 months ago
Yogesh Ojha validated this vulnerability 2 months ago
nerrorsec has been awarded the disclosure bounty
The fix bounty is now up for grabs
The researcher's credibility has increased: +7
Yogesh Ojha confirmed that a fix has been merged on 8f8cc0 2 months ago
nerrorsec has been awarded the fix bounty
Yogesh Ojha
2 months ago

Maintainer


Thank you!

nerrorsec
2 months ago

Researcher


Thanks to you dai for rengiNe 1.1🙂

to join this conversation