Harinder S.

Harinder S.

Chandigarh, India
4K followers 500+ connections

Activity

Join now to see all activity

Honors & Awards

  • CVE-2024-47826

    https://github.com/elabftw/

    Impact
    This vulnerability allows an attacker to inject arbitrary HTML tags in the pages: "experiments.php" (show mode), "database.php" (show mode) or "search.php". It works by providing HTML code in the extended search string, which will then be displayed back to the user in the error message.

    This means that injected HTML will appear in a red "alert/danger" box, and be part of an error message. Due to some other security measures, it is not possible to execute arbitrary javascript…

    Impact
    This vulnerability allows an attacker to inject arbitrary HTML tags in the pages: "experiments.php" (show mode), "database.php" (show mode) or "search.php". It works by providing HTML code in the extended search string, which will then be displayed back to the user in the error message.

    This means that injected HTML will appear in a red "alert/danger" box, and be part of an error message. Due to some other security measures, it is not possible to execute arbitrary javascript from this attack.

    As such, this attack is deemed low impact.

    Patches
    Users should upgrade to at least version 5.1.5.

    Workarounds
    No workarounds, only upgrade.

    References
    Description of HTML Injection: https://www.acunetix.com/vulnerabilities/web/html-injection/

  • Bounty from INDMoney

    INDMoney

    https://drive.google.com/file/d/1JNEw2rvcBJMpHAxgCmo3ENq7K_6QtjZs/view?usp=sharing

  • Bounty from Mozilla Firefox

    Mozilla

  • Letter of Appreciation from verizon.com

    verizon.com

    verizon.com

  • Letter of Appreciation from buyerlink.com

    buyerlink.com

    buyerlink.com

  • AEM XSS on hyundaiusa.com

    hyundaiusa.com

    hyundaiusa.com

  • Appreciation and 1 month free subscription on roll20.net

    roll20.net

    roll20.net

  • Appreciation from cbs.nl

    cbs.nl

    cbs.nl

  • Voucher from Times Prime

    timesprime.com

    Voucher for reporting Vulnerability.

  • 1 Year Subscription Gift Card and Appreciation from JetBrains

    jetbrains.com

    jetbrains.com

  • Acknowledgement from Basf.com

    basf.com

    responsible-disclosure@basf.com

  • Acknowledgment from Team Viewer

    teamviewer.com

    teamviewer.com

  • Appreciation from Canon

    canon.com

    Canon

  • Appreciation from dlink.com

    security@dlink.com

    security@dlink.com

  • Appreciation from square-enix.com

    square-enix.com

    DPO@eu.square-enix.com

  • Hall of Fame from evri.com

    https://www.evri.com/responsible-disclosure-policy

    https://www.evri.com/responsible-disclosure-policy

  • Hall of Fame from phenom.com

    phenom.com

    cybersecurity@phenompeople.com

  • Acknowledgment from Mcafee

    mcafee.com

    https://www.mcafee.com/support/?page=shell&shell=article-view&locale=en-US&articleId=TS102504https://www.mcafee.com/support/?page=shell&shell=article-view&locale=en-US&articleId=TS102504

  • Acknowledgment from Infoblox.com

    Infoblox.com

    https://www.infoblox.com/company/legal/vulnerability-responsible-disclosure-policy/

