Cross Site Scripting (XSS) Report #5

[DeletedUser]

1. Summary of the issue (title of the post)
   
   It is an cross site scripting bug (XSS).
   
2. Overview of the bug (description):
   
   By entering a malicious code, an attacker can gain informations about someone's account.
   
3. Steps to reproduce:
   
   1. You need an Account Manager ( + a Premium account);
   2. Go to Overviews - > Account Manager;
   3. Go to the Constructions tab;
   4. Click on Manage Template;
   5. In the Template Name tab write

   <script>alert("XSS")</script>

   and click Create.
   6. An XSS alert will pop-up.
   
4. Reproduction rate (Every time? Sometimes?):
   
   Every time.
   
5. Browser and Version:
   
   Mozzila Firefox, 33.1.1 (latest version)
   
6. Visual Reference if available (Screenshot) please put them in a spoiler.:
   
   Image 1: http://i.imgur.com/SI1jHim.png
   Image 2: http://i.imgur.com/0GA8gNT.png
   Image 3: http://i.imgur.com/0aPlxIc.jpg
   
7. Player name and market for rewards:
   Player name: qwzky
   Market: .ro

 

[fp0815]

Jira: 11448