Secure Planet Training Courses Updated For 2019 - Click Here

There are new available articles, click to refresh the page.

Before yesterdayYour RSS feeds

/r/netsec - Information Security News & Discussion
[DISCLOSURE] DoorDash Enabled 5-Year XSS/HTML Injection Flaw via Official Email; VDP Misclassified Report for 15 Months
November 10^th 2025 at 16:30

[DISCLOSURE] DoorDash Enabled 5-Year XSS/HTML Injection Flaw via Official Email; VDP Misclassified Report for 15 Months

By: ／u／east0n12

The vulnerability was a critical stored HTML Injection that allowed any free account to send zero-barrier phishing emails from the trusted [no-reply@doordash.com](mailto:no-reply@doordash.com) domain. The flaw existed for 5 years and was kept out of DoorDash's hands for 15 months by a misclassification in the HackerOne VDP process.

submitted by /u/east0n12
[link] [comments]

🏷️ My labels
- ❌
Article tags
- ❌
- r/netsec
November 10^th 2025 at 16:30