Uploaded image for project: 'JCommune'
  1. JCommune
  2. JC-2289

XSS vulnerability at profile page

VotersWatchers
    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed (View Workflow)
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: backlog
    • Fix Version/s: None
    • Labels:
    • Sprint:
      3.7 Larks, 3.8 Larks

      Description

      Steps to reproduce:

      1. Open profile page of user '><script>alert()</script>' http://qa.jtalks.org/jcommune/users/11448.

      Actual result: script executes, pop-up window appears.
      Expected result: script in username isn't executed.

        Attachments

          Issue Links

            Structure

              Activity

                People

                • Assignee:
                  Maxim Максим Пеков
                  Reporter:
                  virtus80 virtus
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  4 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved:

                    Structure Helper Panel