Cannot reproduce: Cross Site Scripting (XSS) Report #7


  1. Summary of the issue (title of the post)

    It is an cross site scripting bug (XSS).

  2. Overview of the bug (description):

    By entering a malicious code, an attacker can gain informations about someone's account.
  3. Steps to reproduce:

    1. You need a tribe;
    2. Go to the tribe's General forum and use the search's 'Settings' button
    3. Now in the search field type

    Make sure you put "> in front of the <script> tag.

    4. After the search finishes, click on Refine search and after you get back to the page you should get an alert now.
  4. Reproduction rate (Every time? Sometimes?):

    It works every time.
  5. Browser and Version:

    I am using Mozzila Firefox, 34.0 (latest version)
  6. Visual Reference if available (Screenshot) please put them in a spoiler.:

    Image 1:
    Image 2:
    Image 3:
  7. Player name and market for rewards:

    Name: qwzky
    Market .ro