Cannot reproduce: Cross Site Scripting (XSS) Report #6

qwzky

Guest
  1. Summary of the issue (title of the post)

    It is an cross site scripting bug (XSS).

  2. Overview of the bug (description):

    By entering a malicious code, an attacker can gain informations about someone's account.
  3. Steps to reproduce:

    1. You need to have a tribe;
    2. Go to Tribe -> Tribal forum;
    3. In the `General` forum, start a new topic, it's name does not matter;
    4. In the topic content write
    <script>alert("XSS")</script>
    and click on send;
    5. Go back to the General forum and use the search bar and type
    <script>alert("XSS")</script>
    6. After hitting enter, you will get a pop-up.

  4. Reproduction rate (Every time? Sometimes?):

    It works every time.
  5. Browser and Version:

    I am using Mozzila Firefox, 34.0 (latest version)
  6. Visual Reference if available (Screenshot) please put them in a spoiler.:

    Image 1: http://i.imgur.com/qIZN3W1.png
    Image 2: http://i.imgur.com/bYB2Ko6.png
    Image 3: http://i.imgur.com/IjQ3sMg.jpg
  7. Player name and market for rewards:

    Name: qwzky
    Market .ro