  • Letter of Appreciation from Dutch Tax and Customs Administration,

    Dutch Tax and Customs Administration,

    Dutch Tax and Customs Administration,

  • HOF and Swag from BugXS

    Bugxs.co

    Bugxs.co

  • Swag from Dutch Judiciary

    rechtspraak.nl

    rechtspraak.nl

  • Swag from hetwaterschapshuis.nl

    cert@hetwaterschapshuis.nl

    cert@hetwaterschapshuis.nl

  • Swag from urban.io

    urban.io

    vulnerabilities@urban.io

  • Swag from Stackhawk.com

    Stackhawk.com

    Stackhawk.com

  • Thank you mail from barco.com

    barco.com

    barco.com

  • Thank you mail from deutschebahn.com

    deutschebahn.com

    deutschebahn.com

  • Thank you mail from dnanexus.com

    security@dnanexus.com

    security@dnanexus.com

  • Hall of Fame and Swag

    https://www.geocod.io/responsible-disclosure-policy/#hall-of-fame

    https://www.geocod.io/responsible-disclosure-policy/#hall-of-fame

  • Swag from Internet.nl

    internet.nl

    internet.nl

  • Thank you mail for Finding SSRF on EA Games

    https://www.ea.com/security/disclosure

    https://www.ea.com/security/disclosure

  • Appreciation mail from airbaltic.com

    airbaltic.com

    airbaltic.com

  • Apreecation from Unive.nl

    https://www.unive.nl/kwetsbaarheid-melden

    https://www.unive.nl/kwetsbaarheid-melden

  • Letter of Appreciation from Weaveworks

    Weaveworks

    Weave.works

  • Bosch Hall of Fame

    Bosch

    https://psirt.bosch.com/hall-of-fame/websites-hall-of-fame.html

  • Hall of Fame and Letter of Appreciation from DSPH

    dsph.org

  • Hall of Fame from Telefónica Germany

    https://bugcrowd.com/telefonicavdp

    https://bugcrowd.com/telefonicavdp

  • Spotlight Award

    FIS

    This is provided by FIS RISC Team to the team member whom they believe contributed the most to their success Journey.
    I was organized, efficient and Iworked hard on the right things,

  • Reward and Swag from Zerocopter

    Zerocopter

    Zerocopter.com

  • Hall of Fame fromm Rackspace.com

    https://www.rackspace.com/information/legal/rsdp

    https://www.rackspace.com/information/legal/rsdp

  • Letter of Appreciation from Takealot

    https://www.takealot.com/help/responsible-disclosure-policy

    https://www.takealot.com/help/responsible-disclosure-policy

  • Swag from Dutch Government

    https://www.government.nl/topics/cybercrime/fighting-cybercrime-in-the-netherlands/responsible-disclosure

    Reflected XSS

  • Swag from MongoDB

    Mongodb

    www.mongodb.com

  • Swag from MongoDB

    https://www.mongodb.com/security

    https://www.mongodb.com/security

  • Acknowledgement Mail from Audi Marin

    https://www.audimarin.com/responsible-disclosure.htm

    https://www.audimarin.com/responsible-disclosure.htm

  • Acknowledgement Mail from Red-Gate

    https://www.red-gate.com/support/security

    https://www.red-gate.com/support/security

  • Hall of Fame Citi Bank(Bugcrowd)

    Citi Bank

  • Hall of Fame from Knaw.nl

    https://www.knaw.nl/en/topnavigatie/contact/responsible-disclosure-2013-hall-of-fame

    https://www.knaw.nl/en/topnavigatie/contact/responsible-disclosure-2013-hall-of-fame

  • Hall of Fame from Proofpoint

    https://www.proofpoint.com/security

    https://www.proofpoint.com/security

  • Hall of Fame from Thumbtack.com

    https://help.thumbtack.com/article/responsible-disclosure-policy

    https://help.thumbtack.com/article/responsible-disclosure-policy

  • Hall of Fame from VIce.com

    https://www.vice.com/en/page/vice-responsible-disclosure-policy

    https://www.vice.com/en/page/vice-responsible-disclosure-policy

  • Hall of fame from Cysco.com

    https://cyso.com/en/about/legal/cyso-wall-of-fame/

    https://cyso.com/en/about/legal/cyso-wall-of-fame/

  • Thank you mail from Apache.org

    https://www.apache.org/security/

    Found XSS

  • Thank you mail from Apache.org

    https://www.apache.org/security/

    Found XSS

  • Thank you mail from remote.com

    remote.com

    Found information Disclosure (log details leaked through endpoints)

  • Acknowledgement Mail from ebanx.com

    ebanx.com

    ebanx.com

  • Hall of Fame from Drupal.org

    https://www.drupal.org/drupalorg/docs/build/drupalorg-bug-bounty-program#s-thank-you-for-reporting-drupalorg-issues

    https://www.drupal.org/drupalorg/docs/build/drupalorg-bug-bounty-program#s-thank-you-for-reporting-drupalorg-issues

