I found a text injection

Disclosed by
Orange_hacker
  • Program Cisco Meraki
  • Disclosed date about 1 year ago
  • Priority P5 Bugcrowd's VRT priority rating
  • Status Informational This vulnerability is seen as an accepted business risk
Summary by Cisco Meraki

Hello Orange Hacker -
First and foremost, we thank you again for reporting this issue to us.

We have carefully reviewed your submission and engaged our development team to have a closer look. It was determined that the web page mentioned in your reports shows the expected behaviour for a web page displaying search results. Please feel free to disclose your findings.

We hope you continue to engage in our program.

Once again, thank you,
Eugenio @ Meraki

Summary by Orange_hacker

I found a text injection

Steps to reproduce:
1.open the browser
2.Open the website
3.Edit the url as shown https://meraki.cisco.com/?s=
4.After = enter the below in url
5.Text injection

Impact:
An attacker can use text injection vulnerability to present a customized message on the application that can phish users into believing that the message is legitimate. The intent is typical to tick victims, although sometimes the actual purpose may be to simply misrepresent the organization or an individual.

Report details
  • Submitted

  • Target Location

    *.meraki.com
  • Target category

    Web App

  • VRT

    Server-Side Injection > Content Spoofing > Text Injection
  • Priority

    P5
  • Bug URL
    https://meraki.cisco.com/?s=Text%20injection
  • Description

    I found a text injection

    Steps to reproduce:
    1.open the browser
    2.Open the website
    3.Edit the url as shown https://meraki.cisco.com/?s=
    4.After = enter the below in url
    5.Text injection

    Impact:
    An attacker can use text injection vulnerability to present a customized message on the application that can phish users into believing that the message is legitimate. The intent is typical to tick victims, although sometimes the actual purpose may be to simply misrepresent the organization or an individual.

Activity