Summary by customer
We are working on a complete fix.
We are working on a complete fix.
Can we disclose?
https://withpersona.com
Web App
https://app.withpersona.com/
Hi team ,
I found a vulnerability on https://app.withpersona.com/
Steps to reproduce :
Navigate to https://app.withpersona.com-Inquiries-all quiries
Click on create inquiry
Enable Send email to recipient-again click on create quiry
Input victims email & all other information
In body input this payload & send
payload :
<a href=google.com>click</a>
<img src="https://wallpapercave.com/wp/wp1836582.jpg">
Impact : html injection
Watch the video poc for better understanding : ![simplescreenrecorder-2022-04-07_13.32.28.mkv](https://bugcrowd.com/persona-bb/submissions/bf516ee1f46098e1f4bdeffb000b7953f590c3a7a24c0544c12eaacef4bcbf59/attachments/c3fec00e-5a7b-4579-b430-7f2ddbeb19cc "simplescreenrecorder-2022-04-07_13.32.28.mkv")