*.kucoin.com
Dear kucoin Security Team, I am writing to bring to your attention a potential security vulnerability that I have identified involving HTML/CSS injection on the page https://hackenproof.com/redirect?url=https://kucoin.zendesk.com/hc/en-us/requests/new. Upon thorough examination, it has come to my attention that this vulnerability allows for the injection of HTML/CSS tags, presenting a risk of unauthorized actions being carried out by malicious actors.
I understand that support.kucoin.com
is considered out of scope, but I reported it because it affects the entire company, not just the domain. The use of company email to send malicious code has an impact on the reputation of the entire company.
Steps to Reproduce:
request[description_mimetype]
parameter from text/plain
to text/html
.Your Account has been suspended you should change your password From Here <a href=https://evil.com>change password</a>
Your request (3877760) has been updated. If you need to add additional comments, reply to this email.