  • Hall of Fame from easysoftwaredeployment.nl

    easysoftwaredeployment.nl

    easysoftwaredeployment.nl

  • Reward from Centralbank.net

    centralbank.net

    centralbank.net

  • Reward from Platform161.com

    Platform161.com

    Rewarded Twice

  • Acknowledgement Mail from Safesend

    http://www.safesend.com/

    http://www.safesend.com/

  • Acknowledgement Mail from Drupal.org

    https://lists.drupal.org/mailman/listinfo/security

    https://lists.drupal.org/mailman/listinfo/security

  • Acknowledgement Mail from Redislab.com

    redislabs.com

    redislabs.com

  • Acknowlegment Mail from Zetetic.net

    https://www.zetetic.net/security/

    https://www.zetetic.net/security/

  • Appreciation Mail from York.gov.uk

    https://www.york.gov.uk/security

    https://www.york.gov.uk/security

  • Hall of Fame from Redhat.com

    https://access.redhat.com/articles/66234

    https://access.redhat.com/articles/66234

  • Hall of Fame from Wartsilla

    https://www.wartsila.com/contact/report-vulnerability/hall-of-thanks

    https://www.wartsila.com/contact/report-vulnerability/hall-of-thanks

  • Hall of Fame from Yesware.com

    https://www.yesware.com/security/

    https://www.yesware.com/security/

  • Valid Bug for Adobe

    Hackerone

    https://www.adobe.com/trust/security.html

  • Acknowledge Mail from thethingsnetwork.org

    https://www.thethingsnetwork.org/responsible-disclosure

    https://www.thethingsnetwork.org/responsible-disclosure

  • Acknowledgement Mail from Cisco

    Cisco

    Cisco.com

  • Acknowledgement Mail from Dentsu

    Denstu.com

    https://www.dentsu.com/policies/responsible-disclosure-policy

  • Acknowledgement Mail from Synaptics

    Synaptics

    https://www.displaylink.com/contact/security

  • Acknowledgement Mail from thethingsindustries.com

    thethingsindustries.com

    thethingsindustries.com

  • Acknowledgement mail from ebanx.com

    ebanx.com

    ebanx.com

  • Acknowledgemnt Certificate from Avast

    Avast

    https://www.avast.com/security

  • Acknowledgment Mail for Reporting 3 Security Issue from NASA

    https://www.nasa.gov/vulnerability-disclosure-policy/

    https://www.nasa.gov/vulnerability-disclosure-policy/

  • Appreciation Letter and Hall of Fame from Conclusion.nl

    Conclusion.nl

    https://www.conclusion.nl/kleine-lettertjes/responsible-disclosure

  • Appreciation Mail and Acknowledgement Letter from RU.nl

    ru.nl

    https://www.ru.nl/publish/pages/894333/responsible_disclosure.pdf

  • Appreciation Mail from Flightradar24.com

    Flightradar24.com

    Flightradar24.com

  • Appreciation Mail from Flightradar24

    Flightradar24

    Flightradar24

  • Appreciation Mail from Marklogic

    https://www.marklogic.com/security-reporting/

    https://www.marklogic.com/security-reporting/

  • Hall of Fame from Blackberry

    Blackberry

    https://www.blackberry.com/us/en/services/blackberry-incident-response-team

  • Hall of Fame from Forward.de

    Forward.de

    https://www.burda-forward.de/en/security/

  • Hall of Fame from GeHeathCare

    https://www.gehealthcare.com/security/cvd/thanks

    https://www.gehealthcare.com/security/cvd/thanks

  • Hall of Fame from Honeywell

    https://www.honeywell.com/us/en/product-security

    https://www.honeywell.com/us/en/product-security

  • Hall of Fame from Hostbill

    https://hostbillapp.com/responsible-disclosure

    https://hostbillapp.com/responsible-disclosure

  • Hall of Fame from Meredith(Hackerone)

    Hackerone

    Private Hackerone Program

  • Hall of Fame from Pusher

    Pusher

    https://pusher.com/security

  • Hall of Fame from Sap

    https://wiki.scn.sap.com/wiki/display/PSR/Acknowledgments+to+Security+Researchers#:~:text=Acknowledgments%20to%20Security%20Researchers&text=The%20SAP%20Product%20Security%20Response,'%20and%20partners'%20SAP%20systems.

    https://wiki.scn.sap.com/wiki/display/PSR/Acknowledgments+to+Security+Researchers#:~:text=Acknowledgments%20to%20Security%20Researchers&text=The%20SAP%20Product%20Security%20Response,'%20and%20partners'%20SAP%20systems.

  • Hall of Fame from Stkkr.nl

    https://stkkr.nl/responsible-disclosure/hall-of-fame/

    https://stkkr.nl/responsible-disclosure/hall-of-fame/

  • Hall of Fame from UU.nl

    https://www.uu.nl/en/organisation/information-and-technology-services-its/hall-of-fame-responsible-disclosure

    https://www.uu.nl/en/organisation/information-and-technology-services-its/hall-of-fame-responsible-disclosure

  • Hall of fame from Osisoft

    Osisoft

    https://pisquare.osisoft.com/s/Blog-Detail/a8r1I000000GvYlQAK/hall-of-thanks

  • Hall of fame from wur.nl

    https://www.wur.nl/en/Value-Creation-Cooperation/Information-security.htm

    https://www.wur.nl/en/Value-Creation-Cooperation/Information-security.htm

  • Reward from Leaseweb

    leaseweb.com

    www.leaseweb.com

  • Reward from ZTE.com

    ZTE.com

    ZTE.com

  • Acknowledgement from icsi.co.uk

    icsi.co.uk

    icsi.co.uk

  • Acknowledgment Mails from NCIIPC (100)

    https://nciipc.gov.in/RVDP.html

    https://nciipc.gov.in/RVDP.html

  • Hall of Fame by Lumc.nl

    https://www.lumc.nl/1374429

    https://www.lumc.nl/1374429

  • Hall of Fame from Apnic

    Apnic.Net

    https://www.apnic.net/community/security/apnic-vulnerability-reporting-program/

    Reported 2 security issues

  • Hall of Fame from Resmed

    Resmed.com

    https://www.resmed.com/en-us/security/

  • Hall of Fame from bournemouth.ac.uk

    bournemouth.ac.uk

    https://cert.bournemouth.ac.uk/hall-of-fame/

  • Hall of fame from Rollbar

    https://docs.rollbar.com/docs/responsible-disclosure-policy#contributors

    https://docs.rollbar.com/docs/responsible-disclosure-policy#contributors

  • Acknowledge Letter from Huawei

    Huawei

    Letter of Appreciation for reporting 3 bugs ethically

  • Acknowledge Mail from Vodafone

    Vodafone

    Reported 4 Valid Bugs

  • Appreciate and Reward from Nike

    Nike

    Appreciation and Reward

  • Appreciate from Korewirless

    https://www.korewireless.com/responsible-disclosure-policy

    They don't have any bug bounty program. But they appreciate the hard work.

  • Appreciation from Acer

    Acer.com

    Appreciation for Reporting bugs and making their site more secure.

  • Appreciation from NXP

    www.nxp.com

    Offered Appreciation and Gratitude

  • Hall Of Fame Google

    Google

    https://www.google.com/about/appsecurity/hall-of-fame/archive/

  • Hall Of Fame from FineFriends.social

    FineFriends.social

    https://finefriends.social/security/hof

  • Hall of Fame Asus

    Asus

    Hall of Fame on Asus

  • Hall of Fame Broadcom

    https://www.broadcom.com

    https://www.broadcom.com/support/security-center/security-thanks

  • Hall of Fame Knb.nl

    Knb.nl

    https://www.knb.nl/responsible-disclosure-hall-of-fame

  • Hall of Fame Philips

    Philips

    Hall of Fame for reporting 5 bugs ethically.
    https://www.philips.com/a-w/security/coordinated-vulnerability-disclosure/hall-of-honors.html

  • Hall of Fame Springer Nature 

    Springer Nature 

    https://www.springernature.com/gp/info/disclosure

  • Hall of Fame T-Mobile.com

    T-mobile,com

    https://www.telekom.com/en/corporate-responsibility/data-protection-data-security/security/details/acknowledgements-358300

