-
Type:
Bug
-
Status: Closed (View Workflow)
-
Priority:
Critical
-
Resolution: Fixed
-
Affects Version/s: 0.11
-
Fix Version/s: 0.11
-
Labels:
-
Environment:
FF, Opera, Chrome, Safari
Steps for release bug.
1. login -> profile page
2. open page "edit profile"
3. in the field "Location" - write "<script>alert('xss')</script>"
4. click "save changes"
5. go to forum -> sample section -> The second branch
6. open page "New topic"
7. create New topic( Field "Topic" fills "New topic all about"; Message - "fdsssda" )
8. open topic "New topic all about"
Actual Result: Dialog Box appears with button "OK" and message "xss"
Expected Result: Topic creates without users script.
