Cross Site Scripting (XSS) Report #2

[DeletedUser]

1. Summary of the issue (title of the post)
   
   It is an cross site scripting bug (XSS).
   
   
2. Overview of the bug (description):
   
   By entering a malicious code, an attacker can gain informations about someone's account.
   
3. Steps to reproduce:
   
   1. You need a premium account.
   2. Go to Reports -> Then go to Create folder.
   3. In the Create folder menu, name the folder

   <script>alert("XSS")</script>

   and then click on create.
   4. Go back to reports and open a random report.
   5. You will get an XSS alert.
   
4. Reproduction rate (Every time? Sometimes?):
   
   Can be reproduced everytime.
   
5. Browser and Version:
   
   I am using Mozzila Firefox, 33.1.1 (latest version)
   
6. Visual Reference if available (Screenshot) please put them in a spoiler.:
   
   Image 1. http://i.imgur.com/YUPHW6z.png
   Image 2. http://i.imgur.com/Ti9Oga0.png
   And then, when opening a random report: http://i.imgur.com/iNSZUXa.jpg
   
7. Player name and market for rewards:
   Name: qwzky
   Market: .ro

 

[fp0815]

Jira: 11448