Stored XSS in profile page
Medium
Vulnerability Details
Summary
There is a stored XSS vulnerability in the users profile page.
Steps:
1-Go to https://forum.acronis.com , create an user and login
2-Go to profile and edit it
3- enter javascript code in Signature field for exampe use this code in Signature : <xss onmouseover="alert(1)">test</xss>
4-send this profile to other users ,or send this profile link via email to victims.
## Impact
if someone views attacker profile the script will execute
Actions
View on HackerOneReport Stats
- Report ID: 1084183
- State: Closed
- Substate: resolved
- Upvotes: 44