You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser.
Cross Site Scripting (XSS) Report #2
- Summary of the issue (title of the post)
It is an cross site scripting bug (XSS).
- Overview of the bug (description):
By entering a malicious code, an attacker can gain informations about someone's account.
- Steps to reproduce:
1. You need a premium account.
2. Go to Reports -> Then go to Create folder.
3. In the Create folder menu, name the folder
<script>alert("XSS")</script>
and then click on create.
4. Go back to reports and open a random report.
5. You will get an XSS alert.
- Reproduction rate (Every time? Sometimes?):
Can be reproduced everytime.
- Browser and Version:
I am using Mozzila Firefox, 33.1.1 (latest version)
- Visual Reference if available (Screenshot) please put them in a spoiler.:
Image 1. http://i.imgur.com/YUPHW6z.png
Image 2. http://i.imgur.com/Ti9Oga0.png
And then, when opening a random report: http://i.imgur.com/iNSZUXa.jpg
- Player name and market for rewards:
Name: qwzky
Market: .ro