500$ From Meta by reporting a HTMLi(Accidental Bug)

A.R Maheer
2 min readAug 16, 2024

--

This is maybe the shortest article on my medium blog, this is all about a simple “HTMLi on Messenger Group (Nickname)”.

While casually looking through our community group, I unintentionally tapped on a message. Like always, Messenger revealed the names of those who had read it. One name in the ‘seen’ list stood out as it was noticeably larger than the rest. Initially, I dismissed it as a glitch. However, when I checked the nicknames in the group chat, I discovered that the name displayed in an unusually large font on the ‘seen’ list was actually written in an H1 HTML tag. It wasn’t a glitch; HTML code was being executed within the list of people who had seen the message.

I was unable to show much impact as this was only executing one way, with some restrictions, as i reported meta, they took 14 day to resolve the bug.

Thanks for reading.

--

--