- Summary of the issue (title of the post)
It is an cross site scripting bug (XSS).
- Overview of the bug (description):
By entering a malicious code, an attacker can gain informations about someone's account.
- Steps to reproduce:
1. You need a tribe;
2. Go to the tribe's General forum and use the search's 'Settings' button
3. Now in the search field type
4. After the search finishes, click on Refine search and after you get back to the page you should get an alert now.
- Reproduction rate (Every time? Sometimes?):
It works every time.
- Browser and Version:
I am using Mozzila Firefox, 34.0 (latest version)
- Visual Reference if available (Screenshot) please put them in a spoiler.:
Image 1: http://i.imgur.com/PImudCp.png
Image 2: http://i.imgur.com/q3cdqnS.png
Image 3: http://i.imgur.com/RbhxROf.jpg
- Player name and market for rewards: