HTML Injection in Subscan view in yogeshojha/rengine

Valid

Reported on

Apr 25th 2022


Description

HTML code is executed in the Subscan feature

Proof of Concept

1. Add a scan engine: <h1>HTMLInjection
2. Go to "subdomains" for a target and add a Subscan using the scan engine.
3. Initiate a Subscan
4. View the subscan

Impact

HTML injection,

We are processing your report and will contact the yogeshojha/rengine team within 24 hours. 2 years ago
2 years ago
Yogesh Ojha validated this vulnerability 2 years ago
nerrorsec has been awarded the disclosure bounty
The fix bounty is now up for grabs
The researcher's credibility has increased: +7
Yogesh Ojha marked this as fixed in 1.1.0 with commit 8f8cc0 2 years ago
Niraj Khatiwada has been awarded the fix bounty
Yogesh Ojha
2 years ago

Maintainer


Thank you!

Niraj Khatiwada
2 years ago

Researcher


Thanks to you dai for rengiNe 1.1🙂

to join this conversation