  • Hall of Fame T-Mobile.cz

    T-Mobile.cz

    https://www.t-mobile.cz/bug-bounty/zed-slavy/

    reported 4 valid bugs

  • Hall of Fame from Inflectra.com

    inflectra.com

    https://www.inflectra.com/Company/Responsible-Disclosure.aspx

  • Hall of Fame from United Nation

    United Nation(U.N)

    https://unite.un.org/content/hall-fame
    Name Added twice

  • Hall of Fame from Veriff

    Veriff

    Hall of Fame from Veriff.com

  • Hall of fame from T-Mobile.sk

    T-Mobile.sk

    https://www.telekom.sk/wiki/ostatne/program-bug-bounty

  • Letter of Appreciation from HTC

    HTC

    Letter of Appreciation for submitting 2 bugs ethically.

  • Letter of Recognition NS1.com

    NS1.com

    Letter of Appreciation and Swag

  • Reward from Abnamro

    Abnamro.nl

    Rewarded for reporting bugs on their website ethically.

  • Reward from Channable.com

    channable.com

    Reward from channable.com

  • Reward from LeaseWeb

    Leaseweb

    Rewarded in €€€ for reporting security issue on LeaseWeb ethically.

  • Reward from Sociality.io

    Sociality.io

    Reward from Sociality.io

  • Appreciation from Gasunie

    -

    Letter of Appreciation from gasunie.nl for reporting 2 severe bugs ethically on their website twice.

  • Hall of Fame from Flipkart

    Flipkart

    Hall of Fame from Flipkart

  • Letter of Appreciation Channable

    Channable Security Team

    Letter of Appreciation and bounty for reporting a bug in their website Ethically.

  • Acknowledgement Mail from Daimler

    Daimler

    https://www.daimler.com/whitehat/

  • Acknowledgement Mail from fendi.com

    https://www.fendi.com/us/info/legal-area/responsible-disclosure-policy

  • Acknowledgement from iex.ec

    infra@iex.ec

    infra@iex.ec

  • Appreciation Letter from Rowan University

    https://support.rowan.edu/sp?id=kb_article_view&sys_kb_id=4ba47ee4dbda6700c262fbec0f96199b#:~:text=Where%20do%20I%20report%20security,edu%20and%20click%20Get%20Help.

    https://support.rowan.edu/sp?id=kb_article_view&sys_kb_id=4ba47ee4dbda6700c262fbec0f96199b#:~:text=Where%20do%20I%20report%20security,edu%20and%20click%20Get%20Help.

  • Hall of Fame from Medal TV

    Medal TV

    https://megacool.medal.tv/security

  • Hall of Fame from Powerassist.nl

    https://www.powerassist.nl/security-hall-of-fame

    Hall of Fame fron Powerassist.nl

  • Hall of Fame from Stedin.net

    Stedin.net

    https://www.stedin.net/responsible-disclosure/gemelde-en-opgeloste-kwetsbaarheden

  • Hall of Fame from Trendmicro

    https://success.trendmicro.com/vulnerability-response

    https://success.trendmicro.com/vulnerability-response

  • Hall of Fame from edas.info

    https://edas.info/doc/disclosure.html

    https://edas.info/doc/disclosure.html

  • Hall of Fame from fountain.com

    https://www.fountain.com/security

    https://www.fountain.com/security

  • Hall of Fame from mmc.nl

    https://mmc.nl

    Hall of Fame from https://mmc.nl

  • Reward from Redwolf

    Redwolf.in

    Redwolf.in

  • Swag from Centr.org

    Centr.org

    centr.org

  • Thank you mail from Leiden.nl

    https://gemeente.leiden.nl/responsible-disclosure/

    https://gemeente.leiden.nl/responsible-disclosure/

Recommendations received

More activity by Harinder

View Harinder’s full profile

  • See who you know in common
  • Get introduced
  • Contact Harinder directly
Join to view full profile

Other similar profiles

Explore collaborative articles

We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.

Explore More

Others named Harinder S.

Add new skills with these courses