- Summary of the issue (title of the post)
It is an cross site scripting bug (XSS).
- Overview of the bug (description):
By entering a malicious code, an attacker can gain informations about someone's account.
- Steps to reproduce:
1. You need to have a tribe;
2. Go to Tribe -> Tribal forum;
3. In the `General` forum, start a new topic, it's name does not matter;
4. In the topic content write<script>alert("XSS")</script>
5. Go back to the General forum and use the search bar and type<script>alert("XSS")</script>
- Reproduction rate (Every time? Sometimes?):
It works every time.
- Browser and Version:
I am using Mozzila Firefox, 34.0 (latest version)
- Visual Reference if available (Screenshot) please put them in a spoiler.:
Image 1: http://i.imgur.com/qIZN3W1.png
Image 2: http://i.imgur.com/bYB2Ko6.png
Image 3: http://i.imgur.com/IjQ3sMg.jpg
- Player name and market for rewards: