Content spoofing в http://my.mail.ru/cgi-bin/app/paymentm
Discovered by page1337 on Mailru

This issue took 0 Days and 14 hours to triage and 1411 Days and 22 hours to resolve once triaged.



Text injection into <a title="http://my.mail.ru/cgi-bin/app/paymentm&quot; href="/redirect?signature=c3d17a3d037a7aae0230f234f208ddc9232a2f6c&amp;url=http%3A%2F%2Fmy.mail.ru%2Fcgi-bin%2Fapp%2Fpaymentm" target="_blank" rel="nofollow noopener noreferrer"><span>http://my.mail.ru/cgi-bin/app/paymentm&lt;/span&gt;&lt;i class="icon-external-link"></i></a> could assist phishing attack.

Under current practice, text injection reports are only accepted as an exeption, for vectors with high potential for phishing attacks in-the-wild.